diff --git a/go.mod b/go.mod index 646b4e6d..f9cba887 100644 --- a/go.mod +++ b/go.mod @@ -21,9 +21,9 @@ require ( k8s.io/klog/v2 v2.120.1 k8s.io/kubectl v0.30.1 k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 - kmodules.xyz/client-go v0.30.17 + kmodules.xyz/client-go v0.30.40 kmodules.xyz/offshoot-api v0.30.1 - kubestash.dev/apimachinery v0.13.0 + kubestash.dev/apimachinery v0.14.0 sigs.k8s.io/controller-runtime v0.18.4 sigs.k8s.io/yaml v1.4.0 ) @@ -69,7 +69,7 @@ require ( github.com/chai2010/gettext-go v1.0.2 // indirect github.com/codegangsta/inject v0.0.0-20150114235600-33e0aa1cb7c0 // indirect github.com/cpuguy83/go-md2man/v2 v2.0.3 // indirect - github.com/cyphar/filepath-securejoin v0.2.4 // indirect + github.com/cyphar/filepath-securejoin v0.3.4 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/emicklei/go-restful/v3 v3.12.0 // indirect github.com/evanphx/json-patch v5.9.0+incompatible // indirect @@ -172,6 +172,7 @@ require ( gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect k8s.io/apiextensions-apiserver v0.30.2 // indirect + k8s.io/apiserver v0.30.2 // indirect k8s.io/component-base v0.30.2 // indirect k8s.io/kube-openapi v0.0.0-20240703190633-0aa61b46e8c2 // indirect kmodules.xyz/objectstore-api v0.29.1 // indirect diff --git a/go.sum b/go.sum index 6d12ebcc..56f9ea08 100644 --- a/go.sum +++ b/go.sum @@ -124,8 +124,8 @@ github.com/cpuguy83/go-md2man/v2 v2.0.3 h1:qMCsGGgs+MAzDFyp9LpAe1Lqy/fY/qCovCm0q github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY= github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4= -github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg= -github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= +github.com/cyphar/filepath-securejoin v0.3.4 h1:VBWugsJh2ZxJmLFSM06/0qzQyiQX2Qs0ViKrUAcqdZ8= +github.com/cyphar/filepath-securejoin v0.3.4/go.mod h1:8s/MCNJREmFK0H02MF6Ihv1nakJe4L/w3WZLHNkvlYM= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= @@ -308,6 +308,8 @@ github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/cpuid/v2 v2.0.9 h1:lgaqFMSdTdQYdZ04uHyN2d/eKdOMyi2YLSvlQIBFYa4= github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= +github.com/kmodules/apiserver v0.30.2-0.20240519082755-d7b8c2d9e699 h1:BDVkSP6mWfeHbzmy6c9FPzU1ymIyizPy5m9sXYw/fFo= +github.com/kmodules/apiserver v0.30.2-0.20240519082755-d7b8c2d9e699/go.mod h1:i87ZnQ+/PGAmSbD/iEKM68bm1D5reX8fO4Ito4B01mo= github.com/kmodules/controller-runtime v0.18.4-0.20240603164526-fa88ec2314fe h1:6nl5dIci8FTzM2hxZ89ufxTXUYqLr9kSGEPPwX87ryk= github.com/kmodules/controller-runtime v0.18.4-0.20240603164526-fa88ec2314fe/go.mod h1:TVoGrfdpbA9VRFaRnKgk9P5/atA0pMwq+f+msb9M8Sg= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= @@ -791,16 +793,16 @@ k8s.io/kubectl v0.30.1 h1:sHFIRI3oP0FFZmBAVEE8ErjnTyXDPkBcvO88mH9RjuY= k8s.io/kubectl v0.30.1/go.mod h1:7j+L0Cc38RYEcx+WH3y44jRBe1Q1jxdGPKkX0h4iDq0= k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 h1:jgGTlFYnhF1PM1Ax/lAlxUPE+KfCIXHaathvJg1C3ak= k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -kmodules.xyz/client-go v0.30.17 h1:Ec22XIkAsN8Fwd001P0EzRTsfeibIFkzkZ6oYjLe5LQ= -kmodules.xyz/client-go v0.30.17/go.mod h1:CAu+JlA8RVGtj6LQHu0Q1w2mnFUajuti49c7T1AvGdM= +kmodules.xyz/client-go v0.30.40 h1:X9Ic8D19D5Gy4C5UvQWSU/kyIObULFHG0B2HHx8ZW+E= +kmodules.xyz/client-go v0.30.40/go.mod h1:CAu+JlA8RVGtj6LQHu0Q1w2mnFUajuti49c7T1AvGdM= kmodules.xyz/objectstore-api v0.29.1 h1:uUsjf8KU0w4LYowSEOnl0AbHT3hsHIu1wNLHqGe1o6s= kmodules.xyz/objectstore-api v0.29.1/go.mod h1:xG+5awH1SXYKxwN/+k1FEQvzixd5tgNqEN/1LEiB2FE= kmodules.xyz/offshoot-api v0.30.1 h1:TrulAYO+oBsXe9sZZGTmNWIuI8qD2izMpgcTSPvgAmI= kmodules.xyz/offshoot-api v0.30.1/go.mod h1:T3mpjR6fui0QzOcmQvIuANytW48fe9ytmy/1cgx6D4g= kmodules.xyz/prober v0.29.0 h1:Ex7m4F9rH7uWNNJlLgP63ROOM+nUATJkC2L5OQ7nwMg= kmodules.xyz/prober v0.29.0/go.mod h1:UtK+HKyI1lFLEKX+HFLyOCVju6TO93zv3kwGpzqmKOo= -kubestash.dev/apimachinery v0.13.0 h1:c1K5QzUR/x1Og56+oUufPq7cDX3QljPw9CQrEpVnPrI= -kubestash.dev/apimachinery v0.13.0/go.mod h1:OuO8kh4EcAerSpllIXM7JaPQfKDGsQoAm3jAt4m0a1E= +kubestash.dev/apimachinery v0.14.0 h1:mHOR7WFpev7Tar5t7z+fiteO8yg+Ej7sGWo4KggyDCY= +kubestash.dev/apimachinery v0.14.0/go.mod h1:k+My508NVx4V3UyiNMtcrk2QDO7Ex8089VERcfQgFJ0= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= diff --git a/vendor/github.com/cyphar/filepath-securejoin/CHANGELOG.md b/vendor/github.com/cyphar/filepath-securejoin/CHANGELOG.md new file mode 100644 index 00000000..04b5685a --- /dev/null +++ b/vendor/github.com/cyphar/filepath-securejoin/CHANGELOG.md @@ -0,0 +1,178 @@ +# Changelog # +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](http://keepachangelog.com/) +and this project adheres to [Semantic Versioning](http://semver.org/). + +## [Unreleased] ## + +## [0.3.4] - 2024-10-09 ## + +### Fixed ### +- Previously, some testing mocks we had resulted in us doing `import "testing"` + in non-`_test.go` code, which made some downstreams like Kubernetes unhappy. + This has been fixed. (#32) + +## [0.3.3] - 2024-09-30 ## + +### Fixed ### +- The mode and owner verification logic in `MkdirAll` has been removed. This + was originally intended to protect against some theoretical attacks but upon + further consideration these protections don't actually buy us anything and + they were causing spurious errors with more complicated filesystem setups. +- The "is the created directory empty" logic in `MkdirAll` has also been + removed. This was not causing us issues yet, but some pseudofilesystems (such + as `cgroup`) create non-empty directories and so this logic would've been + wrong for such cases. + +## [0.3.2] - 2024-09-13 ## + +### Changed ### +- Passing the `S_ISUID` or `S_ISGID` modes to `MkdirAllInRoot` will now return + an explicit error saying that those bits are ignored by `mkdirat(2)`. In the + past a different error was returned, but since the silent ignoring behaviour + is codified in the man pages a more explicit error seems apt. While silently + ignoring these bits would be the most compatible option, it could lead to + users thinking their code sets these bits when it doesn't. Programs that need + to deal with compatibility can mask the bits themselves. (#23, #25) + +### Fixed ### +- If a directory has `S_ISGID` set, then all child directories will have + `S_ISGID` set when created and a different gid will be used for any inode + created under the directory. Previously, the "expected owner and mode" + validation in `securejoin.MkdirAll` did not correctly handle this. We now + correctly handle this case. (#24, #25) + +## [0.3.1] - 2024-07-23 ## + +### Changed ### +- By allowing `Open(at)InRoot` to opt-out of the extra work done by `MkdirAll` + to do the necessary "partial lookups", `Open(at)InRoot` now does less work + for both implementations (resulting in a many-fold decrease in the number of + operations for `openat2`, and a modest improvement for non-`openat2`) and is + far more guaranteed to match the correct `openat2(RESOLVE_IN_ROOT)` + behaviour. +- We now use `readlinkat(fd, "")` where possible. For `Open(at)InRoot` this + effectively just means that we no longer risk getting spurious errors during + rename races. However, for our hardened procfs handler, this in theory should + prevent mount attacks from tricking us when doing magic-link readlinks (even + when using the unsafe host `/proc` handle). Unfortunately `Reopen` is still + potentially vulnerable to those kinds of somewhat-esoteric attacks. + + Technically this [will only work on post-2.6.39 kernels][linux-readlinkat-emptypath] + but it seems incredibly unlikely anyone is using `filepath-securejoin` on a + pre-2011 kernel. + +### Fixed ### +- Several improvements were made to the errors returned by `Open(at)InRoot` and + `MkdirAll` when dealing with invalid paths under the emulated (ie. + non-`openat2`) implementation. Previously, some paths would return the wrong + error (`ENOENT` when the last component was a non-directory), and other paths + would be returned as though they were acceptable (trailing-slash components + after a non-directory would be ignored by `Open(at)InRoot`). + + These changes were done to match `openat2`'s behaviour and purely is a + consistency fix (most users are going to be using `openat2` anyway). + +[linux-readlinkat-emptypath]: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=65cfc6722361570bfe255698d9cd4dccaf47570d + +## [0.3.0] - 2024-07-11 ## + +### Added ### +- A new set of `*os.File`-based APIs have been added. These are adapted from + [libpathrs][] and we strongly suggest using them if possible (as they provide + far more protection against attacks than `SecureJoin`): + + - `Open(at)InRoot` resolves a path inside a rootfs and returns an `*os.File` + handle to the path. Note that the handle returned is an `O_PATH` handle, + which cannot be used for reading or writing (as well as some other + operations -- [see open(2) for more details][open.2]) + + - `Reopen` takes an `O_PATH` file handle and safely re-opens it to upgrade + it to a regular handle. This can also be used with non-`O_PATH` handles, + but `O_PATH` is the most obvious application. + + - `MkdirAll` is an implementation of `os.MkdirAll` that is safe to use to + create a directory tree within a rootfs. + + As these are new APIs, they may change in the future. However, they should be + safe to start migrating to as we have extensive tests ensuring they behave + correctly and are safe against various races and other attacks. + +[libpathrs]: https://github.com/openSUSE/libpathrs +[open.2]: https://www.man7.org/linux/man-pages/man2/open.2.html + +## [0.2.5] - 2024-05-03 ## + +### Changed ### +- Some minor changes were made to how lexical components (like `..` and `.`) + are handled during path generation in `SecureJoin`. There is no behaviour + change as a result of this fix (the resulting paths are the same). + +### Fixed ### +- The error returned when we hit a symlink loop now references the correct + path. (#10) + +## [0.2.4] - 2023-09-06 ## + +### Security ### +- This release fixes a potential security issue in filepath-securejoin when + used on Windows ([GHSA-6xv5-86q9-7xr8][], which could be used to generate + paths outside of the provided rootfs in certain cases), as well as improving + the overall behaviour of filepath-securejoin when dealing with Windows paths + that contain volume names. Thanks to Paulo Gomes for discovering and fixing + these issues. + +### Fixed ### +- Switch to GitHub Actions for CI so we can test on Windows as well as Linux + and MacOS. + +[GHSA-6xv5-86q9-7xr8]: https://github.com/advisories/GHSA-6xv5-86q9-7xr8 + +## [0.2.3] - 2021-06-04 ## + +### Changed ### +- Switch to Go 1.13-style `%w` error wrapping, letting us drop the dependency + on `github.com/pkg/errors`. + +## [0.2.2] - 2018-09-05 ## + +### Changed ### +- Use `syscall.ELOOP` as the base error for symlink loops, rather than our own + (internal) error. This allows callers to more easily use `errors.Is` to check + for this case. + +## [0.2.1] - 2018-09-05 ## + +### Fixed ### +- Use our own `IsNotExist` implementation, which lets us handle `ENOTDIR` + properly within `SecureJoin`. + +## [0.2.0] - 2017-07-19 ## + +We now have 100% test coverage! + +### Added ### +- Add a `SecureJoinVFS` API that can be used for mocking (as we do in our new + tests) or for implementing custom handling of lookup operations (such as for + rootless containers, where work is necessary to access directories with weird + modes because we don't have `CAP_DAC_READ_SEARCH` or `CAP_DAC_OVERRIDE`). + +## 0.1.0 - 2017-07-19 + +This is our first release of `github.com/cyphar/filepath-securejoin`, +containing a full implementation with a coverage of 93.5% (the only missing +cases are the error cases, which are hard to mocktest at the moment). + +[Unreleased]: https://github.com/cyphar/filepath-securejoin/compare/v0.3.4...HEAD +[0.3.3]: https://github.com/cyphar/filepath-securejoin/compare/v0.3.3...v0.3.4 +[0.3.3]: https://github.com/cyphar/filepath-securejoin/compare/v0.3.2...v0.3.3 +[0.3.2]: https://github.com/cyphar/filepath-securejoin/compare/v0.3.1...v0.3.2 +[0.3.1]: https://github.com/cyphar/filepath-securejoin/compare/v0.3.0...v0.3.1 +[0.3.0]: https://github.com/cyphar/filepath-securejoin/compare/v0.2.5...v0.3.0 +[0.2.5]: https://github.com/cyphar/filepath-securejoin/compare/v0.2.4...v0.2.5 +[0.2.4]: https://github.com/cyphar/filepath-securejoin/compare/v0.2.3...v0.2.4 +[0.2.3]: https://github.com/cyphar/filepath-securejoin/compare/v0.2.2...v0.2.3 +[0.2.2]: https://github.com/cyphar/filepath-securejoin/compare/v0.2.1...v0.2.2 +[0.2.1]: https://github.com/cyphar/filepath-securejoin/compare/v0.2.0...v0.2.1 +[0.2.0]: https://github.com/cyphar/filepath-securejoin/compare/v0.1.0...v0.2.0 diff --git a/vendor/github.com/cyphar/filepath-securejoin/LICENSE b/vendor/github.com/cyphar/filepath-securejoin/LICENSE index bec842f2..cb1ab88d 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/LICENSE +++ b/vendor/github.com/cyphar/filepath-securejoin/LICENSE @@ -1,5 +1,5 @@ Copyright (C) 2014-2015 Docker Inc & Go Authors. All rights reserved. -Copyright (C) 2017 SUSE LLC. All rights reserved. +Copyright (C) 2017-2024 SUSE LLC. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are diff --git a/vendor/github.com/cyphar/filepath-securejoin/README.md b/vendor/github.com/cyphar/filepath-securejoin/README.md index 4eca0f23..eaeb53fc 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/README.md +++ b/vendor/github.com/cyphar/filepath-securejoin/README.md @@ -1,32 +1,26 @@ ## `filepath-securejoin` ## +[![Go Documentation](https://pkg.go.dev/badge/github.com/cyphar/filepath-securejoin.svg)](https://pkg.go.dev/github.com/cyphar/filepath-securejoin) [![Build Status](https://github.com/cyphar/filepath-securejoin/actions/workflows/ci.yml/badge.svg)](https://github.com/cyphar/filepath-securejoin/actions/workflows/ci.yml) -An implementation of `SecureJoin`, a [candidate for inclusion in the Go -standard library][go#20126]. The purpose of this function is to be a "secure" -alternative to `filepath.Join`, and in particular it provides certain -guarantees that are not provided by `filepath.Join`. - -> **NOTE**: This code is *only* safe if you are not at risk of other processes -> modifying path components after you've used `SecureJoin`. If it is possible -> for a malicious process to modify path components of the resolved path, then -> you will be vulnerable to some fairly trivial TOCTOU race conditions. [There -> are some Linux kernel patches I'm working on which might allow for a better -> solution.][lwn-obeneath] -> -> In addition, with a slightly modified API it might be possible to use -> `O_PATH` and verify that the opened path is actually the resolved one -- but -> I have not done that yet. I might add it in the future as a helper function -> to help users verify the path (we can't just return `/proc/self/fd/` -> because that doesn't always work transparently for all users). - -This is the function prototype: +### Old API ### -```go -func SecureJoin(root, unsafePath string) (string, error) -``` +This library was originally just an implementation of `SecureJoin` which was +[intended to be included in the Go standard library][go#20126] as a safer +`filepath.Join` that would restrict the path lookup to be inside a root +directory. + +The implementation was based on code that existed in several container +runtimes. Unfortunately, this API is **fundamentally unsafe** against attackers +that can modify path components after `SecureJoin` returns and before the +caller uses the path, allowing for some fairly trivial TOCTOU attacks. + +`SecureJoin` (and `SecureJoinVFS`) are still provided by this library to +support legacy users, but new users are strongly suggested to avoid using +`SecureJoin` and instead use the [new api](#new-api) or switch to +[libpathrs][libpathrs]. -This library **guarantees** the following: +With the above limitations in mind, this library guarantees the following: * If no error is set, the resulting string **must** be a child path of `root` and will not contain any symlink path components (they will all be @@ -47,7 +41,7 @@ This library **guarantees** the following: A (trivial) implementation of this function on GNU/Linux systems could be done with the following (note that this requires root privileges and is far more opaque than the implementation in this library, and also requires that -`readlink` is inside the `root` path): +`readlink` is inside the `root` path and is trustworthy): ```go package securejoin @@ -70,9 +64,105 @@ func SecureJoin(root, unsafePath string) (string, error) { } ``` -[lwn-obeneath]: https://lwn.net/Articles/767547/ +[libpathrs]: https://github.com/openSUSE/libpathrs [go#20126]: https://github.com/golang/go/issues/20126 +### New API ### + +While we recommend users switch to [libpathrs][libpathrs] as soon as it has a +stable release, some methods implemented by libpathrs have been ported to this +library to ease the transition. These APIs are only supported on Linux. + +These APIs are implemented such that `filepath-securejoin` will +opportunistically use certain newer kernel APIs that make these operations far +more secure. In particular: + +* All of the lookup operations will use [`openat2`][openat2.2] on new enough + kernels (Linux 5.6 or later) to restrict lookups through magic-links and + bind-mounts (for certain operations) and to make use of `RESOLVE_IN_ROOT` to + efficiently resolve symlinks within a rootfs. + +* The APIs provide hardening against a malicious `/proc` mount to either detect + or avoid being tricked by a `/proc` that is not legitimate. This is done + using [`openat2`][openat2.2] for all users, and privileged users will also be + further protected by using [`fsopen`][fsopen.2] and [`open_tree`][open_tree.2] + (Linux 5.2 or later). + +[openat2.2]: https://www.man7.org/linux/man-pages/man2/openat2.2.html +[fsopen.2]: https://github.com/brauner/man-pages-md/blob/main/fsopen.md +[open_tree.2]: https://github.com/brauner/man-pages-md/blob/main/open_tree.md + +#### `OpenInRoot` #### + +```go +func OpenInRoot(root, unsafePath string) (*os.File, error) +func OpenatInRoot(root *os.File, unsafePath string) (*os.File, error) +func Reopen(handle *os.File, flags int) (*os.File, error) +``` + +`OpenInRoot` is a much safer version of + +```go +path, err := securejoin.SecureJoin(root, unsafePath) +file, err := os.OpenFile(path, unix.O_PATH|unix.O_CLOEXEC) +``` + +that protects against various race attacks that could lead to serious security +issues, depending on the application. Note that the returned `*os.File` is an +`O_PATH` file descriptor, which is quite restricted. Callers will probably need +to use `Reopen` to get a more usable handle (this split is done to provide +useful features like PTY spawning and to avoid users accidentally opening bad +inodes that could cause a DoS). + +Callers need to be careful in how they use the returned `*os.File`. Usually it +is only safe to operate on the handle directly, and it is very easy to create a +security issue. [libpathrs][libpathrs] provides far more helpers to make using +these handles safer -- there is currently no plan to port them to +`filepath-securejoin`. + +`OpenatInRoot` is like `OpenInRoot` except that the root is provided using an +`*os.File`. This allows you to ensure that multiple `OpenatInRoot` (or +`MkdirAllHandle`) calls are operating on the same rootfs. + +> **NOTE**: Unlike `SecureJoin`, `OpenInRoot` will error out as soon as it hits +> a dangling symlink or non-existent path. This is in contrast to `SecureJoin` +> which treated non-existent components as though they were real directories, +> and would allow for partial resolution of dangling symlinks. These behaviours +> are at odds with how Linux treats non-existent paths and dangling symlinks, +> and so these are no longer allowed. + +#### `MkdirAll` #### + +```go +func MkdirAll(root, unsafePath string, mode int) error +func MkdirAllHandle(root *os.File, unsafePath string, mode int) (*os.File, error) +``` + +`MkdirAll` is a much safer version of + +```go +path, err := securejoin.SecureJoin(root, unsafePath) +err = os.MkdirAll(path, mode) +``` + +that protects against the same kinds of races that `OpenInRoot` protects +against. + +`MkdirAllHandle` is like `MkdirAll` except that the root is provided using an +`*os.File` (the reason for this is the same as with `OpenatInRoot`) and an +`*os.File` of the final created directory is returned (this directory is +guaranteed to be effectively identical to the directory created by +`MkdirAllHandle`, which is not possible to ensure by just using `OpenatInRoot` +after `MkdirAll`). + +> **NOTE**: Unlike `SecureJoin`, `MkdirAll` will error out as soon as it hits +> a dangling symlink or non-existent path. This is in contrast to `SecureJoin` +> which treated non-existent components as though they were real directories, +> and would allow for partial resolution of dangling symlinks. These behaviours +> are at odds with how Linux treats non-existent paths and dangling symlinks, +> and so these are no longer allowed. This means that `MkdirAll` will not +> create non-existent directories referenced by a dangling symlink. + ### License ### The license of this project is the same as Go, which is a BSD 3-clause license diff --git a/vendor/github.com/cyphar/filepath-securejoin/VERSION b/vendor/github.com/cyphar/filepath-securejoin/VERSION index abd41058..42045aca 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/VERSION +++ b/vendor/github.com/cyphar/filepath-securejoin/VERSION @@ -1 +1 @@ -0.2.4 +0.3.4 diff --git a/vendor/github.com/cyphar/filepath-securejoin/doc.go b/vendor/github.com/cyphar/filepath-securejoin/doc.go new file mode 100644 index 00000000..1ec7d065 --- /dev/null +++ b/vendor/github.com/cyphar/filepath-securejoin/doc.go @@ -0,0 +1,39 @@ +// Copyright (C) 2014-2015 Docker Inc & Go Authors. All rights reserved. +// Copyright (C) 2017-2024 SUSE LLC. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// Package securejoin implements a set of helpers to make it easier to write Go +// code that is safe against symlink-related escape attacks. The primary idea +// is to let you resolve a path within a rootfs directory as if the rootfs was +// a chroot. +// +// securejoin has two APIs, a "legacy" API and a "modern" API. +// +// The legacy API is [SecureJoin] and [SecureJoinVFS]. These methods are +// **not** safe against race conditions where an attacker changes the +// filesystem after (or during) the [SecureJoin] operation. +// +// The new API is made up of [OpenInRoot] and [MkdirAll] (and derived +// functions). These are safe against racing attackers and have several other +// protections that are not provided by the legacy API. There are many more +// operations that most programs expect to be able to do safely, but we do not +// provide explicit support for them because we want to encourage users to +// switch to [libpathrs](https://github.com/openSUSE/libpathrs) which is a +// cross-language next-generation library that is entirely designed around +// operating on paths safely. +// +// securejoin has been used by several container runtimes (Docker, runc, +// Kubernetes, etc) for quite a few years as a de-facto standard for operating +// on container filesystem paths "safely". However, most users still use the +// legacy API which is unsafe against various attacks (there is a fairly long +// history of CVEs in dependent as a result). Users should switch to the modern +// API as soon as possible (or even better, switch to libpathrs). +// +// This project was initially intended to be included in the Go standard +// library, but [it was rejected](https://go.dev/issue/20126). There is now a +// [new Go proposal](https://go.dev/issue/67002) for a safe path resolution API +// that shares some of the goals of filepath-securejoin. However, that design +// is intended to work like `openat2(RESOLVE_BENEATH)` which does not fit the +// usecase of container runtimes and most system tools. +package securejoin diff --git a/vendor/github.com/cyphar/filepath-securejoin/join.go b/vendor/github.com/cyphar/filepath-securejoin/join.go index aa32b85f..e0ee3f2b 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/join.go +++ b/vendor/github.com/cyphar/filepath-securejoin/join.go @@ -1,17 +1,11 @@ // Copyright (C) 2014-2015 Docker Inc & Go Authors. All rights reserved. -// Copyright (C) 2017 SUSE LLC. All rights reserved. +// Copyright (C) 2017-2024 SUSE LLC. All rights reserved. // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -// Package securejoin is an implementation of the hopefully-soon-to-be-included -// SecureJoin helper that is meant to be part of the "path/filepath" package. -// The purpose of this project is to provide a PoC implementation to make the -// SecureJoin proposal (https://github.com/golang/go/issues/20126) more -// tangible. package securejoin import ( - "bytes" "errors" "os" "path/filepath" @@ -19,26 +13,34 @@ import ( "syscall" ) +const maxSymlinkLimit = 255 + // IsNotExist tells you if err is an error that implies that either the path // accessed does not exist (or path components don't exist). This is -// effectively a more broad version of os.IsNotExist. +// effectively a more broad version of [os.IsNotExist]. func IsNotExist(err error) bool { // Check that it's not actually an ENOTDIR, which in some cases is a more // convoluted case of ENOENT (usually involving weird paths). return errors.Is(err, os.ErrNotExist) || errors.Is(err, syscall.ENOTDIR) || errors.Is(err, syscall.ENOENT) } -// SecureJoinVFS joins the two given path components (similar to Join) except +// SecureJoinVFS joins the two given path components (similar to [filepath.Join]) except // that the returned path is guaranteed to be scoped inside the provided root // path (when evaluated). Any symbolic links in the path are evaluated with the // given root treated as the root of the filesystem, similar to a chroot. The -// filesystem state is evaluated through the given VFS interface (if nil, the -// standard os.* family of functions are used). +// filesystem state is evaluated through the given [VFS] interface (if nil, the +// standard [os].* family of functions are used). // // Note that the guarantees provided by this function only apply if the path // components in the returned string are not modified (in other words are not // replaced with symlinks on the filesystem) after this function has returned. -// Such a symlink race is necessarily out-of-scope of SecureJoin. +// Such a symlink race is necessarily out-of-scope of SecureJoinVFS. +// +// NOTE: Due to the above limitation, Linux users are strongly encouraged to +// use [OpenInRoot] instead, which does safely protect against these kinds of +// attacks. There is no way to solve this problem with SecureJoinVFS because +// the API is fundamentally wrong (you cannot return a "safe" path string and +// guarantee it won't be modified afterwards). // // Volume names in unsafePath are always discarded, regardless if they are // provided via direct input or when evaluating symlinks. Therefore: @@ -51,75 +53,73 @@ func SecureJoinVFS(root, unsafePath string, vfs VFS) (string, error) { } unsafePath = filepath.FromSlash(unsafePath) - var path bytes.Buffer - n := 0 - for unsafePath != "" { - if n > 255 { - return "", &os.PathError{Op: "SecureJoin", Path: root + string(filepath.Separator) + unsafePath, Err: syscall.ELOOP} + var ( + currentPath string + remainingPath = unsafePath + linksWalked int + ) + for remainingPath != "" { + if v := filepath.VolumeName(remainingPath); v != "" { + remainingPath = remainingPath[len(v):] } - if v := filepath.VolumeName(unsafePath); v != "" { - unsafePath = unsafePath[len(v):] - } - - // Next path component, p. - i := strings.IndexRune(unsafePath, filepath.Separator) - var p string - if i == -1 { - p, unsafePath = unsafePath, "" + // Get the next path component. + var part string + if i := strings.IndexRune(remainingPath, filepath.Separator); i == -1 { + part, remainingPath = remainingPath, "" } else { - p, unsafePath = unsafePath[:i], unsafePath[i+1:] + part, remainingPath = remainingPath[:i], remainingPath[i+1:] } - // Create a cleaned path, using the lexical semantics of /../a, to - // create a "scoped" path component which can safely be joined to fullP - // for evaluation. At this point, path.String() doesn't contain any - // symlink components. - cleanP := filepath.Clean(string(filepath.Separator) + path.String() + p) - if cleanP == string(filepath.Separator) { - path.Reset() + // Apply the component lexically to the path we are building. + // currentPath does not contain any symlinks, and we are lexically + // dealing with a single component, so it's okay to do a filepath.Clean + // here. + nextPath := filepath.Join(string(filepath.Separator), currentPath, part) + if nextPath == string(filepath.Separator) { + currentPath = "" continue } - fullP := filepath.Clean(root + cleanP) + fullPath := root + string(filepath.Separator) + nextPath // Figure out whether the path is a symlink. - fi, err := vfs.Lstat(fullP) + fi, err := vfs.Lstat(fullPath) if err != nil && !IsNotExist(err) { return "", err } // Treat non-existent path components the same as non-symlinks (we // can't do any better here). if IsNotExist(err) || fi.Mode()&os.ModeSymlink == 0 { - path.WriteString(p) - path.WriteRune(filepath.Separator) + currentPath = nextPath continue } - // Only increment when we actually dereference a link. - n++ + // It's a symlink, so get its contents and expand it by prepending it + // to the yet-unparsed path. + linksWalked++ + if linksWalked > maxSymlinkLimit { + return "", &os.PathError{Op: "SecureJoin", Path: root + string(filepath.Separator) + unsafePath, Err: syscall.ELOOP} + } - // It's a symlink, expand it by prepending it to the yet-unparsed path. - dest, err := vfs.Readlink(fullP) + dest, err := vfs.Readlink(fullPath) if err != nil { return "", err } + remainingPath = dest + string(filepath.Separator) + remainingPath // Absolute symlinks reset any work we've already done. if filepath.IsAbs(dest) { - path.Reset() + currentPath = "" } - unsafePath = dest + string(filepath.Separator) + unsafePath } - // We have to clean path.String() here because it may contain '..' - // components that are entirely lexical, but would be misleading otherwise. - // And finally do a final clean to ensure that root is also lexically - // clean. - fullP := filepath.Clean(string(filepath.Separator) + path.String()) - return filepath.Clean(root + fullP), nil + // There should be no lexical components like ".." left in the path here, + // but for safety clean up the path before joining it to the root. + finalPath := filepath.Join(string(filepath.Separator), currentPath) + return filepath.Join(root, finalPath), nil } -// SecureJoin is a wrapper around SecureJoinVFS that just uses the os.* library -// of functions as the VFS. If in doubt, use this function over SecureJoinVFS. +// SecureJoin is a wrapper around [SecureJoinVFS] that just uses the [os].* library +// of functions as the [VFS]. If in doubt, use this function over [SecureJoinVFS]. func SecureJoin(root, unsafePath string) (string, error) { return SecureJoinVFS(root, unsafePath, nil) } diff --git a/vendor/github.com/cyphar/filepath-securejoin/lookup_linux.go b/vendor/github.com/cyphar/filepath-securejoin/lookup_linux.go new file mode 100644 index 00000000..290befa1 --- /dev/null +++ b/vendor/github.com/cyphar/filepath-securejoin/lookup_linux.go @@ -0,0 +1,389 @@ +//go:build linux + +// Copyright (C) 2024 SUSE LLC. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package securejoin + +import ( + "errors" + "fmt" + "os" + "path" + "path/filepath" + "slices" + "strings" + + "golang.org/x/sys/unix" +) + +type symlinkStackEntry struct { + // (dir, remainingPath) is what we would've returned if the link didn't + // exist. This matches what openat2(RESOLVE_IN_ROOT) would return in + // this case. + dir *os.File + remainingPath string + // linkUnwalked is the remaining path components from the original + // Readlink which we have yet to walk. When this slice is empty, we + // drop the link from the stack. + linkUnwalked []string +} + +func (se symlinkStackEntry) String() string { + return fmt.Sprintf("<%s>/%s [->%s]", se.dir.Name(), se.remainingPath, strings.Join(se.linkUnwalked, "/")) +} + +func (se symlinkStackEntry) Close() { + _ = se.dir.Close() +} + +type symlinkStack []*symlinkStackEntry + +func (s *symlinkStack) IsEmpty() bool { + return s == nil || len(*s) == 0 +} + +func (s *symlinkStack) Close() { + if s != nil { + for _, link := range *s { + link.Close() + } + // TODO: Switch to clear once we switch to Go 1.21. + *s = nil + } +} + +var ( + errEmptyStack = errors.New("[internal] stack is empty") + errBrokenSymlinkStack = errors.New("[internal error] broken symlink stack") +) + +func (s *symlinkStack) popPart(part string) error { + if s == nil || s.IsEmpty() { + // If there is nothing in the symlink stack, then the part was from the + // real path provided by the user, and this is a no-op. + return errEmptyStack + } + if part == "." { + // "." components are no-ops -- we drop them when doing SwapLink. + return nil + } + + tailEntry := (*s)[len(*s)-1] + + // Double-check that we are popping the component we expect. + if len(tailEntry.linkUnwalked) == 0 { + return fmt.Errorf("%w: trying to pop component %q of empty stack entry %s", errBrokenSymlinkStack, part, tailEntry) + } + headPart := tailEntry.linkUnwalked[0] + if headPart != part { + return fmt.Errorf("%w: trying to pop component %q but the last stack entry is %s (%q)", errBrokenSymlinkStack, part, tailEntry, headPart) + } + + // Drop the component, but keep the entry around in case we are dealing + // with a "tail-chained" symlink. + tailEntry.linkUnwalked = tailEntry.linkUnwalked[1:] + return nil +} + +func (s *symlinkStack) PopPart(part string) error { + if err := s.popPart(part); err != nil { + if errors.Is(err, errEmptyStack) { + // Skip empty stacks. + err = nil + } + return err + } + + // Clean up any of the trailing stack entries that are empty. + for lastGood := len(*s) - 1; lastGood >= 0; lastGood-- { + entry := (*s)[lastGood] + if len(entry.linkUnwalked) > 0 { + break + } + entry.Close() + (*s) = (*s)[:lastGood] + } + return nil +} + +func (s *symlinkStack) push(dir *os.File, remainingPath, linkTarget string) error { + if s == nil { + return nil + } + // Split the link target and clean up any "" parts. + linkTargetParts := slices.DeleteFunc( + strings.Split(linkTarget, "/"), + func(part string) bool { return part == "" || part == "." }) + + // Copy the directory so the caller doesn't close our copy. + dirCopy, err := dupFile(dir) + if err != nil { + return err + } + + // Add to the stack. + *s = append(*s, &symlinkStackEntry{ + dir: dirCopy, + remainingPath: remainingPath, + linkUnwalked: linkTargetParts, + }) + return nil +} + +func (s *symlinkStack) SwapLink(linkPart string, dir *os.File, remainingPath, linkTarget string) error { + // If we are currently inside a symlink resolution, remove the symlink + // component from the last symlink entry, but don't remove the entry even + // if it's empty. If we are a "tail-chained" symlink (a trailing symlink we + // hit during a symlink resolution) we need to keep the old symlink until + // we finish the resolution. + if err := s.popPart(linkPart); err != nil { + if !errors.Is(err, errEmptyStack) { + return err + } + // Push the component regardless of whether the stack was empty. + } + return s.push(dir, remainingPath, linkTarget) +} + +func (s *symlinkStack) PopTopSymlink() (*os.File, string, bool) { + if s == nil || s.IsEmpty() { + return nil, "", false + } + tailEntry := (*s)[0] + *s = (*s)[1:] + return tailEntry.dir, tailEntry.remainingPath, true +} + +// partialLookupInRoot tries to lookup as much of the request path as possible +// within the provided root (a-la RESOLVE_IN_ROOT) and opens the final existing +// component of the requested path, returning a file handle to the final +// existing component and a string containing the remaining path components. +func partialLookupInRoot(root *os.File, unsafePath string) (*os.File, string, error) { + return lookupInRoot(root, unsafePath, true) +} + +func completeLookupInRoot(root *os.File, unsafePath string) (*os.File, error) { + handle, remainingPath, err := lookupInRoot(root, unsafePath, false) + if remainingPath != "" && err == nil { + // should never happen + err = fmt.Errorf("[bug] non-empty remaining path when doing a non-partial lookup: %q", remainingPath) + } + // lookupInRoot(partial=false) will always close the handle if an error is + // returned, so no need to double-check here. + return handle, err +} + +func lookupInRoot(root *os.File, unsafePath string, partial bool) (Handle *os.File, _ string, _ error) { + unsafePath = filepath.ToSlash(unsafePath) // noop + + // This is very similar to SecureJoin, except that we operate on the + // components using file descriptors. We then return the last component we + // managed open, along with the remaining path components not opened. + + // Try to use openat2 if possible. + if hasOpenat2() { + return lookupOpenat2(root, unsafePath, partial) + } + + // Get the "actual" root path from /proc/self/fd. This is necessary if the + // root is some magic-link like /proc/$pid/root, in which case we want to + // make sure when we do checkProcSelfFdPath that we are using the correct + // root path. + logicalRootPath, err := procSelfFdReadlink(root) + if err != nil { + return nil, "", fmt.Errorf("get real root path: %w", err) + } + + currentDir, err := dupFile(root) + if err != nil { + return nil, "", fmt.Errorf("clone root fd: %w", err) + } + defer func() { + // If a handle is not returned, close the internal handle. + if Handle == nil { + _ = currentDir.Close() + } + }() + + // symlinkStack is used to emulate how openat2(RESOLVE_IN_ROOT) treats + // dangling symlinks. If we hit a non-existent path while resolving a + // symlink, we need to return the (dir, remainingPath) that we had when we + // hit the symlink (treating the symlink as though it were a regular file). + // The set of (dir, remainingPath) sets is stored within the symlinkStack + // and we add and remove parts when we hit symlink and non-symlink + // components respectively. We need a stack because of recursive symlinks + // (symlinks that contain symlink components in their target). + // + // Note that the stack is ONLY used for book-keeping. All of the actual + // path walking logic is still based on currentPath/remainingPath and + // currentDir (as in SecureJoin). + var symStack *symlinkStack + if partial { + symStack = new(symlinkStack) + defer symStack.Close() + } + + var ( + linksWalked int + currentPath string + remainingPath = unsafePath + ) + for remainingPath != "" { + // Save the current remaining path so if the part is not real we can + // return the path including the component. + oldRemainingPath := remainingPath + + // Get the next path component. + var part string + if i := strings.IndexByte(remainingPath, '/'); i == -1 { + part, remainingPath = remainingPath, "" + } else { + part, remainingPath = remainingPath[:i], remainingPath[i+1:] + } + // If we hit an empty component, we need to treat it as though it is + // "." so that trailing "/" and "//" components on a non-directory + // correctly return the right error code. + if part == "" { + part = "." + } + + // Apply the component lexically to the path we are building. + // currentPath does not contain any symlinks, and we are lexically + // dealing with a single component, so it's okay to do a filepath.Clean + // here. + nextPath := path.Join("/", currentPath, part) + // If we logically hit the root, just clone the root rather than + // opening the part and doing all of the other checks. + if nextPath == "/" { + if err := symStack.PopPart(part); err != nil { + return nil, "", fmt.Errorf("walking into root with part %q failed: %w", part, err) + } + // Jump to root. + rootClone, err := dupFile(root) + if err != nil { + return nil, "", fmt.Errorf("clone root fd: %w", err) + } + _ = currentDir.Close() + currentDir = rootClone + currentPath = nextPath + continue + } + + // Try to open the next component. + nextDir, err := openatFile(currentDir, part, unix.O_PATH|unix.O_NOFOLLOW|unix.O_CLOEXEC, 0) + switch { + case err == nil: + st, err := nextDir.Stat() + if err != nil { + _ = nextDir.Close() + return nil, "", fmt.Errorf("stat component %q: %w", part, err) + } + + switch st.Mode() & os.ModeType { + case os.ModeSymlink: + // readlinkat implies AT_EMPTY_PATH since Linux 2.6.39. See + // Linux commit 65cfc6722361 ("readlinkat(), fchownat() and + // fstatat() with empty relative pathnames"). + linkDest, err := readlinkatFile(nextDir, "") + // We don't need the handle anymore. + _ = nextDir.Close() + if err != nil { + return nil, "", err + } + + linksWalked++ + if linksWalked > maxSymlinkLimit { + return nil, "", &os.PathError{Op: "securejoin.lookupInRoot", Path: logicalRootPath + "/" + unsafePath, Err: unix.ELOOP} + } + + // Swap out the symlink's component for the link entry itself. + if err := symStack.SwapLink(part, currentDir, oldRemainingPath, linkDest); err != nil { + return nil, "", fmt.Errorf("walking into symlink %q failed: push symlink: %w", part, err) + } + + // Update our logical remaining path. + remainingPath = linkDest + "/" + remainingPath + // Absolute symlinks reset any work we've already done. + if path.IsAbs(linkDest) { + // Jump to root. + rootClone, err := dupFile(root) + if err != nil { + return nil, "", fmt.Errorf("clone root fd: %w", err) + } + _ = currentDir.Close() + currentDir = rootClone + currentPath = "/" + } + + default: + // If we are dealing with a directory, simply walk into it. + _ = currentDir.Close() + currentDir = nextDir + currentPath = nextPath + + // The part was real, so drop it from the symlink stack. + if err := symStack.PopPart(part); err != nil { + return nil, "", fmt.Errorf("walking into directory %q failed: %w", part, err) + } + + // If we are operating on a .., make sure we haven't escaped. + // We only have to check for ".." here because walking down + // into a regular component component cannot cause you to + // escape. This mirrors the logic in RESOLVE_IN_ROOT, except we + // have to check every ".." rather than only checking after a + // rename or mount on the system. + if part == ".." { + // Make sure the root hasn't moved. + if err := checkProcSelfFdPath(logicalRootPath, root); err != nil { + return nil, "", fmt.Errorf("root path moved during lookup: %w", err) + } + // Make sure the path is what we expect. + fullPath := logicalRootPath + nextPath + if err := checkProcSelfFdPath(fullPath, currentDir); err != nil { + return nil, "", fmt.Errorf("walking into %q had unexpected result: %w", part, err) + } + } + } + + default: + if !partial { + return nil, "", err + } + // If there are any remaining components in the symlink stack, we + // are still within a symlink resolution and thus we hit a dangling + // symlink. So pretend that the first symlink in the stack we hit + // was an ENOENT (to match openat2). + if oldDir, remainingPath, ok := symStack.PopTopSymlink(); ok { + _ = currentDir.Close() + return oldDir, remainingPath, err + } + // We have hit a final component that doesn't exist, so we have our + // partial open result. Note that we have to use the OLD remaining + // path, since the lookup failed. + return currentDir, oldRemainingPath, err + } + } + + // If the unsafePath had a trailing slash, we need to make sure we try to + // do a relative "." open so that we will correctly return an error when + // the final component is a non-directory (to match openat2). In the + // context of openat2, a trailing slash and a trailing "/." are completely + // equivalent. + if strings.HasSuffix(unsafePath, "/") { + nextDir, err := openatFile(currentDir, ".", unix.O_PATH|unix.O_NOFOLLOW|unix.O_CLOEXEC, 0) + if err != nil { + if !partial { + _ = currentDir.Close() + currentDir = nil + } + return currentDir, "", err + } + _ = currentDir.Close() + currentDir = nextDir + } + + // All of the components existed! + return currentDir, "", nil +} diff --git a/vendor/github.com/cyphar/filepath-securejoin/mkdir_linux.go b/vendor/github.com/cyphar/filepath-securejoin/mkdir_linux.go new file mode 100644 index 00000000..b5f67452 --- /dev/null +++ b/vendor/github.com/cyphar/filepath-securejoin/mkdir_linux.go @@ -0,0 +1,207 @@ +//go:build linux + +// Copyright (C) 2024 SUSE LLC. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package securejoin + +import ( + "errors" + "fmt" + "os" + "path/filepath" + "slices" + "strings" + + "golang.org/x/sys/unix" +) + +var ( + errInvalidMode = errors.New("invalid permission mode") + errPossibleAttack = errors.New("possible attack detected") +) + +// MkdirAllHandle is equivalent to [MkdirAll], except that it is safer to use +// in two respects: +// +// - The caller provides the root directory as an *[os.File] (preferably O_PATH) +// handle. This means that the caller can be sure which root directory is +// being used. Note that this can be emulated by using /proc/self/fd/... as +// the root path with [os.MkdirAll]. +// +// - Once all of the directories have been created, an *[os.File] O_PATH handle +// to the directory at unsafePath is returned to the caller. This is done in +// an effectively-race-free way (an attacker would only be able to swap the +// final directory component), which is not possible to emulate with +// [MkdirAll]. +// +// In addition, the returned handle is obtained far more efficiently than doing +// a brand new lookup of unsafePath (such as with [SecureJoin] or openat2) after +// doing [MkdirAll]. If you intend to open the directory after creating it, you +// should use MkdirAllHandle. +func MkdirAllHandle(root *os.File, unsafePath string, mode int) (_ *os.File, Err error) { + // Make sure there are no os.FileMode bits set. + if mode&^0o7777 != 0 { + return nil, fmt.Errorf("%w for mkdir 0o%.3o", errInvalidMode, mode) + } + // On Linux, mkdirat(2) (and os.Mkdir) silently ignore the suid and sgid + // bits. We could also silently ignore them but since we have very few + // users it seems more prudent to return an error so users notice that + // these bits will not be set. + if mode&^0o1777 != 0 { + return nil, fmt.Errorf("%w for mkdir 0o%.3o: suid and sgid are ignored by mkdir", errInvalidMode, mode) + } + + // Try to open as much of the path as possible. + currentDir, remainingPath, err := partialLookupInRoot(root, unsafePath) + defer func() { + if Err != nil { + _ = currentDir.Close() + } + }() + if err != nil && !errors.Is(err, unix.ENOENT) { + return nil, fmt.Errorf("find existing subpath of %q: %w", unsafePath, err) + } + + // If there is an attacker deleting directories as we walk into them, + // detect this proactively. Note this is guaranteed to detect if the + // attacker deleted any part of the tree up to currentDir. + // + // Once we walk into a dead directory, partialLookupInRoot would not be + // able to walk further down the tree (directories must be empty before + // they are deleted), and if the attacker has removed the entire tree we + // can be sure that anything that was originally inside a dead directory + // must also be deleted and thus is a dead directory in its own right. + // + // This is mostly a quality-of-life check, because mkdir will simply fail + // later if the attacker deletes the tree after this check. + if err := isDeadInode(currentDir); err != nil { + return nil, fmt.Errorf("finding existing subpath of %q: %w", unsafePath, err) + } + + // Re-open the path to match the O_DIRECTORY reopen loop later (so that we + // always return a non-O_PATH handle). We also check that we actually got a + // directory. + if reopenDir, err := Reopen(currentDir, unix.O_DIRECTORY|unix.O_CLOEXEC); errors.Is(err, unix.ENOTDIR) { + return nil, fmt.Errorf("cannot create subdirectories in %q: %w", currentDir.Name(), unix.ENOTDIR) + } else if err != nil { + return nil, fmt.Errorf("re-opening handle to %q: %w", currentDir.Name(), err) + } else { + _ = currentDir.Close() + currentDir = reopenDir + } + + remainingParts := strings.Split(remainingPath, string(filepath.Separator)) + if slices.Contains(remainingParts, "..") { + // The path contained ".." components after the end of the "real" + // components. We could try to safely resolve ".." here but that would + // add a bunch of extra logic for something that it's not clear even + // needs to be supported. So just return an error. + // + // If we do filepath.Clean(remainingPath) then we end up with the + // problem that ".." can erase a trailing dangling symlink and produce + // a path that doesn't quite match what the user asked for. + return nil, fmt.Errorf("%w: yet-to-be-created path %q contains '..' components", unix.ENOENT, remainingPath) + } + + // Make sure the mode doesn't have any type bits. + mode &^= unix.S_IFMT + + // Create the remaining components. + for _, part := range remainingParts { + switch part { + case "", ".": + // Skip over no-op paths. + continue + } + + // NOTE: mkdir(2) will not follow trailing symlinks, so we can safely + // create the final component without worrying about symlink-exchange + // attacks. + if err := unix.Mkdirat(int(currentDir.Fd()), part, uint32(mode)); err != nil { + err = &os.PathError{Op: "mkdirat", Path: currentDir.Name() + "/" + part, Err: err} + // Make the error a bit nicer if the directory is dead. + if err2 := isDeadInode(currentDir); err2 != nil { + err = fmt.Errorf("%w (%w)", err, err2) + } + return nil, err + } + + // Get a handle to the next component. O_DIRECTORY means we don't need + // to use O_PATH. + var nextDir *os.File + if hasOpenat2() { + nextDir, err = openat2File(currentDir, part, &unix.OpenHow{ + Flags: unix.O_NOFOLLOW | unix.O_DIRECTORY | unix.O_CLOEXEC, + Resolve: unix.RESOLVE_BENEATH | unix.RESOLVE_NO_SYMLINKS | unix.RESOLVE_NO_XDEV, + }) + } else { + nextDir, err = openatFile(currentDir, part, unix.O_NOFOLLOW|unix.O_DIRECTORY|unix.O_CLOEXEC, 0) + } + if err != nil { + return nil, err + } + _ = currentDir.Close() + currentDir = nextDir + + // It's possible that the directory we just opened was swapped by an + // attacker. Unfortunately there isn't much we can do to protect + // against this, and MkdirAll's behaviour is that we will reuse + // existing directories anyway so the need to protect against this is + // incredibly limited (and arguably doesn't even deserve mention here). + // + // Ideally we might want to check that the owner and mode match what we + // would've created -- unfortunately, it is non-trivial to verify that + // the owner and mode of the created directory match. While plain Unix + // DAC rules seem simple enough to emulate, there are a bunch of other + // factors that can change the mode or owner of created directories + // (default POSIX ACLs, mount options like uid=1,gid=2,umask=0 on + // filesystems like vfat, etc etc). We used to try to verify this but + // it just lead to a series of spurious errors. + // + // We could also check that the directory is non-empty, but + // unfortunately some pseduofilesystems (like cgroupfs) create + // non-empty directories, which would result in different spurious + // errors. + } + return currentDir, nil +} + +// MkdirAll is a race-safe alternative to the [os.MkdirAll] function, +// where the new directory is guaranteed to be within the root directory (if an +// attacker can move directories from inside the root to outside the root, the +// created directory tree might be outside of the root but the key constraint +// is that at no point will we walk outside of the directory tree we are +// creating). +// +// Effectively, MkdirAll(root, unsafePath, mode) is equivalent to +// +// path, _ := securejoin.SecureJoin(root, unsafePath) +// err := os.MkdirAll(path, mode) +// +// But is much safer. The above implementation is unsafe because if an attacker +// can modify the filesystem tree between [SecureJoin] and [os.MkdirAll], it is +// possible for MkdirAll to resolve unsafe symlink components and create +// directories outside of the root. +// +// If you plan to open the directory after you have created it or want to use +// an open directory handle as the root, you should use [MkdirAllHandle] instead. +// This function is a wrapper around [MkdirAllHandle]. +// +// NOTE: The mode argument must be set the unix mode bits (unix.S_I...), not +// the Go generic mode bits ([os.FileMode]...). +func MkdirAll(root, unsafePath string, mode int) error { + rootDir, err := os.OpenFile(root, unix.O_PATH|unix.O_DIRECTORY|unix.O_CLOEXEC, 0) + if err != nil { + return err + } + defer rootDir.Close() + + f, err := MkdirAllHandle(rootDir, unsafePath, mode) + if err != nil { + return err + } + _ = f.Close() + return nil +} diff --git a/vendor/github.com/cyphar/filepath-securejoin/open_linux.go b/vendor/github.com/cyphar/filepath-securejoin/open_linux.go new file mode 100644 index 00000000..230be73f --- /dev/null +++ b/vendor/github.com/cyphar/filepath-securejoin/open_linux.go @@ -0,0 +1,103 @@ +//go:build linux + +// Copyright (C) 2024 SUSE LLC. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package securejoin + +import ( + "fmt" + "os" + "strconv" + + "golang.org/x/sys/unix" +) + +// OpenatInRoot is equivalent to [OpenInRoot], except that the root is provided +// using an *[os.File] handle, to ensure that the correct root directory is used. +func OpenatInRoot(root *os.File, unsafePath string) (*os.File, error) { + handle, err := completeLookupInRoot(root, unsafePath) + if err != nil { + return nil, &os.PathError{Op: "securejoin.OpenInRoot", Path: unsafePath, Err: err} + } + return handle, nil +} + +// OpenInRoot safely opens the provided unsafePath within the root. +// Effectively, OpenInRoot(root, unsafePath) is equivalent to +// +// path, _ := securejoin.SecureJoin(root, unsafePath) +// handle, err := os.OpenFile(path, unix.O_PATH|unix.O_CLOEXEC) +// +// But is much safer. The above implementation is unsafe because if an attacker +// can modify the filesystem tree between [SecureJoin] and [os.OpenFile], it is +// possible for the returned file to be outside of the root. +// +// Note that the returned handle is an O_PATH handle, meaning that only a very +// limited set of operations will work on the handle. This is done to avoid +// accidentally opening an untrusted file that could cause issues (such as a +// disconnected TTY that could cause a DoS, or some other issue). In order to +// use the returned handle, you can "upgrade" it to a proper handle using +// [Reopen]. +func OpenInRoot(root, unsafePath string) (*os.File, error) { + rootDir, err := os.OpenFile(root, unix.O_PATH|unix.O_DIRECTORY|unix.O_CLOEXEC, 0) + if err != nil { + return nil, err + } + defer rootDir.Close() + return OpenatInRoot(rootDir, unsafePath) +} + +// Reopen takes an *[os.File] handle and re-opens it through /proc/self/fd. +// Reopen(file, flags) is effectively equivalent to +// +// fdPath := fmt.Sprintf("/proc/self/fd/%d", file.Fd()) +// os.OpenFile(fdPath, flags|unix.O_CLOEXEC) +// +// But with some extra hardenings to ensure that we are not tricked by a +// maliciously-configured /proc mount. While this attack scenario is not +// common, in container runtimes it is possible for higher-level runtimes to be +// tricked into configuring an unsafe /proc that can be used to attack file +// operations. See [CVE-2019-19921] for more details. +// +// [CVE-2019-19921]: https://github.com/advisories/GHSA-fh74-hm69-rqjw +func Reopen(handle *os.File, flags int) (*os.File, error) { + procRoot, err := getProcRoot() + if err != nil { + return nil, err + } + + // We can't operate on /proc/thread-self/fd/$n directly when doing a + // re-open, so we need to open /proc/thread-self/fd and then open a single + // final component. + procFdDir, closer, err := procThreadSelf(procRoot, "fd/") + if err != nil { + return nil, fmt.Errorf("get safe /proc/thread-self/fd handle: %w", err) + } + defer procFdDir.Close() + defer closer() + + // Try to detect if there is a mount on top of the magic-link we are about + // to open. If we are using unsafeHostProcRoot(), this could change after + // we check it (and there's nothing we can do about that) but for + // privateProcRoot() this should be guaranteed to be safe (at least since + // Linux 5.12[1], when anonymous mount namespaces were completely isolated + // from external mounts including mount propagation events). + // + // [1]: Linux commit ee2e3f50629f ("mount: fix mounting of detached mounts + // onto targets that reside on shared mounts"). + fdStr := strconv.Itoa(int(handle.Fd())) + if err := checkSymlinkOvermount(procRoot, procFdDir, fdStr); err != nil { + return nil, fmt.Errorf("check safety of /proc/thread-self/fd/%s magiclink: %w", fdStr, err) + } + + flags |= unix.O_CLOEXEC + // Rather than just wrapping openatFile, open-code it so we can copy + // handle.Name(). + reopenFd, err := unix.Openat(int(procFdDir.Fd()), fdStr, flags, 0) + if err != nil { + return nil, fmt.Errorf("reopen fd %d: %w", handle.Fd(), err) + } + return os.NewFile(uintptr(reopenFd), handle.Name()), nil +} diff --git a/vendor/github.com/cyphar/filepath-securejoin/openat2_linux.go b/vendor/github.com/cyphar/filepath-securejoin/openat2_linux.go new file mode 100644 index 00000000..ae3b381e --- /dev/null +++ b/vendor/github.com/cyphar/filepath-securejoin/openat2_linux.go @@ -0,0 +1,128 @@ +//go:build linux + +// Copyright (C) 2024 SUSE LLC. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package securejoin + +import ( + "errors" + "fmt" + "os" + "path/filepath" + "strings" + "sync" + + "golang.org/x/sys/unix" +) + +var hasOpenat2 = sync.OnceValue(func() bool { + fd, err := unix.Openat2(unix.AT_FDCWD, ".", &unix.OpenHow{ + Flags: unix.O_PATH | unix.O_CLOEXEC, + Resolve: unix.RESOLVE_NO_SYMLINKS | unix.RESOLVE_IN_ROOT, + }) + if err != nil { + return false + } + _ = unix.Close(fd) + return true +}) + +func scopedLookupShouldRetry(how *unix.OpenHow, err error) bool { + // RESOLVE_IN_ROOT (and RESOLVE_BENEATH) can return -EAGAIN if we resolve + // ".." while a mount or rename occurs anywhere on the system. This could + // happen spuriously, or as the result of an attacker trying to mess with + // us during lookup. + // + // In addition, scoped lookups have a "safety check" at the end of + // complete_walk which will return -EXDEV if the final path is not in the + // root. + return how.Resolve&(unix.RESOLVE_IN_ROOT|unix.RESOLVE_BENEATH) != 0 && + (errors.Is(err, unix.EAGAIN) || errors.Is(err, unix.EXDEV)) +} + +const scopedLookupMaxRetries = 10 + +func openat2File(dir *os.File, path string, how *unix.OpenHow) (*os.File, error) { + fullPath := dir.Name() + "/" + path + // Make sure we always set O_CLOEXEC. + how.Flags |= unix.O_CLOEXEC + var tries int + for tries < scopedLookupMaxRetries { + fd, err := unix.Openat2(int(dir.Fd()), path, how) + if err != nil { + if scopedLookupShouldRetry(how, err) { + // We retry a couple of times to avoid the spurious errors, and + // if we are being attacked then returning -EAGAIN is the best + // we can do. + tries++ + continue + } + return nil, &os.PathError{Op: "openat2", Path: fullPath, Err: err} + } + // If we are using RESOLVE_IN_ROOT, the name we generated may be wrong. + // NOTE: The procRoot code MUST NOT use RESOLVE_IN_ROOT, otherwise + // you'll get infinite recursion here. + if how.Resolve&unix.RESOLVE_IN_ROOT == unix.RESOLVE_IN_ROOT { + if actualPath, err := rawProcSelfFdReadlink(fd); err == nil { + fullPath = actualPath + } + } + return os.NewFile(uintptr(fd), fullPath), nil + } + return nil, &os.PathError{Op: "openat2", Path: fullPath, Err: errPossibleAttack} +} + +func lookupOpenat2(root *os.File, unsafePath string, partial bool) (*os.File, string, error) { + if !partial { + file, err := openat2File(root, unsafePath, &unix.OpenHow{ + Flags: unix.O_PATH | unix.O_CLOEXEC, + Resolve: unix.RESOLVE_IN_ROOT | unix.RESOLVE_NO_MAGICLINKS, + }) + return file, "", err + } + return partialLookupOpenat2(root, unsafePath) +} + +// partialLookupOpenat2 is an alternative implementation of +// partialLookupInRoot, using openat2(RESOLVE_IN_ROOT) to more safely get a +// handle to the deepest existing child of the requested path within the root. +func partialLookupOpenat2(root *os.File, unsafePath string) (*os.File, string, error) { + // TODO: Implement this as a git-bisect-like binary search. + + unsafePath = filepath.ToSlash(unsafePath) // noop + endIdx := len(unsafePath) + var lastError error + for endIdx > 0 { + subpath := unsafePath[:endIdx] + + handle, err := openat2File(root, subpath, &unix.OpenHow{ + Flags: unix.O_PATH | unix.O_CLOEXEC, + Resolve: unix.RESOLVE_IN_ROOT | unix.RESOLVE_NO_MAGICLINKS, + }) + if err == nil { + // Jump over the slash if we have a non-"" remainingPath. + if endIdx < len(unsafePath) { + endIdx += 1 + } + // We found a subpath! + return handle, unsafePath[endIdx:], lastError + } + if errors.Is(err, unix.ENOENT) || errors.Is(err, unix.ENOTDIR) { + // That path doesn't exist, let's try the next directory up. + endIdx = strings.LastIndexByte(subpath, '/') + lastError = err + continue + } + return nil, "", fmt.Errorf("open subpath: %w", err) + } + // If we couldn't open anything, the whole subpath is missing. Return a + // copy of the root fd so that the caller doesn't close this one by + // accident. + rootClone, err := dupFile(root) + if err != nil { + return nil, "", err + } + return rootClone, unsafePath, lastError +} diff --git a/vendor/github.com/cyphar/filepath-securejoin/openat_linux.go b/vendor/github.com/cyphar/filepath-securejoin/openat_linux.go new file mode 100644 index 00000000..949fb5f2 --- /dev/null +++ b/vendor/github.com/cyphar/filepath-securejoin/openat_linux.go @@ -0,0 +1,59 @@ +//go:build linux + +// Copyright (C) 2024 SUSE LLC. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package securejoin + +import ( + "os" + "path/filepath" + + "golang.org/x/sys/unix" +) + +func dupFile(f *os.File) (*os.File, error) { + fd, err := unix.FcntlInt(f.Fd(), unix.F_DUPFD_CLOEXEC, 0) + if err != nil { + return nil, os.NewSyscallError("fcntl(F_DUPFD_CLOEXEC)", err) + } + return os.NewFile(uintptr(fd), f.Name()), nil +} + +func openatFile(dir *os.File, path string, flags int, mode int) (*os.File, error) { + // Make sure we always set O_CLOEXEC. + flags |= unix.O_CLOEXEC + fd, err := unix.Openat(int(dir.Fd()), path, flags, uint32(mode)) + if err != nil { + return nil, &os.PathError{Op: "openat", Path: dir.Name() + "/" + path, Err: err} + } + // All of the paths we use with openatFile(2) are guaranteed to be + // lexically safe, so we can use path.Join here. + fullPath := filepath.Join(dir.Name(), path) + return os.NewFile(uintptr(fd), fullPath), nil +} + +func fstatatFile(dir *os.File, path string, flags int) (unix.Stat_t, error) { + var stat unix.Stat_t + if err := unix.Fstatat(int(dir.Fd()), path, &stat, flags); err != nil { + return stat, &os.PathError{Op: "fstatat", Path: dir.Name() + "/" + path, Err: err} + } + return stat, nil +} + +func readlinkatFile(dir *os.File, path string) (string, error) { + size := 4096 + for { + linkBuf := make([]byte, size) + n, err := unix.Readlinkat(int(dir.Fd()), path, linkBuf) + if err != nil { + return "", &os.PathError{Op: "readlinkat", Path: dir.Name() + "/" + path, Err: err} + } + if n != size { + return string(linkBuf[:n]), nil + } + // Possible truncation, resize the buffer. + size *= 2 + } +} diff --git a/vendor/github.com/cyphar/filepath-securejoin/procfs_linux.go b/vendor/github.com/cyphar/filepath-securejoin/procfs_linux.go new file mode 100644 index 00000000..8cc827d7 --- /dev/null +++ b/vendor/github.com/cyphar/filepath-securejoin/procfs_linux.go @@ -0,0 +1,440 @@ +//go:build linux + +// Copyright (C) 2024 SUSE LLC. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package securejoin + +import ( + "errors" + "fmt" + "os" + "runtime" + "strconv" + "sync" + + "golang.org/x/sys/unix" +) + +func fstat(f *os.File) (unix.Stat_t, error) { + var stat unix.Stat_t + if err := unix.Fstat(int(f.Fd()), &stat); err != nil { + return stat, &os.PathError{Op: "fstat", Path: f.Name(), Err: err} + } + return stat, nil +} + +func fstatfs(f *os.File) (unix.Statfs_t, error) { + var statfs unix.Statfs_t + if err := unix.Fstatfs(int(f.Fd()), &statfs); err != nil { + return statfs, &os.PathError{Op: "fstatfs", Path: f.Name(), Err: err} + } + return statfs, nil +} + +// The kernel guarantees that the root inode of a procfs mount has an +// f_type of PROC_SUPER_MAGIC and st_ino of PROC_ROOT_INO. +const ( + procSuperMagic = 0x9fa0 // PROC_SUPER_MAGIC + procRootIno = 1 // PROC_ROOT_INO +) + +func verifyProcRoot(procRoot *os.File) error { + if statfs, err := fstatfs(procRoot); err != nil { + return err + } else if statfs.Type != procSuperMagic { + return fmt.Errorf("%w: incorrect procfs root filesystem type 0x%x", errUnsafeProcfs, statfs.Type) + } + if stat, err := fstat(procRoot); err != nil { + return err + } else if stat.Ino != procRootIno { + return fmt.Errorf("%w: incorrect procfs root inode number %d", errUnsafeProcfs, stat.Ino) + } + return nil +} + +var hasNewMountApi = sync.OnceValue(func() bool { + // All of the pieces of the new mount API we use (fsopen, fsconfig, + // fsmount, open_tree) were added together in Linux 5.1[1,2], so we can + // just check for one of the syscalls and the others should also be + // available. + // + // Just try to use open_tree(2) to open a file without OPEN_TREE_CLONE. + // This is equivalent to openat(2), but tells us if open_tree is + // available (and thus all of the other basic new mount API syscalls). + // open_tree(2) is most light-weight syscall to test here. + // + // [1]: merge commit 400913252d09 + // [2]: + fd, err := unix.OpenTree(-int(unix.EBADF), "/", unix.OPEN_TREE_CLOEXEC) + if err != nil { + return false + } + _ = unix.Close(fd) + return true +}) + +func fsopen(fsName string, flags int) (*os.File, error) { + // Make sure we always set O_CLOEXEC. + flags |= unix.FSOPEN_CLOEXEC + fd, err := unix.Fsopen(fsName, flags) + if err != nil { + return nil, os.NewSyscallError("fsopen "+fsName, err) + } + return os.NewFile(uintptr(fd), "fscontext:"+fsName), nil +} + +func fsmount(ctx *os.File, flags, mountAttrs int) (*os.File, error) { + // Make sure we always set O_CLOEXEC. + flags |= unix.FSMOUNT_CLOEXEC + fd, err := unix.Fsmount(int(ctx.Fd()), flags, mountAttrs) + if err != nil { + return nil, os.NewSyscallError("fsmount "+ctx.Name(), err) + } + return os.NewFile(uintptr(fd), "fsmount:"+ctx.Name()), nil +} + +func newPrivateProcMount() (*os.File, error) { + procfsCtx, err := fsopen("proc", unix.FSOPEN_CLOEXEC) + if err != nil { + return nil, err + } + defer procfsCtx.Close() + + // Try to configure hidepid=ptraceable,subset=pid if possible, but ignore errors. + _ = unix.FsconfigSetString(int(procfsCtx.Fd()), "hidepid", "ptraceable") + _ = unix.FsconfigSetString(int(procfsCtx.Fd()), "subset", "pid") + + // Get an actual handle. + if err := unix.FsconfigCreate(int(procfsCtx.Fd())); err != nil { + return nil, os.NewSyscallError("fsconfig create procfs", err) + } + return fsmount(procfsCtx, unix.FSMOUNT_CLOEXEC, unix.MS_RDONLY|unix.MS_NODEV|unix.MS_NOEXEC|unix.MS_NOSUID) +} + +func openTree(dir *os.File, path string, flags uint) (*os.File, error) { + dirFd := -int(unix.EBADF) + dirName := "." + if dir != nil { + dirFd = int(dir.Fd()) + dirName = dir.Name() + } + // Make sure we always set O_CLOEXEC. + flags |= unix.OPEN_TREE_CLOEXEC + fd, err := unix.OpenTree(dirFd, path, flags) + if err != nil { + return nil, &os.PathError{Op: "open_tree", Path: path, Err: err} + } + return os.NewFile(uintptr(fd), dirName+"/"+path), nil +} + +func clonePrivateProcMount() (_ *os.File, Err error) { + // Try to make a clone without using AT_RECURSIVE if we can. If this works, + // we can be sure there are no over-mounts and so if the root is valid then + // we're golden. Otherwise, we have to deal with over-mounts. + procfsHandle, err := openTree(nil, "/proc", unix.OPEN_TREE_CLONE) + if err != nil || hookForcePrivateProcRootOpenTreeAtRecursive(procfsHandle) { + procfsHandle, err = openTree(nil, "/proc", unix.OPEN_TREE_CLONE|unix.AT_RECURSIVE) + } + if err != nil { + return nil, fmt.Errorf("creating a detached procfs clone: %w", err) + } + defer func() { + if Err != nil { + _ = procfsHandle.Close() + } + }() + if err := verifyProcRoot(procfsHandle); err != nil { + return nil, err + } + return procfsHandle, nil +} + +func privateProcRoot() (*os.File, error) { + if !hasNewMountApi() || hookForceGetProcRootUnsafe() { + return nil, fmt.Errorf("new mount api: %w", unix.ENOTSUP) + } + // Try to create a new procfs mount from scratch if we can. This ensures we + // can get a procfs mount even if /proc is fake (for whatever reason). + procRoot, err := newPrivateProcMount() + if err != nil || hookForcePrivateProcRootOpenTree(procRoot) { + // Try to clone /proc then... + procRoot, err = clonePrivateProcMount() + } + return procRoot, err +} + +func unsafeHostProcRoot() (_ *os.File, Err error) { + procRoot, err := os.OpenFile("/proc", unix.O_PATH|unix.O_NOFOLLOW|unix.O_DIRECTORY|unix.O_CLOEXEC, 0) + if err != nil { + return nil, err + } + defer func() { + if Err != nil { + _ = procRoot.Close() + } + }() + if err := verifyProcRoot(procRoot); err != nil { + return nil, err + } + return procRoot, nil +} + +func doGetProcRoot() (*os.File, error) { + procRoot, err := privateProcRoot() + if err != nil { + // Fall back to using a /proc handle if making a private mount failed. + // If we have openat2, at least we can avoid some kinds of over-mount + // attacks, but without openat2 there's not much we can do. + procRoot, err = unsafeHostProcRoot() + } + return procRoot, err +} + +var getProcRoot = sync.OnceValues(func() (*os.File, error) { + return doGetProcRoot() +}) + +var hasProcThreadSelf = sync.OnceValue(func() bool { + return unix.Access("/proc/thread-self/", unix.F_OK) == nil +}) + +var errUnsafeProcfs = errors.New("unsafe procfs detected") + +type procThreadSelfCloser func() + +// procThreadSelf returns a handle to /proc/thread-self/ (or an +// equivalent handle on older kernels where /proc/thread-self doesn't exist). +// Once finished with the handle, you must call the returned closer function +// (runtime.UnlockOSThread). You must not pass the returned *os.File to other +// Go threads or use the handle after calling the closer. +// +// This is similar to ProcThreadSelf from runc, but with extra hardening +// applied and using *os.File. +func procThreadSelf(procRoot *os.File, subpath string) (_ *os.File, _ procThreadSelfCloser, Err error) { + // We need to lock our thread until the caller is done with the handle + // because between getting the handle and using it we could get interrupted + // by the Go runtime and hit the case where the underlying thread is + // swapped out and the original thread is killed, resulting in + // pull-your-hair-out-hard-to-debug issues in the caller. + runtime.LockOSThread() + defer func() { + if Err != nil { + runtime.UnlockOSThread() + } + }() + + // Figure out what prefix we want to use. + threadSelf := "thread-self/" + if !hasProcThreadSelf() || hookForceProcSelfTask() { + /// Pre-3.17 kernels don't have /proc/thread-self, so do it manually. + threadSelf = "self/task/" + strconv.Itoa(unix.Gettid()) + "/" + if _, err := fstatatFile(procRoot, threadSelf, unix.AT_SYMLINK_NOFOLLOW); err != nil || hookForceProcSelf() { + // In this case, we running in a pid namespace that doesn't match + // the /proc mount we have. This can happen inside runc. + // + // Unfortunately, there is no nice way to get the correct TID to + // use here because of the age of the kernel, so we have to just + // use /proc/self and hope that it works. + threadSelf = "self/" + } + } + + // Grab the handle. + var ( + handle *os.File + err error + ) + if hasOpenat2() { + // We prefer being able to use RESOLVE_NO_XDEV if we can, to be + // absolutely sure we are operating on a clean /proc handle that + // doesn't have any cheeky overmounts that could trick us (including + // symlink mounts on top of /proc/thread-self). RESOLVE_BENEATH isn't + // strictly needed, but just use it since we have it. + // + // NOTE: /proc/self is technically a magic-link (the contents of the + // symlink are generated dynamically), but it doesn't use + // nd_jump_link() so RESOLVE_NO_MAGICLINKS allows it. + // + // NOTE: We MUST NOT use RESOLVE_IN_ROOT here, as openat2File uses + // procSelfFdReadlink to clean up the returned f.Name() if we use + // RESOLVE_IN_ROOT (which would lead to an infinite recursion). + handle, err = openat2File(procRoot, threadSelf+subpath, &unix.OpenHow{ + Flags: unix.O_PATH | unix.O_NOFOLLOW | unix.O_CLOEXEC, + Resolve: unix.RESOLVE_BENEATH | unix.RESOLVE_NO_XDEV | unix.RESOLVE_NO_MAGICLINKS, + }) + if err != nil { + return nil, nil, fmt.Errorf("%w: %w", errUnsafeProcfs, err) + } + } else { + handle, err = openatFile(procRoot, threadSelf+subpath, unix.O_PATH|unix.O_NOFOLLOW|unix.O_CLOEXEC, 0) + if err != nil { + return nil, nil, fmt.Errorf("%w: %w", errUnsafeProcfs, err) + } + defer func() { + if Err != nil { + _ = handle.Close() + } + }() + // We can't detect bind-mounts of different parts of procfs on top of + // /proc (a-la RESOLVE_NO_XDEV), but we can at least be sure that we + // aren't on the wrong filesystem here. + if statfs, err := fstatfs(handle); err != nil { + return nil, nil, err + } else if statfs.Type != procSuperMagic { + return nil, nil, fmt.Errorf("%w: incorrect /proc/self/fd filesystem type 0x%x", errUnsafeProcfs, statfs.Type) + } + } + return handle, runtime.UnlockOSThread, nil +} + +var hasStatxMountId = sync.OnceValue(func() bool { + var ( + stx unix.Statx_t + // We don't care which mount ID we get. The kernel will give us the + // unique one if it is supported. + wantStxMask uint32 = unix.STATX_MNT_ID_UNIQUE | unix.STATX_MNT_ID + ) + err := unix.Statx(-int(unix.EBADF), "/", 0, int(wantStxMask), &stx) + return err == nil && stx.Mask&wantStxMask != 0 +}) + +func getMountId(dir *os.File, path string) (uint64, error) { + // If we don't have statx(STATX_MNT_ID*) support, we can't do anything. + if !hasStatxMountId() { + return 0, nil + } + + var ( + stx unix.Statx_t + // We don't care which mount ID we get. The kernel will give us the + // unique one if it is supported. + wantStxMask uint32 = unix.STATX_MNT_ID_UNIQUE | unix.STATX_MNT_ID + ) + + err := unix.Statx(int(dir.Fd()), path, unix.AT_EMPTY_PATH|unix.AT_SYMLINK_NOFOLLOW, int(wantStxMask), &stx) + if stx.Mask&wantStxMask == 0 { + // It's not a kernel limitation, for some reason we couldn't get a + // mount ID. Assume it's some kind of attack. + err = fmt.Errorf("%w: could not get mount id", errUnsafeProcfs) + } + if err != nil { + return 0, &os.PathError{Op: "statx(STATX_MNT_ID_...)", Path: dir.Name() + "/" + path, Err: err} + } + return stx.Mnt_id, nil +} + +func checkSymlinkOvermount(procRoot *os.File, dir *os.File, path string) error { + // Get the mntId of our procfs handle. + expectedMountId, err := getMountId(procRoot, "") + if err != nil { + return err + } + // Get the mntId of the target magic-link. + gotMountId, err := getMountId(dir, path) + if err != nil { + return err + } + // As long as the directory mount is alive, even with wrapping mount IDs, + // we would expect to see a different mount ID here. (Of course, if we're + // using unsafeHostProcRoot() then an attaker could change this after we + // did this check.) + if expectedMountId != gotMountId { + return fmt.Errorf("%w: symlink %s/%s has an overmount obscuring the real link (mount ids do not match %d != %d)", errUnsafeProcfs, dir.Name(), path, expectedMountId, gotMountId) + } + return nil +} + +func doRawProcSelfFdReadlink(procRoot *os.File, fd int) (string, error) { + fdPath := fmt.Sprintf("fd/%d", fd) + procFdLink, closer, err := procThreadSelf(procRoot, fdPath) + if err != nil { + return "", fmt.Errorf("get safe /proc/thread-self/%s handle: %w", fdPath, err) + } + defer procFdLink.Close() + defer closer() + + // Try to detect if there is a mount on top of the magic-link. Since we use the handle directly + // provide to the closure. If the closure uses the handle directly, this + // should be safe in general (a mount on top of the path afterwards would + // not affect the handle itself) and will definitely be safe if we are + // using privateProcRoot() (at least since Linux 5.12[1], when anonymous + // mount namespaces were completely isolated from external mounts including + // mount propagation events). + // + // [1]: Linux commit ee2e3f50629f ("mount: fix mounting of detached mounts + // onto targets that reside on shared mounts"). + if err := checkSymlinkOvermount(procRoot, procFdLink, ""); err != nil { + return "", fmt.Errorf("check safety of /proc/thread-self/fd/%d magiclink: %w", fd, err) + } + + // readlinkat implies AT_EMPTY_PATH since Linux 2.6.39. See Linux commit + // 65cfc6722361 ("readlinkat(), fchownat() and fstatat() with empty + // relative pathnames"). + return readlinkatFile(procFdLink, "") +} + +func rawProcSelfFdReadlink(fd int) (string, error) { + procRoot, err := getProcRoot() + if err != nil { + return "", err + } + return doRawProcSelfFdReadlink(procRoot, fd) +} + +func procSelfFdReadlink(f *os.File) (string, error) { + return rawProcSelfFdReadlink(int(f.Fd())) +} + +var ( + errPossibleBreakout = errors.New("possible breakout detected") + errInvalidDirectory = errors.New("wandered into deleted directory") + errDeletedInode = errors.New("cannot verify path of deleted inode") +) + +func isDeadInode(file *os.File) error { + // If the nlink of a file drops to 0, there is an attacker deleting + // directories during our walk, which could result in weird /proc values. + // It's better to error out in this case. + stat, err := fstat(file) + if err != nil { + return fmt.Errorf("check for dead inode: %w", err) + } + if stat.Nlink == 0 { + err := errDeletedInode + if stat.Mode&unix.S_IFMT == unix.S_IFDIR { + err = errInvalidDirectory + } + return fmt.Errorf("%w %q", err, file.Name()) + } + return nil +} + +func checkProcSelfFdPath(path string, file *os.File) error { + if err := isDeadInode(file); err != nil { + return err + } + actualPath, err := procSelfFdReadlink(file) + if err != nil { + return fmt.Errorf("get path of handle: %w", err) + } + if actualPath != path { + return fmt.Errorf("%w: handle path %q doesn't match expected path %q", errPossibleBreakout, actualPath, path) + } + return nil +} + +// Test hooks used in the procfs tests to verify that the fallback logic works. +// See testing_mocks_linux_test.go and procfs_linux_test.go for more details. +var ( + hookForcePrivateProcRootOpenTree = hookDummyFile + hookForcePrivateProcRootOpenTreeAtRecursive = hookDummyFile + hookForceGetProcRootUnsafe = hookDummy + + hookForceProcSelfTask = hookDummy + hookForceProcSelf = hookDummy +) + +func hookDummy() bool { return false } +func hookDummyFile(_ *os.File) bool { return false } diff --git a/vendor/github.com/cyphar/filepath-securejoin/vfs.go b/vendor/github.com/cyphar/filepath-securejoin/vfs.go index a82a5eae..36373f8c 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/vfs.go +++ b/vendor/github.com/cyphar/filepath-securejoin/vfs.go @@ -1,4 +1,4 @@ -// Copyright (C) 2017 SUSE LLC. All rights reserved. +// Copyright (C) 2017-2024 SUSE LLC. All rights reserved. // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. @@ -10,19 +10,19 @@ import "os" // are several projects (umoci and go-mtree) that are using this sort of // interface. -// VFS is the minimal interface necessary to use SecureJoinVFS. A nil VFS is -// equivalent to using the standard os.* family of functions. This is mainly +// VFS is the minimal interface necessary to use [SecureJoinVFS]. A nil VFS is +// equivalent to using the standard [os].* family of functions. This is mainly // used for the purposes of mock testing, but also can be used to otherwise use -// SecureJoin with VFS-like system. +// [SecureJoinVFS] with VFS-like system. type VFS interface { - // Lstat returns a FileInfo describing the named file. If the file is a - // symbolic link, the returned FileInfo describes the symbolic link. Lstat - // makes no attempt to follow the link. These semantics are identical to - // os.Lstat. + // Lstat returns an [os.FileInfo] describing the named file. If the + // file is a symbolic link, the returned [os.FileInfo] describes the + // symbolic link. Lstat makes no attempt to follow the link. + // The semantics are identical to [os.Lstat]. Lstat(name string) (os.FileInfo, error) - // Readlink returns the destination of the named symbolic link. These - // semantics are identical to os.Readlink. + // Readlink returns the destination of the named symbolic link. + // The semantics are identical to [os.Readlink]. Readlink(name string) (string, error) } @@ -30,12 +30,6 @@ type VFS interface { // module. type osVFS struct{} -// Lstat returns a FileInfo describing the named file. If the file is a -// symbolic link, the returned FileInfo describes the symbolic link. Lstat -// makes no attempt to follow the link. These semantics are identical to -// os.Lstat. func (o osVFS) Lstat(name string) (os.FileInfo, error) { return os.Lstat(name) } -// Readlink returns the destination of the named symbolic link. These -// semantics are identical to os.Readlink. func (o osVFS) Readlink(name string) (string, error) { return os.Readlink(name) } diff --git a/vendor/k8s.io/apiserver/LICENSE b/vendor/k8s.io/apiserver/LICENSE new file mode 100644 index 00000000..d6456956 --- /dev/null +++ b/vendor/k8s.io/apiserver/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/vendor/k8s.io/apiserver/pkg/authentication/user/doc.go b/vendor/k8s.io/apiserver/pkg/authentication/user/doc.go new file mode 100644 index 00000000..3d87fd72 --- /dev/null +++ b/vendor/k8s.io/apiserver/pkg/authentication/user/doc.go @@ -0,0 +1,19 @@ +/* +Copyright 2014 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package user contains utilities for dealing with simple user exchange in the auth +// packages. The user.Info interface defines an interface for exchanging that info. +package user // import "k8s.io/apiserver/pkg/authentication/user" diff --git a/vendor/k8s.io/apiserver/pkg/authentication/user/user.go b/vendor/k8s.io/apiserver/pkg/authentication/user/user.go new file mode 100644 index 00000000..4d6ec098 --- /dev/null +++ b/vendor/k8s.io/apiserver/pkg/authentication/user/user.go @@ -0,0 +1,84 @@ +/* +Copyright 2014 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package user + +// Info describes a user that has been authenticated to the system. +type Info interface { + // GetName returns the name that uniquely identifies this user among all + // other active users. + GetName() string + // GetUID returns a unique value for a particular user that will change + // if the user is removed from the system and another user is added with + // the same name. + GetUID() string + // GetGroups returns the names of the groups the user is a member of + GetGroups() []string + + // GetExtra can contain any additional information that the authenticator + // thought was interesting. One example would be scopes on a token. + // Keys in this map should be namespaced to the authenticator or + // authenticator/authorizer pair making use of them. + // For instance: "example.org/foo" instead of "foo" + // This is a map[string][]string because it needs to be serializeable into + // a SubjectAccessReviewSpec.authorization.k8s.io for proper authorization + // delegation flows + // In order to faithfully round-trip through an impersonation flow, these keys + // MUST be lowercase. + GetExtra() map[string][]string +} + +// DefaultInfo provides a simple user information exchange object +// for components that implement the UserInfo interface. +type DefaultInfo struct { + Name string + UID string + Groups []string + Extra map[string][]string +} + +func (i *DefaultInfo) GetName() string { + return i.Name +} + +func (i *DefaultInfo) GetUID() string { + return i.UID +} + +func (i *DefaultInfo) GetGroups() []string { + return i.Groups +} + +func (i *DefaultInfo) GetExtra() map[string][]string { + return i.Extra +} + +// well-known user and group names +const ( + SystemPrivilegedGroup = "system:masters" + NodesGroup = "system:nodes" + MonitoringGroup = "system:monitoring" + AllUnauthenticated = "system:unauthenticated" + AllAuthenticated = "system:authenticated" + + Anonymous = "system:anonymous" + APIServerUser = "system:apiserver" + + // core kubernetes process identities + KubeProxy = "system:kube-proxy" + KubeControllerManager = "system:kube-controller-manager" + KubeScheduler = "system:kube-scheduler" +) diff --git a/vendor/kmodules.xyz/client-go/Makefile b/vendor/kmodules.xyz/client-go/Makefile index 4ff50bd7..9c7cb06c 100644 --- a/vendor/kmodules.xyz/client-go/Makefile +++ b/vendor/kmodules.xyz/client-go/Makefile @@ -56,7 +56,7 @@ OS := $(if $(GOOS),$(GOOS),$(shell go env GOOS)) ARCH := $(if $(GOARCH),$(GOARCH),$(shell go env GOARCH)) BASEIMAGE_PROD ?= gcr.io/distroless/static-debian12 -BASEIMAGE_DBG ?= debian:bookworm +BASEIMAGE_DBG ?= debian:12 GO_VERSION ?= 1.23 BUILD_IMAGE ?= ghcr.io/appscode/golang-dev:$(GO_VERSION) diff --git a/vendor/kmodules.xyz/client-go/api/v1/certificates.go b/vendor/kmodules.xyz/client-go/api/v1/certificates.go index c72d55df..a6ca4f77 100644 --- a/vendor/kmodules.xyz/client-go/api/v1/certificates.go +++ b/vendor/kmodules.xyz/client-go/api/v1/certificates.go @@ -59,6 +59,10 @@ type CertificateSpec struct { Duration *metav1.Duration `json:"duration,omitempty" protobuf:"bytes,5,opt,name=duration"` // Certificate renew before expiration duration + // + // Deprecated use `ReconfigureTLS` type OpsRequest instead. + // + // +deprecated // +optional RenewBefore *metav1.Duration `json:"renewBefore,omitempty" protobuf:"bytes,6,opt,name=renewBefore"` diff --git a/vendor/kmodules.xyz/client-go/api/v1/cluster.go b/vendor/kmodules.xyz/client-go/api/v1/cluster.go index 5977959e..c8a0a104 100644 --- a/vendor/kmodules.xyz/client-go/api/v1/cluster.go +++ b/vendor/kmodules.xyz/client-go/api/v1/cluster.go @@ -24,47 +24,72 @@ import ( "strings" ) -// +kubebuilder:validation:Enum=Aws;Azure;DigitalOcean;GoogleCloud;Linode;Packet;Scaleway;Vultr;BareMetal;KIND;Generic;Private +// +kubebuilder:validation:Enum=AKS;DigitalOcean;EKS;Exoscale;Generic;GKE;Linode;Packet;Rancher;Scaleway;Vultr type HostingProvider string const ( - HostingProviderAWS HostingProvider = "Aws" - HostingProviderAzure HostingProvider = "Azure" + HostingProviderAKS HostingProvider = "AKS" HostingProviderDigitalOcean HostingProvider = "DigitalOcean" - HostingProviderGoogleCloud HostingProvider = "GoogleCloud" + HostingProviderEKS HostingProvider = "EKS" HostingProviderExoscale HostingProvider = "Exoscale" + HostingProviderGeneric HostingProvider = "Generic" + HostingProviderGKE HostingProvider = "GKE" HostingProviderLinode HostingProvider = "Linode" + HostingProviderAkamai HostingProvider = "Akamai" HostingProviderPacket HostingProvider = "Packet" + HostingProviderRancher HostingProvider = "Rancher" HostingProviderScaleway HostingProvider = "Scaleway" HostingProviderVultr HostingProvider = "Vultr" - HostingProviderBareMetal HostingProvider = "BareMetal" - HostingProviderKIND HostingProvider = "KIND" - HostingProviderGeneric HostingProvider = "Generic" - HostingProviderPrivate HostingProvider = "Private" ) +func (h HostingProvider) ConvertToPreferredProvider() HostingProvider { + switch h { + case HostingProviderLinode: + return HostingProviderAkamai + } + return h +} + const ( AceInfoConfigMapName = "ace-info" ClusterNameKey string = "cluster.appscode.com/name" ClusterDisplayNameKey string = "cluster.appscode.com/display-name" ClusterProviderNameKey string = "cluster.appscode.com/provider" + ClusterProfileLabel string = "cluster.appscode.com/profile" + + AceOrgIDKey string = "ace.appscode.com/org-id" + ClientOrgKey string = "ace.appscode.com/client-org" + ClientKeyPrefix string = "client.ace.appscode.com/" + + ClusterClaimKeyID string = "id.k8s.io" + ClusterClaimKeyInfo string = "cluster.ace.info" + ClusterClaimKeyFeatures string = "features.ace.info" ) type ClusterMetadata struct { - UID string `json:"uid" protobuf:"bytes,1,opt,name=uid"` - Name string `json:"name,omitempty" protobuf:"bytes,2,opt,name=name"` - DisplayName string `json:"displayName,omitempty" protobuf:"bytes,3,opt,name=displayName"` - Provider HostingProvider `json:"provider,omitempty" protobuf:"bytes,4,opt,name=provider,casttype=HostingProvider"` - OwnerID string `json:"ownerID,omitempty"` - OwnerType string `json:"ownerType,omitempty"` - APIEndpoint string `json:"apiEndpoint,omitempty"` - CABundle string `json:"caBundle,omitempty"` + UID string `json:"uid" protobuf:"bytes,1,opt,name=uid"` + Name string `json:"name,omitempty" protobuf:"bytes,2,opt,name=name"` + DisplayName string `json:"displayName,omitempty" protobuf:"bytes,3,opt,name=displayName"` + Provider HostingProvider `json:"provider,omitempty" protobuf:"bytes,4,opt,name=provider,casttype=HostingProvider"` + OwnerID string `json:"ownerID,omitempty" protobuf:"bytes,5,opt,name=ownerID"` + OwnerType string `json:"ownerType,omitempty" protobuf:"bytes,6,opt,name=ownerType"` + APIEndpoint string `json:"apiEndpoint,omitempty" protobuf:"bytes,7,opt,name=apiEndpoint"` + CABundle string `json:"caBundle,omitempty" protobuf:"bytes,8,opt,name=caBundle"` + ManagerID string `json:"managerID,omitempty" protobuf:"bytes,9,opt,name=managerID"` + HubClusterID string `json:"hubClusterID,omitempty" protobuf:"bytes,10,opt,name=hubClusterID"` +} + +func (md ClusterMetadata) Manager() string { + if md.ManagerID != "" && md.ManagerID != "0" { + return md.ManagerID + } + return md.OwnerID } func (md ClusterMetadata) State() string { hasher := hmac.New(sha256.New, []byte(md.UID)) - state := fmt.Sprintf("%s,%s", md.APIEndpoint, md.OwnerID) + state := fmt.Sprintf("%s,%s", md.APIEndpoint, md.Manager()) hasher.Write([]byte(state)) return base64.URLEncoding.EncodeToString(hasher.Sum(nil)) } @@ -153,27 +178,36 @@ func (cm ClusterManager) String() string { } type CAPIClusterInfo struct { - Provider CAPIProvider `json:"provider"` - Namespace string `json:"namespace"` - ClusterName string `json:"clusterName"` + Provider CAPIProvider `json:"provider" protobuf:"bytes,1,opt,name=provider,casttype=CAPIProvider"` + Namespace string `json:"namespace" protobuf:"bytes,2,opt,name=namespace"` + ClusterName string `json:"clusterName" protobuf:"bytes,3,opt,name=clusterName"` } // ClusterInfo used in ace-installer type ClusterInfo struct { - UID string `json:"uid"` - Name string `json:"name"` - ClusterManagers []string `json:"clusterManagers"` + UID string `json:"uid" protobuf:"bytes,1,opt,name=uid"` + Name string `json:"name" protobuf:"bytes,2,opt,name=name"` + ClusterManagers []string `json:"clusterManagers" protobuf:"bytes,3,rep,name=clusterManagers"` // +optional - CAPI CAPIClusterInfo `json:"capi"` + CAPI *CAPIClusterInfo `json:"capi" protobuf:"bytes,4,opt,name=capi"` } // +kubebuilder:validation:Enum=capa;capg;capz type CAPIProvider string const ( - CAPIProviderUnknown CAPIProvider = "" - CAPIProviderCAPA CAPIProvider = "capa" - CAPIProviderCAPG CAPIProvider = "capg" - CAPIProviderCAPZ CAPIProvider = "capz" - CAPIProviderCAPH CAPIProvider = "caph" + CAPIProviderCAPA CAPIProvider = "capa" + CAPIProviderCAPG CAPIProvider = "capg" + CAPIProviderCAPZ CAPIProvider = "capz" + CAPIProviderCAPH CAPIProvider = "caph" ) + +type ClusterClaimInfo struct { + ClusterMetadata ClusterInfo `json:"clusterMetadata"` +} + +type ClusterClaimFeatures struct { + EnabledFeatures []string `json:"enabledFeatures,omitempty"` + ExternallyManagedFeatures []string `json:"externallyManagedFeatures,omitempty"` + DisabledFeatures []string `json:"disabledFeatures,omitempty"` +} diff --git a/vendor/kmodules.xyz/client-go/api/v1/generated.pb.go b/vendor/kmodules.xyz/client-go/api/v1/generated.pb.go index afb78575..f1f0d595 100644 --- a/vendor/kmodules.xyz/client-go/api/v1/generated.pb.go +++ b/vendor/kmodules.xyz/client-go/api/v1/generated.pb.go @@ -44,10 +44,38 @@ var _ = math.Inf // proto package needs to be updated. const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package +func (m *CAPIClusterInfo) Reset() { *m = CAPIClusterInfo{} } +func (*CAPIClusterInfo) ProtoMessage() {} +func (*CAPIClusterInfo) Descriptor() ([]byte, []int) { + return fileDescriptor_af8e7a11c7a1ccd9, []int{0} +} +func (m *CAPIClusterInfo) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *CAPIClusterInfo) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *CAPIClusterInfo) XXX_Merge(src proto.Message) { + xxx_messageInfo_CAPIClusterInfo.Merge(m, src) +} +func (m *CAPIClusterInfo) XXX_Size() int { + return m.Size() +} +func (m *CAPIClusterInfo) XXX_DiscardUnknown() { + xxx_messageInfo_CAPIClusterInfo.DiscardUnknown(m) +} + +var xxx_messageInfo_CAPIClusterInfo proto.InternalMessageInfo + func (m *CertificatePrivateKey) Reset() { *m = CertificatePrivateKey{} } func (*CertificatePrivateKey) ProtoMessage() {} func (*CertificatePrivateKey) Descriptor() ([]byte, []int) { - return fileDescriptor_af8e7a11c7a1ccd9, []int{0} + return fileDescriptor_af8e7a11c7a1ccd9, []int{1} } func (m *CertificatePrivateKey) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -75,7 +103,7 @@ var xxx_messageInfo_CertificatePrivateKey proto.InternalMessageInfo func (m *CertificateSpec) Reset() { *m = CertificateSpec{} } func (*CertificateSpec) ProtoMessage() {} func (*CertificateSpec) Descriptor() ([]byte, []int) { - return fileDescriptor_af8e7a11c7a1ccd9, []int{1} + return fileDescriptor_af8e7a11c7a1ccd9, []int{2} } func (m *CertificateSpec) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -100,10 +128,38 @@ func (m *CertificateSpec) XXX_DiscardUnknown() { var xxx_messageInfo_CertificateSpec proto.InternalMessageInfo +func (m *ClusterInfo) Reset() { *m = ClusterInfo{} } +func (*ClusterInfo) ProtoMessage() {} +func (*ClusterInfo) Descriptor() ([]byte, []int) { + return fileDescriptor_af8e7a11c7a1ccd9, []int{3} +} +func (m *ClusterInfo) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *ClusterInfo) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *ClusterInfo) XXX_Merge(src proto.Message) { + xxx_messageInfo_ClusterInfo.Merge(m, src) +} +func (m *ClusterInfo) XXX_Size() int { + return m.Size() +} +func (m *ClusterInfo) XXX_DiscardUnknown() { + xxx_messageInfo_ClusterInfo.DiscardUnknown(m) +} + +var xxx_messageInfo_ClusterInfo proto.InternalMessageInfo + func (m *ClusterMetadata) Reset() { *m = ClusterMetadata{} } func (*ClusterMetadata) ProtoMessage() {} func (*ClusterMetadata) Descriptor() ([]byte, []int) { - return fileDescriptor_af8e7a11c7a1ccd9, []int{2} + return fileDescriptor_af8e7a11c7a1ccd9, []int{4} } func (m *ClusterMetadata) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -131,7 +187,7 @@ var xxx_messageInfo_ClusterMetadata proto.InternalMessageInfo func (m *Condition) Reset() { *m = Condition{} } func (*Condition) ProtoMessage() {} func (*Condition) Descriptor() ([]byte, []int) { - return fileDescriptor_af8e7a11c7a1ccd9, []int{3} + return fileDescriptor_af8e7a11c7a1ccd9, []int{5} } func (m *Condition) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -159,7 +215,7 @@ var xxx_messageInfo_Condition proto.InternalMessageInfo func (m *HealthCheckSpec) Reset() { *m = HealthCheckSpec{} } func (*HealthCheckSpec) ProtoMessage() {} func (*HealthCheckSpec) Descriptor() ([]byte, []int) { - return fileDescriptor_af8e7a11c7a1ccd9, []int{4} + return fileDescriptor_af8e7a11c7a1ccd9, []int{6} } func (m *HealthCheckSpec) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -187,7 +243,7 @@ var xxx_messageInfo_HealthCheckSpec proto.InternalMessageInfo func (m *ImageInfo) Reset() { *m = ImageInfo{} } func (*ImageInfo) ProtoMessage() {} func (*ImageInfo) Descriptor() ([]byte, []int) { - return fileDescriptor_af8e7a11c7a1ccd9, []int{5} + return fileDescriptor_af8e7a11c7a1ccd9, []int{7} } func (m *ImageInfo) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -215,7 +271,7 @@ var xxx_messageInfo_ImageInfo proto.InternalMessageInfo func (m *Lineage) Reset() { *m = Lineage{} } func (*Lineage) ProtoMessage() {} func (*Lineage) Descriptor() ([]byte, []int) { - return fileDescriptor_af8e7a11c7a1ccd9, []int{6} + return fileDescriptor_af8e7a11c7a1ccd9, []int{8} } func (m *Lineage) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -243,7 +299,7 @@ var xxx_messageInfo_Lineage proto.InternalMessageInfo func (m *ObjectID) Reset() { *m = ObjectID{} } func (*ObjectID) ProtoMessage() {} func (*ObjectID) Descriptor() ([]byte, []int) { - return fileDescriptor_af8e7a11c7a1ccd9, []int{7} + return fileDescriptor_af8e7a11c7a1ccd9, []int{9} } func (m *ObjectID) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -271,7 +327,7 @@ var xxx_messageInfo_ObjectID proto.InternalMessageInfo func (m *ObjectInfo) Reset() { *m = ObjectInfo{} } func (*ObjectInfo) ProtoMessage() {} func (*ObjectInfo) Descriptor() ([]byte, []int) { - return fileDescriptor_af8e7a11c7a1ccd9, []int{8} + return fileDescriptor_af8e7a11c7a1ccd9, []int{10} } func (m *ObjectInfo) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -299,7 +355,7 @@ var xxx_messageInfo_ObjectInfo proto.InternalMessageInfo func (m *ObjectReference) Reset() { *m = ObjectReference{} } func (*ObjectReference) ProtoMessage() {} func (*ObjectReference) Descriptor() ([]byte, []int) { - return fileDescriptor_af8e7a11c7a1ccd9, []int{9} + return fileDescriptor_af8e7a11c7a1ccd9, []int{11} } func (m *ObjectReference) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -327,7 +383,7 @@ var xxx_messageInfo_ObjectReference proto.InternalMessageInfo func (m *PullCredentials) Reset() { *m = PullCredentials{} } func (*PullCredentials) ProtoMessage() {} func (*PullCredentials) Descriptor() ([]byte, []int) { - return fileDescriptor_af8e7a11c7a1ccd9, []int{10} + return fileDescriptor_af8e7a11c7a1ccd9, []int{12} } func (m *PullCredentials) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -355,7 +411,7 @@ var xxx_messageInfo_PullCredentials proto.InternalMessageInfo func (m *ReadonlyHealthCheckSpec) Reset() { *m = ReadonlyHealthCheckSpec{} } func (*ReadonlyHealthCheckSpec) ProtoMessage() {} func (*ReadonlyHealthCheckSpec) Descriptor() ([]byte, []int) { - return fileDescriptor_af8e7a11c7a1ccd9, []int{11} + return fileDescriptor_af8e7a11c7a1ccd9, []int{13} } func (m *ReadonlyHealthCheckSpec) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -383,7 +439,7 @@ var xxx_messageInfo_ReadonlyHealthCheckSpec proto.InternalMessageInfo func (m *ResourceID) Reset() { *m = ResourceID{} } func (*ResourceID) ProtoMessage() {} func (*ResourceID) Descriptor() ([]byte, []int) { - return fileDescriptor_af8e7a11c7a1ccd9, []int{12} + return fileDescriptor_af8e7a11c7a1ccd9, []int{14} } func (m *ResourceID) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -411,7 +467,7 @@ var xxx_messageInfo_ResourceID proto.InternalMessageInfo func (m *TLSConfig) Reset() { *m = TLSConfig{} } func (*TLSConfig) ProtoMessage() {} func (*TLSConfig) Descriptor() ([]byte, []int) { - return fileDescriptor_af8e7a11c7a1ccd9, []int{13} + return fileDescriptor_af8e7a11c7a1ccd9, []int{15} } func (m *TLSConfig) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -439,7 +495,7 @@ var xxx_messageInfo_TLSConfig proto.InternalMessageInfo func (m *TimeOfDay) Reset() { *m = TimeOfDay{} } func (*TimeOfDay) ProtoMessage() {} func (*TimeOfDay) Descriptor() ([]byte, []int) { - return fileDescriptor_af8e7a11c7a1ccd9, []int{14} + return fileDescriptor_af8e7a11c7a1ccd9, []int{16} } func (m *TimeOfDay) XXX_Unmarshal(b []byte) error { return xxx_messageInfo_TimeOfDay.Unmarshal(m, b) @@ -462,7 +518,7 @@ var xxx_messageInfo_TimeOfDay proto.InternalMessageInfo func (m *TypedObjectReference) Reset() { *m = TypedObjectReference{} } func (*TypedObjectReference) ProtoMessage() {} func (*TypedObjectReference) Descriptor() ([]byte, []int) { - return fileDescriptor_af8e7a11c7a1ccd9, []int{15} + return fileDescriptor_af8e7a11c7a1ccd9, []int{17} } func (m *TypedObjectReference) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -490,7 +546,7 @@ var xxx_messageInfo_TypedObjectReference proto.InternalMessageInfo func (m *X509Subject) Reset() { *m = X509Subject{} } func (*X509Subject) ProtoMessage() {} func (*X509Subject) Descriptor() ([]byte, []int) { - return fileDescriptor_af8e7a11c7a1ccd9, []int{16} + return fileDescriptor_af8e7a11c7a1ccd9, []int{18} } func (m *X509Subject) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -516,8 +572,10 @@ func (m *X509Subject) XXX_DiscardUnknown() { var xxx_messageInfo_X509Subject proto.InternalMessageInfo func init() { + proto.RegisterType((*CAPIClusterInfo)(nil), "kmodules.xyz.client_go.api.v1.CAPIClusterInfo") proto.RegisterType((*CertificatePrivateKey)(nil), "kmodules.xyz.client_go.api.v1.CertificatePrivateKey") proto.RegisterType((*CertificateSpec)(nil), "kmodules.xyz.client_go.api.v1.CertificateSpec") + proto.RegisterType((*ClusterInfo)(nil), "kmodules.xyz.client_go.api.v1.ClusterInfo") proto.RegisterType((*ClusterMetadata)(nil), "kmodules.xyz.client_go.api.v1.ClusterMetadata") proto.RegisterType((*Condition)(nil), "kmodules.xyz.client_go.api.v1.Condition") proto.RegisterType((*HealthCheckSpec)(nil), "kmodules.xyz.client_go.api.v1.HealthCheckSpec") @@ -540,115 +598,166 @@ func init() { } var fileDescriptor_af8e7a11c7a1ccd9 = []byte{ - // 1728 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xc4, 0x58, 0xcf, 0x6f, 0x23, 0x49, - 0x15, 0x76, 0xc7, 0x4e, 0xe2, 0x2e, 0x27, 0xe3, 0x49, 0xcd, 0xa0, 0x31, 0x23, 0xc6, 0x1d, 0xbc, - 0x62, 0x94, 0x01, 0xa6, 0x4d, 0x46, 0xb3, 0xb0, 0xac, 0x84, 0x20, 0xed, 0xec, 0x66, 0xbd, 0x9b, - 0x49, 0x42, 0x39, 0xc3, 0xae, 0x16, 0x04, 0xaa, 0x74, 0x3f, 0x3b, 0x45, 0xda, 0xdd, 0xad, 0xaa, - 0x6e, 0x83, 0xf7, 0xb4, 0x47, 0xb8, 0x2d, 0x37, 0x8e, 0x3b, 0x12, 0x7f, 0x02, 0x17, 0xfe, 0x02, - 0x46, 0x9c, 0x86, 0x0b, 0xda, 0x03, 0xb2, 0x18, 0x73, 0x45, 0x5c, 0x10, 0x12, 0xca, 0x09, 0x55, - 0xf5, 0x4f, 0x3b, 0xce, 0x24, 0x8b, 0x90, 0xf6, 0xe6, 0xfe, 0xde, 0xf7, 0xbe, 0xaa, 0xae, 0x7a, - 0xbf, 0xda, 0xe8, 0xe1, 0xd9, 0xd0, 0x77, 0x22, 0x17, 0x84, 0xf9, 0xcb, 0xf1, 0x47, 0x6d, 0xdb, - 0x65, 0xe0, 0x85, 0x0f, 0x07, 0x7e, 0x9b, 0x06, 0xac, 0x3d, 0xda, 0x6e, 0x0f, 0xc0, 0x03, 0x4e, - 0x43, 0x70, 0xcc, 0x80, 0xfb, 0xa1, 0x8f, 0xef, 0x15, 0xe9, 0x66, 0x4c, 0xff, 0xd9, 0xc0, 0x37, - 0x69, 0xc0, 0xcc, 0xd1, 0xf6, 0xdd, 0x87, 0x03, 0x16, 0x9e, 0x46, 0x27, 0xa6, 0xed, 0x0f, 0xdb, - 0x03, 0x7f, 0xe0, 0xb7, 0x95, 0xd7, 0x49, 0xd4, 0x57, 0x4f, 0xea, 0x41, 0xfd, 0x8a, 0xd5, 0xee, - 0xb6, 0xce, 0xde, 0x10, 0x26, 0x8b, 0x17, 0xb3, 0x7d, 0x0e, 0x0b, 0x56, 0xbc, 0xfb, 0x38, 0xe7, - 0x0c, 0xa9, 0x7d, 0xca, 0x3c, 0xe0, 0xe3, 0x76, 0x70, 0x36, 0x90, 0x80, 0x68, 0x0f, 0x21, 0xa4, - 0x0b, 0xbc, 0x5a, 0x3f, 0x46, 0x5f, 0xea, 0x00, 0x0f, 0x59, 0x9f, 0xd9, 0x34, 0x84, 0x23, 0xce, - 0x46, 0x34, 0x84, 0xf7, 0x60, 0x8c, 0x2d, 0x54, 0x05, 0xcf, 0xf6, 0x1d, 0xe6, 0x0d, 0x1a, 0xda, - 0xa6, 0xb6, 0xa5, 0x5b, 0xf7, 0x9f, 0x4f, 0x8c, 0xd2, 0x74, 0x62, 0x54, 0xdf, 0x4a, 0xf0, 0xf3, - 0x89, 0x81, 0x73, 0x8f, 0x14, 0x25, 0x99, 0x5f, 0xeb, 0x5f, 0xcb, 0xa8, 0x5e, 0x50, 0xef, 0x05, - 0x60, 0xe3, 0xd7, 0xd0, 0x32, 0x75, 0x19, 0x15, 0x89, 0xe8, 0x7a, 0x22, 0xba, 0xbc, 0x23, 0x41, - 0x12, 0xdb, 0xf0, 0x87, 0x48, 0x67, 0x42, 0x44, 0xc0, 0x09, 0xf4, 0x1b, 0x4b, 0x9b, 0xda, 0x56, - 0xed, 0xd1, 0x43, 0x33, 0x7e, 0x3f, 0x75, 0x82, 0xf2, 0x0c, 0xcc, 0xd1, 0xb6, 0x79, 0x3c, 0x0e, - 0xc0, 0xd9, 0xf7, 0x6d, 0xea, 0x1e, 0x9e, 0xfc, 0x1c, 0xec, 0x90, 0x40, 0x1f, 0x38, 0x78, 0x36, - 0x58, 0xeb, 0xd3, 0x89, 0xa1, 0x77, 0x53, 0x0d, 0x92, 0xcb, 0xe1, 0x47, 0x08, 0x09, 0xb0, 0x39, - 0x84, 0x07, 0x74, 0x08, 0x8d, 0xb2, 0xda, 0x05, 0x4e, 0x76, 0x81, 0x7a, 0x99, 0x85, 0x14, 0x58, - 0xf8, 0x87, 0x68, 0x55, 0x44, 0x6a, 0x85, 0x46, 0x45, 0xed, 0xe6, 0xeb, 0xe6, 0x2b, 0xef, 0xd7, - 0xfc, 0xe0, 0xf5, 0x6f, 0x7d, 0xb7, 0x17, 0x7b, 0x58, 0xb5, 0xe9, 0xc4, 0x58, 0x4d, 0x1e, 0x48, - 0xaa, 0x83, 0x3f, 0x40, 0x55, 0x27, 0xe2, 0x34, 0x64, 0xbe, 0xd7, 0x58, 0x56, 0x9a, 0x66, 0xe1, - 0x0d, 0xb3, 0x1b, 0x34, 0x83, 0xb3, 0x81, 0x04, 0x84, 0x29, 0x6f, 0x50, 0x4a, 0xef, 0x26, 0x5e, - 0xd6, 0x9a, 0xbc, 0x8b, 0xf4, 0x89, 0x64, 0x6a, 0x98, 0xa2, 0x1a, 0x07, 0x0f, 0x7e, 0x61, 0x41, - 0xdf, 0xe7, 0xd0, 0x58, 0xf9, 0x9f, 0xc4, 0xeb, 0xd3, 0x89, 0x51, 0x23, 0xb9, 0x0c, 0x29, 0x6a, - 0xe2, 0x2d, 0x54, 0x75, 0x3c, 0x21, 0x8f, 0x46, 0x34, 0x56, 0x37, 0xcb, 0x5b, 0x7a, 0xb2, 0x99, - 0x83, 0x9e, 0xc2, 0x48, 0x66, 0xc5, 0xdb, 0xa8, 0xc6, 0x82, 0x1d, 0xc7, 0xe1, 0x20, 0x04, 0x88, - 0x46, 0x55, 0x91, 0x95, 0x78, 0xf7, 0x28, 0x83, 0x49, 0x91, 0x83, 0xbf, 0x82, 0x2a, 0x11, 0x67, - 0xa2, 0xa1, 0x2b, 0x6e, 0x75, 0x3a, 0x31, 0x2a, 0x4f, 0x49, 0x57, 0x10, 0x85, 0xe2, 0x37, 0xd1, - 0x0d, 0x18, 0x52, 0xe6, 0xe6, 0x9a, 0x48, 0xf1, 0xf0, 0x74, 0x62, 0xdc, 0x78, 0x6b, 0xc6, 0x42, - 0xe6, 0x98, 0xd8, 0x41, 0x28, 0xc8, 0xe2, 0xb5, 0x51, 0x53, 0x07, 0xf3, 0xf8, 0x8a, 0x9b, 0x5c, - 0x98, 0x1d, 0xd6, 0x0d, 0x19, 0x2c, 0xf9, 0x33, 0x29, 0xe8, 0xb6, 0xfe, 0xa4, 0xa1, 0x7a, 0xc7, - 0x8d, 0x44, 0x08, 0xfc, 0x09, 0x84, 0xd4, 0xa1, 0x21, 0xc5, 0xf7, 0x50, 0x39, 0x62, 0x4e, 0x12, - 0xf3, 0xb5, 0x24, 0xda, 0xca, 0x4f, 0xbb, 0xbb, 0x44, 0xe2, 0x78, 0x13, 0x55, 0x3c, 0x19, 0x8d, - 0x4b, 0xca, 0xbe, 0x96, 0xd8, 0x2b, 0x2a, 0x0e, 0x95, 0x05, 0xbf, 0x8e, 0x6a, 0x0e, 0x13, 0x81, - 0x4b, 0xc7, 0x85, 0xb0, 0xbd, 0x95, 0x10, 0x6b, 0xbb, 0xb9, 0x89, 0x14, 0x79, 0xf8, 0xfb, 0xa8, - 0x1a, 0x70, 0x7f, 0xc4, 0x1c, 0xe0, 0x2a, 0x72, 0x75, 0xeb, 0xb5, 0x34, 0x8b, 0x8f, 0x12, 0xfc, - 0x7c, 0x62, 0xd4, 0xdf, 0xf1, 0x45, 0xc8, 0xbc, 0x41, 0x0a, 0x91, 0xcc, 0xa9, 0xf5, 0x9f, 0x32, - 0xd2, 0x3b, 0xbe, 0xe7, 0x30, 0x15, 0x5a, 0xdb, 0xa8, 0x12, 0x8e, 0x03, 0x48, 0xa4, 0xee, 0xa5, - 0xfb, 0x94, 0x69, 0x78, 0x3e, 0x31, 0xd6, 0x33, 0xa2, 0x04, 0x88, 0xa2, 0xe2, 0x9f, 0xa2, 0x15, - 0x11, 0xd2, 0x30, 0x12, 0x2a, 0xca, 0x75, 0xeb, 0xed, 0xc4, 0x69, 0xa5, 0xa7, 0xd0, 0xf3, 0x89, - 0x71, 0xad, 0xc2, 0x65, 0x66, 0xda, 0xb1, 0x1f, 0x49, 0x54, 0xf1, 0xbb, 0x08, 0xfb, 0x27, 0x02, - 0xf8, 0x08, 0x9c, 0xbd, 0xb8, 0xb6, 0xc9, 0x8c, 0x92, 0xe7, 0x53, 0xb6, 0xee, 0x26, 0x6b, 0xe1, - 0xc3, 0x0b, 0x0c, 0xb2, 0xc0, 0x0b, 0xef, 0xa0, 0xaa, 0x80, 0x11, 0x70, 0x16, 0x8e, 0x55, 0xda, - 0xe8, 0xd6, 0xd7, 0xd2, 0xd3, 0xea, 0x25, 0xf8, 0xf9, 0xc4, 0xd8, 0xc8, 0xb7, 0x92, 0x80, 0x24, - 0x73, 0xc3, 0x23, 0x84, 0x5d, 0x2a, 0xc2, 0x63, 0x4e, 0x3d, 0x11, 0x1f, 0x05, 0x1b, 0x42, 0x63, - 0x35, 0x2d, 0x1a, 0xd7, 0xc9, 0x41, 0xe9, 0x91, 0x6f, 0x7d, 0xff, 0x82, 0x1a, 0x59, 0xb0, 0x02, - 0xbe, 0x8f, 0x56, 0x38, 0x50, 0xe1, 0x7b, 0x8d, 0xaa, 0xda, 0xf8, 0x8d, 0xf4, 0x98, 0x89, 0x42, - 0x49, 0x62, 0xc5, 0x0f, 0xd0, 0xea, 0x10, 0x84, 0xa0, 0x03, 0x68, 0xe8, 0x8a, 0x58, 0x4f, 0x88, - 0xab, 0x4f, 0x62, 0x98, 0xa4, 0xf6, 0xd6, 0x3f, 0x35, 0x54, 0x7f, 0x07, 0xa8, 0x1b, 0x9e, 0x76, - 0x4e, 0xc1, 0x3e, 0x53, 0xd5, 0xfb, 0x37, 0x1a, 0xba, 0xc3, 0x81, 0x3a, 0xbe, 0xe7, 0x8e, 0xe7, - 0x6c, 0x2a, 0xb8, 0x6b, 0x8f, 0xbe, 0x7d, 0x45, 0x3e, 0x91, 0xc5, 0xde, 0x96, 0x91, 0xec, 0xe3, - 0xce, 0x25, 0x04, 0x72, 0xd9, 0xba, 0x78, 0x0f, 0x6d, 0x38, 0x4c, 0xd0, 0x13, 0x17, 0xde, 0xe7, - 0x2c, 0x04, 0x65, 0x50, 0x99, 0x54, 0xb5, 0xbe, 0x9c, 0x88, 0x6e, 0xec, 0xce, 0x13, 0xc8, 0x45, - 0x9f, 0xd6, 0xbf, 0x35, 0xa4, 0x77, 0x87, 0x74, 0x00, 0x5d, 0xaf, 0xef, 0xcb, 0x46, 0xc5, 0xe4, - 0xc3, 0x7c, 0xa3, 0x52, 0x0c, 0x12, 0xdb, 0xf0, 0x31, 0xaa, 0xba, 0xcc, 0x03, 0x3a, 0x00, 0xd1, - 0x58, 0xda, 0x2c, 0x6f, 0xd5, 0x1e, 0xdd, 0xbf, 0xe2, 0xfd, 0xf7, 0x63, 0xba, 0x75, 0x33, 0x8d, - 0xac, 0x04, 0x10, 0x24, 0x53, 0xc2, 0x43, 0x54, 0x0f, 0x22, 0xd7, 0xed, 0x70, 0x70, 0xc0, 0x0b, - 0x19, 0x75, 0x85, 0x0a, 0x68, 0x55, 0xc5, 0x5f, 0x29, 0x7e, 0x34, 0xeb, 0x65, 0xdd, 0x9a, 0x4e, - 0x8c, 0xfa, 0x1c, 0x48, 0xe6, 0xb5, 0x5b, 0xbf, 0xd6, 0xd0, 0x6a, 0xb2, 0x0b, 0x7c, 0x80, 0x96, - 0xed, 0x53, 0xca, 0xbc, 0x86, 0xa6, 0xde, 0xe6, 0xc1, 0x15, 0x0b, 0xc6, 0x6d, 0x57, 0x9e, 0x57, - 0x7e, 0x40, 0x1d, 0xe9, 0x4f, 0x62, 0x19, 0x6c, 0x22, 0x64, 0xfb, 0x5e, 0x48, 0x65, 0xac, 0xc7, - 0x47, 0xa4, 0xc7, 0xc5, 0xb3, 0x93, 0xa1, 0xa4, 0xc0, 0x68, 0xfd, 0x4e, 0x43, 0xd5, 0x44, 0x74, - 0x57, 0x5e, 0xc1, 0x80, 0xfb, 0x51, 0x30, 0x7f, 0x05, 0x7b, 0x12, 0x24, 0xb1, 0x4d, 0xd6, 0xce, - 0x33, 0xe6, 0x39, 0xf3, 0xb5, 0xf3, 0x3d, 0xe6, 0x39, 0x44, 0x59, 0x70, 0x1b, 0xe9, 0xb2, 0x86, - 0x8a, 0x80, 0xda, 0x69, 0xe5, 0xdc, 0x48, 0x68, 0xfa, 0x41, 0x6a, 0x20, 0x39, 0x27, 0x2b, 0xc7, - 0x95, 0xcb, 0xca, 0x71, 0xeb, 0xf7, 0x1a, 0x42, 0xf9, 0xbb, 0xe3, 0xf7, 0x51, 0x95, 0x83, 0xf0, - 0x23, 0x6e, 0x43, 0x92, 0x06, 0x0f, 0xae, 0x4c, 0x83, 0x98, 0xde, 0xdd, 0xcd, 0x23, 0x21, 0xc5, - 0x48, 0x26, 0x86, 0x9f, 0xa0, 0x32, 0xcf, 0x46, 0x20, 0xf3, 0x5a, 0x97, 0x91, 0xcf, 0x40, 0x59, - 0x9f, 0x91, 0x13, 0x90, 0xd4, 0x69, 0x39, 0xa8, 0x3e, 0x47, 0x9a, 0x3d, 0x1c, 0xed, 0x73, 0x1c, - 0xce, 0xa5, 0xbd, 0xaa, 0xf5, 0x0f, 0x0d, 0xcd, 0x07, 0xdd, 0xe7, 0x5f, 0xe6, 0x5d, 0x84, 0x65, - 0x7d, 0x66, 0x36, 0xec, 0xd8, 0xb6, 0x1f, 0x79, 0xf1, 0xb8, 0x16, 0x2f, 0x9a, 0x15, 0xc7, 0xde, - 0x05, 0x06, 0x59, 0xe0, 0x85, 0x7f, 0x92, 0x8e, 0x7c, 0x04, 0xfa, 0x32, 0x95, 0x64, 0x64, 0x6f, - 0x2d, 0x9a, 0x27, 0x17, 0x8e, 0x92, 0x73, 0xc3, 0xa1, 0xd4, 0x20, 0x05, 0xbd, 0xd6, 0x0b, 0x0d, - 0x5d, 0x56, 0xb4, 0xf0, 0x77, 0xd0, 0x7a, 0x00, 0x9c, 0xf9, 0x4e, 0x0f, 0x6c, 0xdf, 0x73, 0xe2, - 0xa9, 0x77, 0xd9, 0xda, 0x98, 0x4e, 0x8c, 0xf5, 0xa3, 0xa2, 0x81, 0xcc, 0xf2, 0xe4, 0x98, 0x13, - 0xb2, 0x21, 0xf8, 0x51, 0x98, 0x7a, 0x2e, 0x29, 0x4f, 0x35, 0xe6, 0x1c, 0xcf, 0x58, 0xc8, 0x1c, - 0x13, 0xff, 0x00, 0xdd, 0xec, 0x53, 0xe6, 0x46, 0x1c, 0x8e, 0x4f, 0x39, 0x88, 0x53, 0xdf, 0x75, - 0x54, 0xd8, 0x2f, 0x5b, 0xb7, 0xa7, 0x13, 0xe3, 0xe6, 0xdb, 0x73, 0x36, 0x72, 0x81, 0xdd, 0xfa, - 0x8b, 0x86, 0x50, 0x1e, 0xa1, 0xd7, 0xcb, 0xc3, 0x07, 0x68, 0x75, 0x04, 0x5c, 0xc8, 0xee, 0xbb, - 0x34, 0xdb, 0x59, 0x7e, 0x14, 0xc3, 0x24, 0xb5, 0x67, 0x21, 0x54, 0xbe, 0x74, 0xdc, 0x49, 0x93, - 0xba, 0x72, 0x69, 0x52, 0x3f, 0x46, 0xcb, 0xc2, 0xf6, 0x03, 0x48, 0xc6, 0x8a, 0x66, 0xba, 0xa7, - 0x9e, 0x04, 0xe5, 0x30, 0x92, 0xee, 0x5f, 0x01, 0x24, 0x26, 0xb7, 0xfe, 0xac, 0x21, 0xfd, 0x78, - 0xbf, 0xd7, 0xf1, 0xbd, 0x3e, 0x1b, 0xcc, 0x7e, 0x66, 0x68, 0xff, 0xdf, 0xcf, 0x8c, 0x53, 0xb4, - 0x66, 0xe7, 0xa3, 0x63, 0xda, 0x1d, 0xcc, 0xeb, 0x4f, 0x9b, 0xaa, 0x2b, 0xde, 0x4e, 0x5e, 0x6b, - 0xad, 0x60, 0x10, 0x64, 0x46, 0xb9, 0xf5, 0x55, 0xa4, 0xcb, 0x80, 0x38, 0xec, 0xef, 0xd2, 0xf1, - 0x9b, 0xb7, 0x7f, 0xfb, 0xa9, 0x51, 0xfa, 0xd5, 0x33, 0xa3, 0xf4, 0xc9, 0x33, 0xa3, 0xf4, 0xe9, - 0x33, 0xa3, 0xf4, 0xf1, 0x5f, 0x37, 0x4b, 0xad, 0x3f, 0x68, 0xe8, 0xb6, 0x7a, 0x89, 0xf9, 0xec, - 0xff, 0x26, 0xaa, 0xd2, 0x80, 0xed, 0x15, 0x2e, 0x37, 0xab, 0x46, 0x3b, 0x47, 0xdd, 0xf8, 0x7e, - 0x33, 0xc6, 0x17, 0x53, 0x6a, 0xff, 0x58, 0x46, 0xb5, 0xc2, 0xe7, 0x94, 0x4c, 0x29, 0x9f, 0x0f, - 0xa8, 0xc7, 0x3e, 0x52, 0x43, 0x9b, 0x50, 0x9d, 0x4a, 0x8f, 0x53, 0xea, 0xb0, 0x68, 0x20, 0xb3, - 0x3c, 0xfc, 0x0d, 0xa4, 0xab, 0x92, 0xc0, 0x19, 0xa4, 0x9d, 0x48, 0x5d, 0x5f, 0x27, 0x05, 0x49, - 0x6e, 0xc7, 0x5d, 0x74, 0xab, 0xe8, 0x4d, 0xdd, 0xa7, 0x1e, 0x0b, 0xe3, 0xda, 0xa1, 0x5b, 0x77, - 0xa6, 0x13, 0xe3, 0xd6, 0xe1, 0x45, 0x33, 0x59, 0xe4, 0x23, 0x5b, 0xa0, 0x2b, 0x63, 0x87, 0x85, - 0x72, 0xe1, 0x4a, 0xde, 0x02, 0xf7, 0x33, 0x94, 0x14, 0x18, 0x72, 0x9f, 0x6a, 0xfc, 0xf6, 0x6c, - 0x90, 0x43, 0x73, 0xb6, 0xcf, 0xa3, 0x14, 0x24, 0xb9, 0x1d, 0x7f, 0x0f, 0xd5, 0x45, 0xc8, 0x01, - 0xc2, 0xfc, 0x7b, 0x68, 0x45, 0xb9, 0xa8, 0xd6, 0xdf, 0x9b, 0x35, 0x91, 0x79, 0xae, 0xfc, 0x3c, - 0x0b, 0x7c, 0x11, 0x52, 0xb7, 0xe3, 0x3b, 0xd9, 0xb7, 0x9c, 0xfa, 0x3c, 0x3b, 0xca, 0x61, 0x52, - 0xe4, 0xe0, 0x37, 0xd0, 0x9a, 0x00, 0xce, 0xa8, 0x7b, 0x10, 0x0d, 0x4f, 0x80, 0x27, 0xf3, 0x66, - 0x16, 0xa8, 0xbd, 0x82, 0x8d, 0xcc, 0x30, 0xad, 0xce, 0xf3, 0x97, 0xcd, 0xd2, 0x8b, 0x97, 0xcd, - 0xd2, 0x67, 0x2f, 0x9b, 0xa5, 0x8f, 0xa7, 0x4d, 0xed, 0xf9, 0xb4, 0xa9, 0xbd, 0x98, 0x36, 0xb5, - 0xcf, 0xa6, 0x4d, 0xed, 0x6f, 0xd3, 0xa6, 0xf6, 0xc9, 0xdf, 0x9b, 0xa5, 0x0f, 0xef, 0xbd, 0xf2, - 0x8f, 0x96, 0xff, 0x06, 0x00, 0x00, 0xff, 0xff, 0xe4, 0x6b, 0xda, 0x16, 0x88, 0x11, 0x00, 0x00, + // 1921 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xc4, 0x58, 0xcd, 0x8f, 0x1b, 0x49, + 0x15, 0x77, 0xc7, 0x9e, 0x8c, 0xfd, 0x3c, 0x89, 0x93, 0x4a, 0x50, 0x4c, 0x44, 0xdc, 0x43, 0x47, + 0x44, 0x13, 0xd8, 0xf4, 0x30, 0xa3, 0x04, 0x96, 0x15, 0x08, 0xc6, 0x76, 0x36, 0xf1, 0xee, 0x24, + 0x63, 0xca, 0x13, 0x76, 0xb5, 0x20, 0x50, 0x4d, 0x77, 0xd9, 0x53, 0x4c, 0xbb, 0xbb, 0x55, 0xd5, + 0x3d, 0xcb, 0xec, 0x69, 0x8f, 0x70, 0x5b, 0x6e, 0x1c, 0x37, 0x12, 0x7f, 0x02, 0x12, 0xe2, 0x2f, + 0x20, 0xc7, 0x70, 0x41, 0x2b, 0x81, 0x2c, 0x62, 0xae, 0x88, 0x0b, 0x02, 0xa1, 0x39, 0xa1, 0xaa, + 0xae, 0xfe, 0xb0, 0xc7, 0xb3, 0x33, 0x0b, 0x48, 0x7b, 0x73, 0xbf, 0xdf, 0xef, 0xbd, 0xfa, 0x78, + 0xaf, 0xde, 0x87, 0xe1, 0xde, 0xc1, 0x38, 0x70, 0x63, 0x8f, 0x0a, 0xfb, 0x67, 0x47, 0x1f, 0xac, + 0x3b, 0x1e, 0xa3, 0x7e, 0x74, 0x6f, 0x14, 0xac, 0x93, 0x90, 0xad, 0x1f, 0x6e, 0xac, 0x8f, 0xa8, + 0x4f, 0x39, 0x89, 0xa8, 0x6b, 0x87, 0x3c, 0x88, 0x02, 0x74, 0xab, 0x48, 0xb7, 0x13, 0xfa, 0x4f, + 0x46, 0x81, 0x4d, 0x42, 0x66, 0x1f, 0x6e, 0xdc, 0xbc, 0x37, 0x62, 0xd1, 0x7e, 0xbc, 0x67, 0x3b, + 0xc1, 0x78, 0x7d, 0x14, 0x8c, 0x82, 0x75, 0xa5, 0xb5, 0x17, 0x0f, 0xd5, 0x97, 0xfa, 0x50, 0xbf, + 0x12, 0x6b, 0x37, 0xad, 0x83, 0xd7, 0x85, 0xcd, 0x92, 0xc5, 0x9c, 0x80, 0xd3, 0x05, 0x2b, 0xde, + 0xbc, 0x9f, 0x73, 0xc6, 0xc4, 0xd9, 0x67, 0x3e, 0xe5, 0x47, 0xeb, 0xe1, 0xc1, 0x48, 0x0a, 0xc4, + 0xfa, 0x98, 0x46, 0x64, 0x81, 0x96, 0xf5, 0x5b, 0x03, 0x1a, 0x9d, 0xad, 0x7e, 0xaf, 0xe3, 0xc5, + 0x22, 0xa2, 0xbc, 0xe7, 0x0f, 0x03, 0xf4, 0x6d, 0xa8, 0x86, 0x3c, 0x38, 0x64, 0x2e, 0xe5, 0x4d, + 0x63, 0xd5, 0x58, 0xab, 0xb5, 0x57, 0x5f, 0x4c, 0xcc, 0xd2, 0x74, 0x62, 0x56, 0xfb, 0x5a, 0x7e, + 0x3c, 0x31, 0x57, 0xa4, 0x5a, 0xfa, 0x8d, 0x33, 0x0d, 0xb4, 0x0e, 0x35, 0x9f, 0x8c, 0xa9, 0x08, + 0x89, 0x43, 0x9b, 0x17, 0x94, 0xfa, 0x55, 0xad, 0x5e, 0x7b, 0x9a, 0x02, 0x38, 0xe7, 0xa0, 0x07, + 0x50, 0x77, 0x92, 0xd5, 0x25, 0xdc, 0x2c, 0x2b, 0x95, 0x6b, 0x5a, 0xa5, 0xde, 0xc9, 0x21, 0x5c, + 0xe4, 0x59, 0x3f, 0x84, 0x2f, 0x74, 0x28, 0x8f, 0xd8, 0x90, 0x39, 0x24, 0xa2, 0x7d, 0xce, 0x0e, + 0x49, 0x44, 0xdf, 0xa6, 0x47, 0xa8, 0x0d, 0x55, 0xea, 0x3b, 0x81, 0xcb, 0xfc, 0x91, 0xde, 0xfe, + 0x9d, 0x74, 0xfb, 0x0f, 0xb5, 0xfc, 0x78, 0x62, 0xa2, 0x5c, 0x23, 0x95, 0xe2, 0x4c, 0xcf, 0xfa, + 0xc7, 0x12, 0x34, 0x0a, 0xd6, 0x07, 0x21, 0x75, 0xd0, 0x6d, 0x58, 0x22, 0x1e, 0x23, 0x42, 0x1b, + 0xbd, 0xa4, 0x8d, 0x2e, 0x6d, 0x49, 0x21, 0x4e, 0x30, 0xf4, 0x1e, 0xd4, 0x98, 0x10, 0x31, 0xe5, + 0x98, 0x0e, 0xd5, 0xe9, 0xeb, 0x9b, 0xf7, 0xec, 0xc4, 0x33, 0xca, 0xf7, 0xd2, 0x7b, 0xf6, 0xe1, + 0x86, 0xbd, 0x7b, 0x14, 0x52, 0x77, 0x3b, 0x70, 0x88, 0xb7, 0xb3, 0xf7, 0x53, 0xea, 0x44, 0x98, + 0x0e, 0x29, 0xa7, 0xbe, 0x43, 0xdb, 0x97, 0xe4, 0x45, 0xf5, 0x52, 0x1b, 0x38, 0x37, 0x87, 0x36, + 0x01, 0x04, 0x75, 0x38, 0x8d, 0x0a, 0xf7, 0x84, 0xf4, 0x2e, 0x60, 0x90, 0x21, 0xb8, 0xc0, 0x42, + 0xdf, 0x87, 0x65, 0x11, 0xab, 0x15, 0x9a, 0x15, 0xb5, 0x9b, 0xaf, 0xda, 0x9f, 0x1a, 0x99, 0xf6, + 0xbb, 0x0f, 0xbe, 0xfe, 0xad, 0x41, 0xa2, 0xd1, 0xae, 0x4f, 0x27, 0xe6, 0xb2, 0xfe, 0xc0, 0xa9, + 0x1d, 0xf4, 0x2e, 0x54, 0xdd, 0x98, 0x93, 0x88, 0x05, 0x7e, 0x73, 0x49, 0xd9, 0xb4, 0x0b, 0x27, + 0xcc, 0x62, 0xcf, 0x0e, 0x0f, 0x46, 0x52, 0x20, 0x6c, 0x19, 0x7b, 0xd2, 0x74, 0x57, 0x6b, 0xb5, + 0x57, 0xa4, 0x2f, 0xd2, 0x2f, 0x9c, 0x59, 0x43, 0x04, 0xea, 0x9c, 0xfa, 0xf4, 0xfd, 0x36, 0x1d, + 0x06, 0x9c, 0x36, 0x2f, 0xfe, 0x57, 0xc6, 0x1b, 0x32, 0x6a, 0x70, 0x6e, 0x06, 0x17, 0x6d, 0xa2, + 0x35, 0xa8, 0xba, 0xbe, 0x50, 0x71, 0xd8, 0x5c, 0x5e, 0x2d, 0xaf, 0xd5, 0xf4, 0x66, 0x9e, 0x0e, + 0x94, 0x0c, 0x67, 0x28, 0xda, 0x80, 0x3a, 0x0b, 0xb7, 0x5c, 0x97, 0x53, 0x21, 0xa8, 0x68, 0x56, + 0x15, 0x59, 0x19, 0xef, 0xf5, 0x33, 0x31, 0x2e, 0x72, 0xd0, 0x97, 0xa0, 0x12, 0x73, 0x26, 0x9a, + 0x35, 0xc5, 0xad, 0x4e, 0x27, 0x66, 0xe5, 0x19, 0xee, 0x09, 0xac, 0xa4, 0xe8, 0x0d, 0xb8, 0x4c, + 0xc7, 0x84, 0x79, 0xb9, 0x4d, 0x50, 0x3c, 0x34, 0x9d, 0x98, 0x97, 0x1f, 0xce, 0x20, 0x78, 0x8e, + 0x89, 0x5c, 0x80, 0x30, 0x8b, 0xd7, 0x66, 0x5d, 0x5d, 0xcc, 0xfd, 0x33, 0x3c, 0xb9, 0xf0, 0x75, + 0xb4, 0x2f, 0xcb, 0x60, 0xc9, 0xbf, 0x71, 0xc1, 0xae, 0xf5, 0x27, 0x03, 0xea, 0xc5, 0x44, 0x70, + 0x0b, 0xca, 0x31, 0x73, 0x75, 0xbc, 0xd7, 0x75, 0xa4, 0x95, 0x9f, 0xf5, 0xba, 0x58, 0xca, 0xd1, + 0x2a, 0x54, 0xe4, 0x2b, 0xd6, 0x8f, 0x7c, 0x45, 0xe3, 0x15, 0x15, 0x83, 0x0a, 0x41, 0xdf, 0x81, + 0x86, 0x7e, 0xb2, 0x4f, 0x88, 0x4f, 0x46, 0x94, 0x8b, 0x66, 0x59, 0x9d, 0xf9, 0xda, 0x74, 0x62, + 0x36, 0x3a, 0xb3, 0x10, 0x9e, 0xe7, 0xa2, 0x6d, 0xa8, 0x38, 0x24, 0x64, 0x3a, 0x72, 0xed, 0xb3, + 0xce, 0x3b, 0x9b, 0xc6, 0x92, 0xfb, 0x97, 0x42, 0xac, 0xac, 0x58, 0xff, 0x2a, 0x43, 0xb6, 0x24, + 0x8d, 0x88, 0x4b, 0x22, 0xf2, 0xbf, 0x9f, 0xf0, 0x01, 0xd4, 0x5d, 0x26, 0x42, 0x8f, 0x1c, 0x2d, + 0x4a, 0x5e, 0xdd, 0x1c, 0xc2, 0x45, 0x1e, 0xfa, 0x6e, 0x21, 0xc5, 0x56, 0x94, 0xce, 0xed, 0x05, + 0x29, 0xb6, 0xf1, 0x38, 0x10, 0x11, 0xf3, 0x47, 0x0b, 0xb2, 0xec, 0x5d, 0x58, 0x0e, 0xde, 0xf7, + 0x29, 0xef, 0x75, 0xd5, 0x1b, 0xac, 0xb5, 0x1b, 0x5a, 0x7f, 0x79, 0x27, 0x11, 0xe3, 0x14, 0x97, + 0x09, 0x59, 0xfd, 0x94, 0x29, 0x47, 0xbd, 0xa9, 0x42, 0x42, 0xde, 0x49, 0x01, 0x9c, 0x73, 0xe4, + 0x99, 0x48, 0xc8, 0x1e, 0xfa, 0x6e, 0x18, 0x30, 0x3f, 0x6a, 0x2e, 0xcf, 0x9e, 0x69, 0xab, 0xdf, + 0x4b, 0x21, 0x5c, 0xe4, 0xa1, 0xd7, 0xa0, 0xea, 0x90, 0x76, 0xec, 0xbb, 0x1e, 0x6d, 0x56, 0x95, + 0xce, 0x95, 0xf4, 0x4c, 0x9d, 0xad, 0x44, 0x8e, 0x33, 0x86, 0xdc, 0xd5, 0x38, 0xf1, 0x73, 0xaf, + 0xdb, 0xac, 0xcd, 0xee, 0xea, 0x49, 0x0a, 0xe0, 0x9c, 0x83, 0x5e, 0x87, 0x95, 0xfd, 0x78, 0x2f, + 0x75, 0x70, 0xb7, 0x09, 0x4a, 0xe7, 0xba, 0xd6, 0x59, 0x79, 0x5c, 0xc0, 0xf0, 0x0c, 0xd3, 0xfa, + 0x77, 0x19, 0x6a, 0x9d, 0xc0, 0x77, 0x99, 0x4a, 0x32, 0x1b, 0x50, 0x89, 0xe4, 0x4d, 0x24, 0xd7, + 0x7e, 0x2b, 0xf5, 0xa9, 0x3c, 0xf9, 0xf1, 0xc4, 0xbc, 0x94, 0x11, 0xd5, 0xad, 0x28, 0x2a, 0xfa, + 0x31, 0x5c, 0x14, 0x11, 0x89, 0x62, 0xa1, 0xef, 0xfa, 0x4d, 0xad, 0x74, 0x71, 0xa0, 0xa4, 0xc7, + 0x13, 0xf3, 0x5c, 0xc5, 0xd7, 0xce, 0x6c, 0x27, 0x7a, 0x58, 0x5b, 0x45, 0x6f, 0x01, 0x0a, 0xf6, + 0x04, 0xe5, 0x87, 0xd4, 0x7d, 0x94, 0xd4, 0x67, 0x99, 0x5b, 0x65, 0x2c, 0x95, 0xdb, 0x37, 0xf5, + 0x5a, 0x68, 0xe7, 0x04, 0x03, 0x2f, 0xd0, 0x42, 0x5b, 0x50, 0x15, 0xf4, 0x90, 0x72, 0x16, 0x1d, + 0x69, 0x67, 0x7f, 0x25, 0xf5, 0xc2, 0x40, 0xcb, 0x8f, 0x27, 0xe6, 0xd5, 0x7c, 0x2b, 0x5a, 0x88, + 0x33, 0x35, 0x74, 0x08, 0xc8, 0x23, 0x22, 0xda, 0xe5, 0xc4, 0x17, 0xc9, 0x55, 0xb0, 0x31, 0x55, + 0x61, 0xa0, 0xca, 0xc7, 0x79, 0xb2, 0xb1, 0xd4, 0xc8, 0xb7, 0xbe, 0x7d, 0xc2, 0x1a, 0x5e, 0xb0, + 0x02, 0xba, 0x03, 0x17, 0x39, 0x25, 0x22, 0xf0, 0x75, 0xf8, 0x5c, 0x4e, 0xaf, 0x19, 0x2b, 0x29, + 0xd6, 0xa8, 0x8c, 0xfd, 0x31, 0x15, 0x82, 0x8c, 0xa8, 0x0e, 0x9c, 0x2c, 0xf6, 0x9f, 0x24, 0x62, + 0x9c, 0xe2, 0xd6, 0xdf, 0x0d, 0x68, 0x3c, 0xa6, 0xc4, 0x8b, 0xf6, 0x3b, 0xfb, 0xd4, 0x39, 0x50, + 0x75, 0xfc, 0x97, 0x06, 0xdc, 0xe0, 0x94, 0xb8, 0x81, 0xef, 0x1d, 0xcd, 0x61, 0x2a, 0x11, 0xd4, + 0x37, 0xbf, 0x71, 0x46, 0xa6, 0xc1, 0x8b, 0xb5, 0xdb, 0xa6, 0xde, 0xc7, 0x8d, 0x53, 0x08, 0xf8, + 0xb4, 0x75, 0xd1, 0x23, 0xb8, 0xea, 0x32, 0x41, 0xf6, 0x3c, 0xfa, 0x0e, 0x67, 0x11, 0x55, 0x80, + 0xca, 0x3a, 0xd5, 0xf6, 0x17, 0xb5, 0xd1, 0xab, 0xdd, 0x79, 0x02, 0x3e, 0xa9, 0x63, 0xfd, 0xd3, + 0x80, 0x5a, 0x6f, 0x4c, 0x46, 0x54, 0x25, 0xf0, 0xdb, 0xb0, 0xc4, 0xe4, 0xc7, 0x7c, 0xcb, 0xa2, + 0x18, 0x38, 0xc1, 0xd0, 0x2e, 0x54, 0x3d, 0xe6, 0x53, 0x32, 0xa2, 0xa2, 0x79, 0x61, 0xb5, 0xbc, + 0x56, 0xdf, 0xbc, 0x73, 0xc6, 0xf9, 0xb7, 0x13, 0x7a, 0xfe, 0xbe, 0xb5, 0x40, 0xe0, 0xcc, 0x12, + 0x1a, 0x43, 0x23, 0x8c, 0x3d, 0xaf, 0xc3, 0xa9, 0x4b, 0xfd, 0x88, 0x11, 0x4f, 0xa8, 0x80, 0x3e, + 0x3b, 0x8d, 0xf7, 0x67, 0xb5, 0x92, 0x52, 0x31, 0x27, 0xc4, 0xf3, 0xb6, 0xad, 0x5f, 0x18, 0xb0, + 0xac, 0x77, 0x81, 0x9e, 0xc2, 0x92, 0xb3, 0x4f, 0x98, 0xdf, 0x34, 0xd4, 0x69, 0xee, 0x9e, 0xb1, + 0x60, 0xd2, 0x80, 0xa9, 0x92, 0x91, 0x5d, 0x50, 0x47, 0xea, 0xe3, 0xc4, 0x0c, 0xb2, 0x01, 0x9c, + 0xc0, 0x8f, 0x88, 0x8c, 0xf5, 0xe4, 0x8a, 0x6a, 0x49, 0x19, 0xed, 0x64, 0x52, 0x5c, 0x60, 0x58, + 0xbf, 0x36, 0xa0, 0xaa, 0x8d, 0x76, 0xa5, 0x0b, 0x46, 0x3c, 0x88, 0xc3, 0x79, 0x17, 0x3c, 0x92, + 0x42, 0x9c, 0x60, 0xb2, 0xce, 0x1c, 0x30, 0xdf, 0x9d, 0xaf, 0x33, 0x6f, 0x33, 0xdf, 0xc5, 0x0a, + 0x99, 0xed, 0xaa, 0xcb, 0xe7, 0xe8, 0xaa, 0xd3, 0xd2, 0x55, 0x39, 0xad, 0x74, 0x59, 0xbf, 0x31, + 0x00, 0xf2, 0xb3, 0xa3, 0x77, 0xa0, 0xca, 0xa9, 0x08, 0x62, 0xee, 0x50, 0xfd, 0x0c, 0xee, 0x9e, + 0xf9, 0x0c, 0x12, 0x7a, 0xaf, 0x9b, 0x47, 0x42, 0x2a, 0xc3, 0x99, 0x31, 0xf4, 0x04, 0xca, 0x3c, + 0x6b, 0x86, 0xed, 0x73, 0x39, 0x23, 0xef, 0x86, 0xb3, 0x9a, 0x2c, 0x7b, 0x61, 0x69, 0xc7, 0x72, + 0xa1, 0x31, 0x47, 0x9a, 0xbd, 0x1c, 0xe3, 0x33, 0x5c, 0xce, 0xa9, 0x75, 0xdd, 0xfa, 0x9b, 0x01, + 0xf3, 0x41, 0xf7, 0xd9, 0x97, 0x79, 0x0b, 0x90, 0xcc, 0xcf, 0xcc, 0xa1, 0x5b, 0x8e, 0x13, 0xc4, + 0x7e, 0xd2, 0xb8, 0x27, 0x8b, 0x66, 0xc9, 0x71, 0x70, 0x82, 0x81, 0x17, 0x68, 0xa1, 0x1f, 0xa5, + 0xcd, 0x3f, 0xa6, 0xc3, 0xa4, 0x8b, 0xaa, 0x6f, 0xae, 0x2d, 0x9a, 0x2c, 0x16, 0x0e, 0x15, 0x73, + 0x63, 0x82, 0xb4, 0x81, 0x0b, 0xf6, 0xac, 0x97, 0x06, 0x9c, 0x96, 0xb4, 0xd0, 0x37, 0xe1, 0x52, + 0x48, 0x39, 0x0b, 0xdc, 0x01, 0x75, 0x02, 0xdf, 0x4d, 0xe6, 0x9f, 0xa5, 0xf6, 0xd5, 0xe9, 0xc4, + 0xbc, 0xd4, 0x2f, 0x02, 0x78, 0x96, 0x27, 0x1b, 0xde, 0x88, 0x8d, 0x69, 0x10, 0x47, 0xa9, 0xe6, + 0x05, 0xa5, 0xa9, 0x1a, 0xde, 0xdd, 0x19, 0x04, 0xcf, 0x31, 0xd1, 0xf7, 0xe0, 0xca, 0x90, 0x30, + 0x2f, 0xe6, 0x74, 0x77, 0x9f, 0x53, 0xb1, 0x1f, 0x78, 0xae, 0x0a, 0xfb, 0xa5, 0xf6, 0xf5, 0xe9, + 0xc4, 0xbc, 0xf2, 0xe6, 0x1c, 0x86, 0x4f, 0xb0, 0xad, 0x3f, 0x1a, 0x00, 0x79, 0x84, 0x9e, 0xef, + 0x1d, 0xde, 0x85, 0xe5, 0x43, 0xca, 0x85, 0xac, 0xbe, 0x17, 0x66, 0x2b, 0xcb, 0x0f, 0x12, 0x31, + 0x4e, 0xf1, 0x2c, 0x84, 0xca, 0xa7, 0xb6, 0x86, 0xe9, 0xa3, 0xae, 0x9c, 0xfa, 0xa8, 0xef, 0xc3, + 0x92, 0x70, 0x82, 0x90, 0xea, 0xb6, 0xa2, 0x95, 0xee, 0x69, 0x20, 0x85, 0xb2, 0x19, 0x49, 0xf7, + 0xaf, 0x04, 0x38, 0x21, 0x5b, 0x7f, 0x30, 0xa0, 0xb6, 0xbb, 0x3d, 0xe8, 0x04, 0xfe, 0x90, 0x8d, + 0x66, 0x07, 0x4e, 0xe3, 0xff, 0x3b, 0x70, 0xee, 0xc3, 0x8a, 0x93, 0x0f, 0x11, 0x69, 0x75, 0xb0, + 0xcf, 0x3f, 0x77, 0xa8, 0xaa, 0x98, 0xb5, 0x68, 0x05, 0x40, 0xe0, 0x19, 0xcb, 0xd6, 0x97, 0xa1, + 0x26, 0x03, 0x62, 0x67, 0xd8, 0x25, 0x47, 0x6f, 0x5c, 0xff, 0xd5, 0xc7, 0x66, 0xe9, 0xe7, 0xcf, + 0xcd, 0xd2, 0x47, 0xcf, 0xcd, 0xd2, 0xc7, 0xcf, 0xcd, 0xd2, 0x87, 0x7f, 0x5e, 0x2d, 0x59, 0xbf, + 0x33, 0xe0, 0xba, 0x3a, 0xc4, 0xfc, 0xeb, 0x7f, 0x0d, 0xaa, 0x24, 0x64, 0x8f, 0x0a, 0xce, 0xcd, + 0xb2, 0xd1, 0x56, 0xbf, 0x97, 0xf8, 0x37, 0x63, 0x7c, 0x3e, 0xa9, 0xf6, 0xf7, 0x65, 0xa8, 0x17, + 0x06, 0x6b, 0xf9, 0xa4, 0x02, 0x3e, 0x22, 0x3e, 0xfb, 0x40, 0x35, 0x6d, 0x42, 0x55, 0xaa, 0x5a, + 0xf2, 0xa4, 0x76, 0x8a, 0x00, 0x9e, 0xe5, 0xa1, 0xaf, 0x41, 0x4d, 0xa5, 0x04, 0xce, 0x68, 0x5a, + 0x89, 0x94, 0xfb, 0x3a, 0xa9, 0x10, 0xe7, 0x38, 0xea, 0xc1, 0xb5, 0xa2, 0x36, 0xf1, 0x9e, 0xf9, + 0x2c, 0x4a, 0x27, 0xb0, 0x1b, 0xd3, 0x89, 0x79, 0x6d, 0xe7, 0x24, 0x8c, 0x17, 0xe9, 0xc8, 0x12, + 0xe8, 0xc9, 0xd8, 0x61, 0x91, 0x5c, 0xb8, 0x92, 0x97, 0xc0, 0xed, 0x4c, 0x8a, 0x0b, 0x0c, 0xb9, + 0x4f, 0x35, 0xaa, 0xf8, 0x0e, 0x95, 0x4d, 0x73, 0xb6, 0xcf, 0x7e, 0x2a, 0xc4, 0x39, 0x2e, 0xa7, + 0x44, 0x11, 0x71, 0x4a, 0xa3, 0x7c, 0x32, 0xbe, 0x98, 0x4f, 0x89, 0x83, 0x59, 0x08, 0xcf, 0x73, + 0xe5, 0xa0, 0x1e, 0x06, 0x22, 0x22, 0x5e, 0x27, 0x70, 0xb3, 0xa9, 0x5e, 0x0d, 0xea, 0xfd, 0x5c, + 0x8c, 0x8b, 0x1c, 0x39, 0x4b, 0x08, 0xca, 0x19, 0xf1, 0x9e, 0xc6, 0xe3, 0x3d, 0xca, 0x75, 0xbf, + 0x99, 0x05, 0xea, 0xa0, 0x80, 0xe1, 0x19, 0x66, 0xbb, 0xf3, 0xe2, 0x55, 0xab, 0xf4, 0xf2, 0x55, + 0xab, 0xf4, 0xc9, 0xab, 0x56, 0xe9, 0xc3, 0x69, 0xcb, 0x78, 0x31, 0x6d, 0x19, 0x2f, 0xa7, 0x2d, + 0xe3, 0x93, 0x69, 0xcb, 0xf8, 0xcb, 0xb4, 0x65, 0x7c, 0xf4, 0xd7, 0x56, 0xe9, 0xbd, 0x5b, 0x9f, + 0xfa, 0x67, 0xe1, 0x7f, 0x02, 0x00, 0x00, 0xff, 0xff, 0x12, 0x7e, 0x97, 0xff, 0x4c, 0x14, 0x00, + 0x00, +} + +func (m *CAPIClusterInfo) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *CAPIClusterInfo) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *CAPIClusterInfo) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + i -= len(m.ClusterName) + copy(dAtA[i:], m.ClusterName) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.ClusterName))) + i-- + dAtA[i] = 0x1a + i -= len(m.Namespace) + copy(dAtA[i:], m.Namespace) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Namespace))) + i-- + dAtA[i] = 0x12 + i -= len(m.Provider) + copy(dAtA[i:], m.Provider) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Provider))) + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil } func (m *CertificatePrivateKey) Marshal() (dAtA []byte, err error) { @@ -808,6 +917,60 @@ func (m *CertificateSpec) MarshalToSizedBuffer(dAtA []byte) (int, error) { return len(dAtA) - i, nil } +func (m *ClusterInfo) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *ClusterInfo) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *ClusterInfo) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.CAPI != nil { + { + size, err := m.CAPI.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x22 + } + if len(m.ClusterManagers) > 0 { + for iNdEx := len(m.ClusterManagers) - 1; iNdEx >= 0; iNdEx-- { + i -= len(m.ClusterManagers[iNdEx]) + copy(dAtA[i:], m.ClusterManagers[iNdEx]) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.ClusterManagers[iNdEx]))) + i-- + dAtA[i] = 0x1a + } + } + i -= len(m.Name) + copy(dAtA[i:], m.Name) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Name))) + i-- + dAtA[i] = 0x12 + i -= len(m.UID) + copy(dAtA[i:], m.UID) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.UID))) + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil +} + func (m *ClusterMetadata) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) @@ -828,6 +991,36 @@ func (m *ClusterMetadata) MarshalToSizedBuffer(dAtA []byte) (int, error) { _ = i var l int _ = l + i -= len(m.HubClusterID) + copy(dAtA[i:], m.HubClusterID) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.HubClusterID))) + i-- + dAtA[i] = 0x52 + i -= len(m.ManagerID) + copy(dAtA[i:], m.ManagerID) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.ManagerID))) + i-- + dAtA[i] = 0x4a + i -= len(m.CABundle) + copy(dAtA[i:], m.CABundle) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.CABundle))) + i-- + dAtA[i] = 0x42 + i -= len(m.APIEndpoint) + copy(dAtA[i:], m.APIEndpoint) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.APIEndpoint))) + i-- + dAtA[i] = 0x3a + i -= len(m.OwnerType) + copy(dAtA[i:], m.OwnerType) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.OwnerType))) + i-- + dAtA[i] = 0x32 + i -= len(m.OwnerID) + copy(dAtA[i:], m.OwnerID) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.OwnerID))) + i-- + dAtA[i] = 0x2a i -= len(m.Provider) copy(dAtA[i:], m.Provider) i = encodeVarintGenerated(dAtA, i, uint64(len(m.Provider))) @@ -1499,6 +1692,21 @@ func encodeVarintGenerated(dAtA []byte, offset int, v uint64) int { dAtA[offset] = uint8(v) return base } +func (m *CAPIClusterInfo) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.Provider) + n += 1 + l + sovGenerated(uint64(l)) + l = len(m.Namespace) + n += 1 + l + sovGenerated(uint64(l)) + l = len(m.ClusterName) + n += 1 + l + sovGenerated(uint64(l)) + return n +} + func (m *CertificatePrivateKey) Size() (n int) { if m == nil { return 0 @@ -1567,6 +1775,29 @@ func (m *CertificateSpec) Size() (n int) { return n } +func (m *ClusterInfo) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.UID) + n += 1 + l + sovGenerated(uint64(l)) + l = len(m.Name) + n += 1 + l + sovGenerated(uint64(l)) + if len(m.ClusterManagers) > 0 { + for _, s := range m.ClusterManagers { + l = len(s) + n += 1 + l + sovGenerated(uint64(l)) + } + } + if m.CAPI != nil { + l = m.CAPI.Size() + n += 1 + l + sovGenerated(uint64(l)) + } + return n +} + func (m *ClusterMetadata) Size() (n int) { if m == nil { return 0 @@ -1581,6 +1812,18 @@ func (m *ClusterMetadata) Size() (n int) { n += 1 + l + sovGenerated(uint64(l)) l = len(m.Provider) n += 1 + l + sovGenerated(uint64(l)) + l = len(m.OwnerID) + n += 1 + l + sovGenerated(uint64(l)) + l = len(m.OwnerType) + n += 1 + l + sovGenerated(uint64(l)) + l = len(m.APIEndpoint) + n += 1 + l + sovGenerated(uint64(l)) + l = len(m.CABundle) + n += 1 + l + sovGenerated(uint64(l)) + l = len(m.ManagerID) + n += 1 + l + sovGenerated(uint64(l)) + l = len(m.HubClusterID) + n += 1 + l + sovGenerated(uint64(l)) return n } @@ -1854,6 +2097,18 @@ func sovGenerated(x uint64) (n int) { func sozGenerated(x uint64) (n int) { return sovGenerated(uint64((x << 1) ^ uint64((int64(x) >> 63)))) } +func (this *CAPIClusterInfo) String() string { + if this == nil { + return "nil" + } + s := strings.Join([]string{`&CAPIClusterInfo{`, + `Provider:` + fmt.Sprintf("%v", this.Provider) + `,`, + `Namespace:` + fmt.Sprintf("%v", this.Namespace) + `,`, + `ClusterName:` + fmt.Sprintf("%v", this.ClusterName) + `,`, + `}`, + }, "") + return s +} func (this *CertificatePrivateKey) String() string { if this == nil { return "nil" @@ -1884,6 +2139,19 @@ func (this *CertificateSpec) String() string { }, "") return s } +func (this *ClusterInfo) String() string { + if this == nil { + return "nil" + } + s := strings.Join([]string{`&ClusterInfo{`, + `UID:` + fmt.Sprintf("%v", this.UID) + `,`, + `Name:` + fmt.Sprintf("%v", this.Name) + `,`, + `ClusterManagers:` + fmt.Sprintf("%v", this.ClusterManagers) + `,`, + `CAPI:` + strings.Replace(this.CAPI.String(), "CAPIClusterInfo", "CAPIClusterInfo", 1) + `,`, + `}`, + }, "") + return s +} func (this *ClusterMetadata) String() string { if this == nil { return "nil" @@ -1893,6 +2161,12 @@ func (this *ClusterMetadata) String() string { `Name:` + fmt.Sprintf("%v", this.Name) + `,`, `DisplayName:` + fmt.Sprintf("%v", this.DisplayName) + `,`, `Provider:` + fmt.Sprintf("%v", this.Provider) + `,`, + `OwnerID:` + fmt.Sprintf("%v", this.OwnerID) + `,`, + `OwnerType:` + fmt.Sprintf("%v", this.OwnerType) + `,`, + `APIEndpoint:` + fmt.Sprintf("%v", this.APIEndpoint) + `,`, + `CABundle:` + fmt.Sprintf("%v", this.CABundle) + `,`, + `ManagerID:` + fmt.Sprintf("%v", this.ManagerID) + `,`, + `HubClusterID:` + fmt.Sprintf("%v", this.HubClusterID) + `,`, `}`, }, "") return s @@ -2089,7 +2363,7 @@ func valueToStringGenerated(v interface{}) string { pv := reflect.Indirect(rv).Interface() return fmt.Sprintf("*%v", pv) } -func (m *CertificatePrivateKey) Unmarshal(dAtA []byte) error { +func (m *CAPIClusterInfo) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -2112,15 +2386,15 @@ func (m *CertificatePrivateKey) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: CertificatePrivateKey: wiretype end group for non-group") + return fmt.Errorf("proto: CAPIClusterInfo: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: CertificatePrivateKey: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: CAPIClusterInfo: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Encoding", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Provider", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -2148,32 +2422,178 @@ func (m *CertificatePrivateKey) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Encoding = PrivateKeyEncoding(dAtA[iNdEx:postIndex]) + m.Provider = CAPIProvider(dAtA[iNdEx:postIndex]) iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipGenerated(dAtA[iNdEx:]) - if err != nil { - return err + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Namespace", wireType) } - if (skippy < 0) || (iNdEx+skippy) < 0 { + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthGenerated } - if (iNdEx + skippy) > l { + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { return io.ErrUnexpectedEOF } - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *CertificateSpec) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 + m.Namespace = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ClusterName", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.ClusterName = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *CertificatePrivateKey) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: CertificatePrivateKey: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: CertificatePrivateKey: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Encoding", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Encoding = PrivateKeyEncoding(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *CertificateSpec) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 for iNdEx < l { preIndex := iNdEx var wire uint64 @@ -2593,6 +3013,188 @@ func (m *CertificateSpec) Unmarshal(dAtA []byte) error { } return nil } +func (m *ClusterInfo) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: ClusterInfo: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: ClusterInfo: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field UID", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.UID = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Name = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ClusterManagers", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.ClusterManagers = append(m.ClusterManagers, string(dAtA[iNdEx:postIndex])) + iNdEx = postIndex + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field CAPI", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.CAPI == nil { + m.CAPI = &CAPIClusterInfo{} + } + if err := m.CAPI.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} func (m *ClusterMetadata) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 @@ -2750,6 +3352,198 @@ func (m *ClusterMetadata) Unmarshal(dAtA []byte) error { } m.Provider = HostingProvider(dAtA[iNdEx:postIndex]) iNdEx = postIndex + case 5: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field OwnerID", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.OwnerID = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 6: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field OwnerType", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.OwnerType = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 7: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field APIEndpoint", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.APIEndpoint = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 8: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field CABundle", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.CABundle = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 9: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ManagerID", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.ManagerID = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 10: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field HubClusterID", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.HubClusterID = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) diff --git a/vendor/kmodules.xyz/client-go/api/v1/generated.proto b/vendor/kmodules.xyz/client-go/api/v1/generated.proto index d8fc1a44..a6b1e76b 100644 --- a/vendor/kmodules.xyz/client-go/api/v1/generated.proto +++ b/vendor/kmodules.xyz/client-go/api/v1/generated.proto @@ -27,6 +27,14 @@ import "k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto"; // Package-wide variables from generator "generated". option go_package = "kmodules.xyz/client-go/api/v1"; +message CAPIClusterInfo { + optional string provider = 1; + + optional string namespace = 2; + + optional string clusterName = 3; +} + // CertificatePrivateKey contains configuration options for private keys // used by the Certificate controller. // This allows control of how private keys are rotated. @@ -63,6 +71,10 @@ message CertificateSpec { optional k8s.io.apimachinery.pkg.apis.meta.v1.Duration duration = 5; // Certificate renew before expiration duration + // + // Deprecated use `ReconfigureTLS` type OpsRequest instead. + // + // +deprecated // +optional optional k8s.io.apimachinery.pkg.apis.meta.v1.Duration renewBefore = 6; @@ -87,6 +99,18 @@ message CertificateSpec { optional CertificatePrivateKey privateKey = 11; } +// ClusterInfo used in ace-installer +message ClusterInfo { + optional string uid = 1; + + optional string name = 2; + + repeated string clusterManagers = 3; + + // +optional + optional CAPIClusterInfo capi = 4; +} + message ClusterMetadata { optional string uid = 1; @@ -95,6 +119,18 @@ message ClusterMetadata { optional string displayName = 3; optional string provider = 4; + + optional string ownerID = 5; + + optional string ownerType = 6; + + optional string apiEndpoint = 7; + + optional string caBundle = 8; + + optional string managerID = 9; + + optional string hubClusterID = 10; } // Condition defines an observation of a object operational state. diff --git a/vendor/kmodules.xyz/client-go/api/v1/zz_generated.deepcopy.go b/vendor/kmodules.xyz/client-go/api/v1/zz_generated.deepcopy.go index 9e333095..dcf3b711 100644 --- a/vendor/kmodules.xyz/client-go/api/v1/zz_generated.deepcopy.go +++ b/vendor/kmodules.xyz/client-go/api/v1/zz_generated.deepcopy.go @@ -119,6 +119,54 @@ func (in *CertificateSpec) DeepCopy() *CertificateSpec { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterClaimFeatures) DeepCopyInto(out *ClusterClaimFeatures) { + *out = *in + if in.EnabledFeatures != nil { + in, out := &in.EnabledFeatures, &out.EnabledFeatures + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.ExternallyManagedFeatures != nil { + in, out := &in.ExternallyManagedFeatures, &out.ExternallyManagedFeatures + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.DisabledFeatures != nil { + in, out := &in.DisabledFeatures, &out.DisabledFeatures + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterClaimFeatures. +func (in *ClusterClaimFeatures) DeepCopy() *ClusterClaimFeatures { + if in == nil { + return nil + } + out := new(ClusterClaimFeatures) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterClaimInfo) DeepCopyInto(out *ClusterClaimInfo) { + *out = *in + in.ClusterMetadata.DeepCopyInto(&out.ClusterMetadata) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterClaimInfo. +func (in *ClusterClaimInfo) DeepCopy() *ClusterClaimInfo { + if in == nil { + return nil + } + out := new(ClusterClaimInfo) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ClusterInfo) DeepCopyInto(out *ClusterInfo) { *out = *in @@ -127,7 +175,11 @@ func (in *ClusterInfo) DeepCopyInto(out *ClusterInfo) { *out = make([]string, len(*in)) copy(*out, *in) } - out.CAPI = in.CAPI + if in.CAPI != nil { + in, out := &in.CAPI, &out.CAPI + *out = new(CAPIClusterInfo) + **out = **in + } return } diff --git a/vendor/kmodules.xyz/client-go/client/client.go b/vendor/kmodules.xyz/client-go/client/client.go index e24b7b4c..29532bb3 100644 --- a/vendor/kmodules.xyz/client-go/client/client.go +++ b/vendor/kmodules.xyz/client-go/client/client.go @@ -21,6 +21,8 @@ import ( "reflect" "strings" + "kmodules.xyz/client-go/meta" + "github.com/pkg/errors" kerr "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" @@ -65,10 +67,11 @@ func NewUncachedClient(cfg *rest.Config, funcs ...func(*runtime.Scheme) error) ( type ( TransformFunc func(obj client.Object, createOp bool) client.Object + TransformFuncE func(obj client.Object, createOp bool) (client.Object, error) TransformStatusFunc func(obj client.Object) client.Object ) -func CreateOrPatch(ctx context.Context, c client.Client, obj client.Object, transform TransformFunc, opts ...client.PatchOption) (kutil.VerbType, error) { +func CreateOrPatchE(ctx context.Context, c client.Client, obj client.Object, transform TransformFuncE, opts ...client.PatchOption) (kutil.VerbType, error) { gvk, err := apiutil.GVKForObject(obj, c.Scheme()) if err != nil { return kutil.VerbUnchanged, errors.Wrapf(err, "failed to get GVK for object %T", obj) @@ -89,8 +92,11 @@ func CreateOrPatch(ctx context.Context, c client.Client, obj client.Object, tran createOpts = append(createOpts, opt) } } - mod := transform(obj.DeepCopyObject().(client.Object), true) - err := c.Create(ctx, mod, createOpts...) + mod, err := transform(obj.DeepCopyObject().(client.Object), true) + if err != nil { + return kutil.VerbUnchanged, err + } + err = c.Create(ctx, mod, createOpts...) if err != nil { return kutil.VerbUnchanged, err } @@ -109,14 +115,35 @@ func CreateOrPatch(ctx context.Context, c client.Client, obj client.Object, tran } else { patch = client.MergeFrom(cur) } - mod := transform(cur.DeepCopyObject().(client.Object), false) + mod, err := transform(cur.DeepCopyObject().(client.Object), false) + if err != nil { + return kutil.VerbUnchanged, err + } err = c.Patch(ctx, mod, patch, opts...) if err != nil { return kutil.VerbUnchanged, err } + vt := kutil.VerbUnchanged + if mod.GetGeneration() > 0 { + if cur.GetGeneration() != mod.GetGeneration() { + vt = kutil.VerbPatched + } + } else { + // Secret, ServiceAccount etc resources do not use metadata.generation + if meta.ObjectHash(cur) != meta.ObjectHash(mod) { + vt = kutil.VerbPatched + } + } assign(obj, mod) - return kutil.VerbPatched, nil + return vt, nil +} + +func CreateOrPatch(ctx context.Context, c client.Client, obj client.Object, transform TransformFunc, opts ...client.PatchOption) (kutil.VerbType, error) { + return CreateOrPatchE(ctx, c, obj, func(obj client.Object, createOp bool) (client.Object, error) { + transform(obj, createOp) + return obj, nil + }, opts...) } func assign(target, src any) { diff --git a/vendor/kmodules.xyz/client-go/client/delegated.go b/vendor/kmodules.xyz/client-go/client/delegated.go index fd36791a..6a4c4eca 100644 --- a/vendor/kmodules.xyz/client-go/client/delegated.go +++ b/vendor/kmodules.xyz/client-go/client/delegated.go @@ -18,6 +18,7 @@ package client import ( "context" + "net/http" "strings" apiutil2 "kmodules.xyz/client-go/client/apiutil" @@ -26,7 +27,9 @@ import ( "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/schema" + "k8s.io/apiserver/pkg/authentication/user" restclient "k8s.io/client-go/rest" + "k8s.io/client-go/transport" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/client/apiutil" ) @@ -36,6 +39,9 @@ import ( // NewDelegatingClientInput encapsulates the input parameters to create a new delegating client. type NewDelegatingClientInput struct { + config *restclient.Config + options client.Options + CacheReader client.Reader Client client.Client UncachedObjects []client.Object @@ -58,9 +64,11 @@ func NewDelegatingClient(in NewDelegatingClientInput) (client.Client, error) { uncachedGVKs[gvk] = struct{}{} } - return &delegatingClient{ - scheme: in.Client.Scheme(), - mapper: in.Client.RESTMapper(), + return &DelegatingClient{ + config: in.config, + options: in.options, + scheme: in.Client.Scheme(), + mapper: in.Client.RESTMapper(), Reader: &delegatingReader{ CacheReader: in.CacheReader, ClientReader: in.Client, @@ -75,7 +83,7 @@ func NewDelegatingClient(in NewDelegatingClientInput) (client.Client, error) { }, nil } -type delegatingClient struct { +type DelegatingClient struct { client.Reader client.Writer client.StatusClient @@ -83,25 +91,57 @@ type delegatingClient struct { scheme *runtime.Scheme mapper meta.RESTMapper + + config *restclient.Config + options client.Options +} + +func (d *DelegatingClient) RestConfig() *restclient.Config { + return d.config +} + +func (d *DelegatingClient) Impersonate(u user.Info) (*restclient.Config, client.Client, error) { + config := restclient.CopyConfig(d.config) + config.Impersonate = restclient.ImpersonationConfig{ + UserName: u.GetName(), + UID: u.GetUID(), + Groups: u.GetGroups(), + Extra: u.GetExtra(), + } + + // share the transport between all clients + optionsShallowCopy := d.options + if d.options.HTTPClient != nil { + optionsShallowCopy.HTTPClient = &http.Client{ + Transport: transport.NewImpersonatingRoundTripper(transport.ImpersonationConfig{ + UserName: u.GetName(), + UID: u.GetUID(), + Groups: u.GetGroups(), + Extra: u.GetExtra(), + }, d.options.HTTPClient.Transport), + } + } + cc, err := NewClient(config, optionsShallowCopy) + return config, cc, err } // GroupVersionKindFor returns the GroupVersionKind for the given object. -func (d *delegatingClient) GroupVersionKindFor(obj runtime.Object) (schema.GroupVersionKind, error) { +func (d *DelegatingClient) GroupVersionKindFor(obj runtime.Object) (schema.GroupVersionKind, error) { return apiutil.GVKForObject(obj, d.scheme) } // IsObjectNamespaced returns true if the GroupVersionKind of the object is namespaced. -func (d *delegatingClient) IsObjectNamespaced(obj runtime.Object) (bool, error) { +func (d *DelegatingClient) IsObjectNamespaced(obj runtime.Object) (bool, error) { return apiutil.IsObjectNamespaced(obj, d.scheme, d.mapper) } // Scheme returns the scheme this client is using. -func (d *delegatingClient) Scheme() *runtime.Scheme { +func (d *DelegatingClient) Scheme() *runtime.Scheme { return d.scheme } // RESTMapper returns the rest mapper this client is using. -func (d *delegatingClient) RESTMapper() meta.RESTMapper { +func (d *DelegatingClient) RESTMapper() meta.RESTMapper { return d.mapper } @@ -167,7 +207,7 @@ func (d *delegatingReader) List(ctx context.Context, list client.ObjectList, opt return d.CacheReader.List(ctx, list, opts...) } -func (d *delegatingClient) SubResource(subResource string) client.SubResourceClient { +func (d *DelegatingClient) SubResource(subResource string) client.SubResourceClient { return d.SubResourceClientConstructor.SubResource(subResource) } @@ -181,6 +221,8 @@ func NewClient(config *restclient.Config, options client.Options) (client.Client return nil, err } co := NewDelegatingClientInput{ + config: config, + options: options, Client: c, Cachable: cachable, } diff --git a/vendor/kmodules.xyz/client-go/meta/hash.go b/vendor/kmodules.xyz/client-go/meta/hash.go index 6fc87ae3..0e7778f4 100644 --- a/vendor/kmodules.xyz/client-go/meta/hash.go +++ b/vendor/kmodules.xyz/client-go/meta/hash.go @@ -33,7 +33,11 @@ func ResourceHash(obj metav1.Object) string { h := xxh3.New() _, _ = h.WriteString(string(obj.GetUID())) _, _ = h.WriteString(",") - _, _ = h.WriteString(strconv.FormatInt(obj.GetGeneration(), 10)) + if obj.GetGeneration() > 0 { + _, _ = h.WriteString(strconv.FormatInt(obj.GetGeneration(), 10)) + } else { + _, _ = h.WriteString(ObjectHash(obj)) + } return strconv.FormatUint(h.Sum64(), 10) } @@ -57,11 +61,20 @@ func ObjectHash(in metav1.Object) string { obj["annotations"] = data } - st := structs.New(in) - for _, field := range st.Fields() { - fieldName := field.Name() - if fieldName != "ObjectMeta" && fieldName != "TypeMeta" && fieldName != "Status" { - obj[fieldName] = field.Value() + u, isUnstructured := in.(*unstructured.Unstructured) + if isUnstructured { + for fieldName, v := range u.UnstructuredContent() { + if fieldName != "metadata" && fieldName != "apiVersion" && fieldName != "kind" && fieldName != "status" { + obj[fieldName] = v + } + } + } else { + st := structs.New(in) + for _, field := range st.Fields() { + fieldName := field.Name() + if fieldName != "ObjectMeta" && fieldName != "TypeMeta" && fieldName != "Status" { + obj[fieldName] = field.Value() + } } } diff --git a/vendor/kubestash.dev/apimachinery/apis/constant.go b/vendor/kubestash.dev/apimachinery/apis/constant.go index 5d59e8b7..1030dabe 100644 --- a/vendor/kubestash.dev/apimachinery/apis/constant.go +++ b/vendor/kubestash.dev/apimachinery/apis/constant.go @@ -51,16 +51,18 @@ const ( PrefixRetentionPolicy = "retentionpolicy" PrefixPopulate = "populate" PrefixPrime = "prime" + PrefixTriggerVerifier = "trigger-verifier" ) const ( - KubeStashBackupComponent = "kubestash-backup" - KubeStashRestoreComponent = "kubestash-restore" - KubeStashInitializerComponent = "kubestash-initializer" - KubeStashUploaderComponent = "kubestash-uploader" - KubeStashCleanerComponent = "kubestash-cleaner" - KubeStashHookComponent = "kubestash-hook" - KubeStashPopulatorComponent = "kubestash-populator" + KubeStashBackupComponent = "kubestash-backup" + KubeStashRestoreComponent = "kubestash-restore" + KubeStashInitializerComponent = "kubestash-initializer" + KubeStashUploaderComponent = "kubestash-uploader" + KubeStashCleanerComponent = "kubestash-cleaner" + KubeStashHookComponent = "kubestash-hook" + KubeStashPopulatorComponent = "kubestash-populator" + KubeStashBackupVerifierComponent = "kubestash-backup-verifier" ) // Keys for offshoot labels @@ -107,6 +109,7 @@ const ( KubeStashStorageInitializerClusterRole = "kubestash-storage-initializer-job" KubeStashPopulatorJobClusterRole = "kubestash-populator-job" KubeStashRetentionPolicyJobClusterRole = "kubestash-retention-policy-job" + KubeStashBackupVerifierJobClusterRole = "kubestash-backup-verifier-job" ) // Reconciliation related @@ -140,6 +143,7 @@ const ( ComponentManifest = "manifest" ComponentVolumeSnapshot = "volumesnapshot" ComponentDashboard = "dashboard" + ComponentPhysical = "physical" ) const ( diff --git a/vendor/kubestash.dev/apimachinery/apis/core/v1alpha1/backupconfiguration_types.go b/vendor/kubestash.dev/apimachinery/apis/core/v1alpha1/backupconfiguration_types.go index 5a34cb25..44213219 100644 --- a/vendor/kubestash.dev/apimachinery/apis/core/v1alpha1/backupconfiguration_types.go +++ b/vendor/kubestash.dev/apimachinery/apis/core/v1alpha1/backupconfiguration_types.go @@ -21,7 +21,6 @@ import ( batchv1 "k8s.io/api/batch/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" kmapi "kmodules.xyz/client-go/api/v1" ofst "kmodules.xyz/offshoot-api/api/v1" ) @@ -113,10 +112,6 @@ type SessionConfig struct { // Scheduler specifies the configuration for backup triggering CronJob Scheduler *SchedulerSpec `json:"scheduler,omitempty"` - // VerificationStrategies specifies a list of backup verification configurations - // +optional - // VerificationStrategies []VerificationStrategy `json:"verificationStrategies,omitempty"` - // Hooks specifies the backup hooks that should be executed before and/or after the backup. // +optional Hooks *BackupHooks `json:"hooks,omitempty"` @@ -276,6 +271,10 @@ type RepositoryInfo struct { // +optional Backend string `json:"backend,omitempty"` + // BackupVerifier specifies the name of the BackupVerifier which will be used to verify the backed up data in this repository. + // +optional + BackupVerifier *kmapi.ObjectReference `json:"backupVerifier,omitempty"` + // Directory specifies the path inside the backend where the backed up data will be stored. Directory string `json:"directory,omitempty"` @@ -289,35 +288,6 @@ type RepositoryInfo struct { DeletionPolicy v1alpha1.DeletionPolicy `json:"deletionPolicy,omitempty"` } -// VerificationStrategy specifies a strategy to verify the backed up data. -type VerificationStrategy struct { - // Name indicate the name of this strategy - Name string `json:"name,omitempty"` - - // Repository specifies the name of the repository which data will be verified - Repository string `json:"repository,omitempty"` - - // Verifier refers to the BackupVerification CR that defines how to verify this particular data - Verifier *kmapi.TypedObjectReference `json:"verifier,omitempty"` - - // Params specifies the parameters that will be used by the verifier - // +kubebuilder:pruning:PreserveUnknownFields - // +optional - Params *runtime.RawExtension `json:"params,omitempty"` - - // VerifyEvery specifies the frequency of backup verification - // +kubebuilder:validation:Minimum=1 - VerifyEvery int32 `json:"verifyEvery,omitempty"` - - // OnFailure specifies what to do if the verification fail. - // +optional - OnFailure FailurePolicy `json:"onFailure,omitempty"` - - // RetryConfig specifies the behavior of the retry mechanism in case of a verification failure - // +optional - RetryConfig *RetryConfig `json:"retryConfig,omitempty"` -} - // BackupHooks specifies the hooks that will be executed before and/or after backup type BackupHooks struct { // PreBackup specifies a list of hooks that will be executed before backup @@ -432,6 +402,10 @@ type RepoStatus struct { // Reason specifies the error messages found while ensuring the respective Repository // +optional Reason string `json:"reason,omitempty"` + + // VerificationConfigured indicates whether the verification for this repository is configured or not + // +optional + VerificationConfigured bool `json:"verificationConfigured,omitempty"` } // SessionStatus specifies the status of a session specific fields. diff --git a/vendor/kubestash.dev/apimachinery/apis/core/v1alpha1/backupconfiguration_webhook.go b/vendor/kubestash.dev/apimachinery/apis/core/v1alpha1/backupconfiguration_webhook.go index 14b2429b..23a5f7a8 100644 --- a/vendor/kubestash.dev/apimachinery/apis/core/v1alpha1/backupconfiguration_webhook.go +++ b/vendor/kubestash.dev/apimachinery/apis/core/v1alpha1/backupconfiguration_webhook.go @@ -31,7 +31,6 @@ import ( logf "sigs.k8s.io/controller-runtime/pkg/log" "sigs.k8s.io/controller-runtime/pkg/webhook" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" - "sync" ) // log is for logging in this package. @@ -204,11 +203,6 @@ func (b *BackupConfiguration) ValidateCreate() (admission.Warnings, error) { return nil, b.validateHookTemplatesAgainstUsagePolicy(context.Background(), c) } -var ( - rc client.Client - once sync.Once -) - func (b *BackupConfiguration) validateBackends() error { if len(b.Spec.Backends) == 0 { return fmt.Errorf("backend can not be empty") diff --git a/vendor/kubestash.dev/apimachinery/apis/core/v1alpha1/backupsession_helpers.go b/vendor/kubestash.dev/apimachinery/apis/core/v1alpha1/backupsession_helpers.go index 820b6de2..3f7a0cdb 100644 --- a/vendor/kubestash.dev/apimachinery/apis/core/v1alpha1/backupsession_helpers.go +++ b/vendor/kubestash.dev/apimachinery/apis/core/v1alpha1/backupsession_helpers.go @@ -63,7 +63,6 @@ func (b *BackupSession) CalculatePhase() BackupSessionPhase { b.failedToExecutePreBackupHooks() || b.failedToExecutePostBackupHooks() || b.failedToApplyRetentionPolicy() || - b.verificationsFailed() || b.sessionHistoryCleanupFailed() || b.snapshotCleanupIncomplete()) { return BackupSessionFailed @@ -115,16 +114,6 @@ func (b *BackupSession) failedToApplyRetentionPolicy() bool { return false } -func (b *BackupSession) verificationsFailed() bool { - for _, v := range b.Status.Verifications { - if v.Phase == VerificationFailed { - return true - } - } - - return false -} - func (b *BackupSession) calculateBackupSessionPhaseFromSnapshots() BackupSessionPhase { status := b.Status.Snapshots if len(status) == 0 { diff --git a/vendor/kubestash.dev/apimachinery/apis/core/v1alpha1/backupsession_types.go b/vendor/kubestash.dev/apimachinery/apis/core/v1alpha1/backupsession_types.go index 38c1f5f5..f01b7760 100644 --- a/vendor/kubestash.dev/apimachinery/apis/core/v1alpha1/backupsession_types.go +++ b/vendor/kubestash.dev/apimachinery/apis/core/v1alpha1/backupsession_types.go @@ -97,10 +97,6 @@ type BackupSessionStatus struct { // +optional Hooks HookStatus `json:"hooks,omitempty"` - // Verifications specifies the backup verification status - // +optional - Verifications []VerificationStatus `json:"verifications,omitempty"` - // RetentionPolices specifies whether the retention policies were properly applied on the repositories or not // +optional RetentionPolicies []RetentionPolicyApplyStatus `json:"retentionPolicy,omitempty"` @@ -148,26 +144,6 @@ type SnapshotStatus struct { Repository string `json:"repository,omitempty"` } -// VerificationStatus specifies the status of a backup verification -type VerificationStatus struct { - // Name indicates the name of the respective verification strategy - Name string `json:"name,omitempty"` - - // Phase represents the state of the verification process - // +optional - Phase BackupVerificationPhase `json:"phase,omitempty"` -} - -// BackupVerificationPhase represents the state of the backup verification process -// +kubebuilder:validation:Enum=Verified;NotVerified;VerificationFailed -type BackupVerificationPhase string - -const ( - Verified BackupVerificationPhase = "Verified" - NotVerified BackupVerificationPhase = "NotVerified" - VerificationFailed BackupVerificationPhase = "VerificationFailed" -) - // RetentionPolicyApplyStatus represents the state of the applying retention policy type RetentionPolicyApplyStatus struct { // Ref points to the RetentionPolicy CR that is being used to cleanup the old Snapshots for this session. diff --git a/vendor/kubestash.dev/apimachinery/apis/core/v1alpha1/backupverificationsession_helpers.go b/vendor/kubestash.dev/apimachinery/apis/core/v1alpha1/backupverificationsession_helpers.go new file mode 100644 index 00000000..dcec7c07 --- /dev/null +++ b/vendor/kubestash.dev/apimachinery/apis/core/v1alpha1/backupverificationsession_helpers.go @@ -0,0 +1,115 @@ +/* +Copyright AppsCode Inc. and Contributors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1alpha1 + +import ( + "fmt" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + kmapi "kmodules.xyz/client-go/api/v1" + cutil "kmodules.xyz/client-go/conditions" + "kmodules.xyz/client-go/meta" + "kubestash.dev/apimachinery/apis" + "kubestash.dev/apimachinery/crds" + "time" + + "kmodules.xyz/client-go/apiextensions" + meta_util "kmodules.xyz/client-go/meta" +) + +func (_ BackupVerificationSession) CustomResourceDefinition() *apiextensions.CustomResourceDefinition { + return crds.MustCustomResourceDefinition(GroupVersion.WithResource(ResourcePluralBackupVerificationSession)) +} + +func (b *BackupVerificationSession) IsCompleted() bool { + phase := b.Status.Phase + + return phase == BackupVerificationSessionSucceeded || + phase == BackupVerificationSessionFailed || + phase == BackupVerificationSessionSkipped +} + +func (b *BackupVerificationSession) CalculatePhase() BackupVerificationSessionPhase { + if cutil.IsConditionFalse(b.Status.Conditions, TypeVerificationSessionHistoryCleaned) { + return BackupVerificationSessionFailed + } + + if cutil.IsConditionTrue(b.Status.Conditions, TypeBackupVerificationSkipped) { + return BackupVerificationSessionSkipped + } + + if b.sessionHistoryCleanupSucceeded() && + (b.failedToRestoreBackup() || + b.failedToVerifyBackup()) { + return BackupVerificationSessionFailed + } + + if cutil.IsConditionTrue(b.Status.Conditions, TypeVerificationSessionHistoryCleaned) { + return BackupVerificationSessionSucceeded + } + + return BackupVerificationSessionRunning +} + +func (b *BackupVerificationSession) sessionHistoryCleanupFailed() bool { + return cutil.IsConditionFalse(b.Status.Conditions, TypeVerificationSessionHistoryCleaned) +} + +func (b *BackupVerificationSession) sessionHistoryCleanupSucceeded() bool { + return cutil.IsConditionTrue(b.Status.Conditions, TypeVerificationSessionHistoryCleaned) +} + +func (b *BackupVerificationSession) failedToRestoreBackup() bool { + return cutil.IsConditionFalse(b.Status.Conditions, TypeRestoreSucceeded) +} + +func (b *BackupVerificationSession) failedToVerifyBackup() bool { + return cutil.IsConditionFalse(b.Status.Conditions, TypeBackupVerified) +} + +func GenerateBackupVerificationSessionName(repoName, sessionName string) string { + return meta.ValidNameWithPrefixNSuffix(repoName, sessionName, fmt.Sprintf("%d", time.Now().Unix())) +} + +func (b *BackupVerificationSession) OffshootLabels() map[string]string { + newLabels := make(map[string]string) + newLabels[meta_util.ManagedByLabelKey] = apis.KubeStashKey + newLabels[apis.KubeStashInvokerName] = b.Name + newLabels[apis.KubeStashInvokerNamespace] = b.Namespace + newLabels[apis.KubeStashSessionName] = b.Spec.Session + newLabels[apis.KubeStashRepoName] = b.Spec.Repository + + return apis.UpsertLabels(b.Labels, newLabels) +} + +func (b *BackupVerificationSession) SetBackupVerifiedConditionToFalse(err error) { + newCond := kmapi.Condition{ + Type: TypeBackupVerified, + Status: metav1.ConditionFalse, + Reason: ReasonFailedToVerifyBackup, + Message: fmt.Sprintf("Failed to verify backup. Reason: %q", err.Error()), + } + b.Status.Conditions = cutil.SetCondition(b.Status.Conditions, newCond) +} + +func (b *BackupVerificationSession) SetBackupVerifiedConditionToTrue() { + newCond := kmapi.Condition{ + Type: TypeBackupVerified, + Status: metav1.ConditionTrue, + Reason: ReasonSuccessfullyVerifiedBackup, + } + b.Status.Conditions = cutil.SetCondition(b.Status.Conditions, newCond) +} diff --git a/vendor/kubestash.dev/apimachinery/apis/core/v1alpha1/backupverificationsession_types.go b/vendor/kubestash.dev/apimachinery/apis/core/v1alpha1/backupverificationsession_types.go new file mode 100644 index 00000000..0ce06f9f --- /dev/null +++ b/vendor/kubestash.dev/apimachinery/apis/core/v1alpha1/backupverificationsession_types.go @@ -0,0 +1,141 @@ +/* +Copyright AppsCode Inc. and Contributors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1alpha1 + +import ( + core "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + kmapi "kmodules.xyz/client-go/api/v1" +) + +const ( + ResourceKindBackupVerificationSession = "BackupVerificationSession" + ResourceSingularBackupVerificationSession = "backupverificationsession" + ResourcePluralBackupVerificationSession = "backupverificationsessions" +) + +// +k8s:openapi-gen=true +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status +// +kubebuilder:resource:path=backupverificationsession,singular=backupverificationsession,categories={kubestash,appscode,all} +// +kubebuilder:printcolumn:name="Phase",type="string",JSONPath=".status.phase" +// +kubebuilder:printcolumn:name="Duration",type="string",JSONPath=".status.duration" +// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp" + +// BackupVerificationSession represent one backup verification run for the target(s) pointed by the +// respective BackupConfiguration or BackupBatch +type BackupVerificationSession struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec BackupVerificationSessionSpec `json:"spec,omitempty"` + Status BackupVerificationSessionStatus `json:"status,omitempty"` +} + +// BackupVerificationSessionSpec specifies the information related to the respective backup verifier, session, repository and snapshot. +type BackupVerificationSessionSpec struct { + // Invoker points to the respective BackupConfiguration or BackupBatch + // which is responsible for triggering this backup verification. + Invoker *core.TypedLocalObjectReference `json:"invoker,omitempty"` + + // Session specifies the name of the session that triggered this backup verification + Session string `json:"session,omitempty"` + + // Repository specifies the name of the repository whose backed-up data will be verified + Repository string `json:"repository,omitempty"` + + // Snapshot specifies the name of the snapshot that will be verified + Snapshot string `json:"snapshot,omitempty"` + + // RetryLeft specifies number of retry attempts left for the backup verification session. + // If this set to non-zero, KubeStash will create a new BackupVerificationSession if the current one fails. + // +optional + RetryLeft int32 `json:"retryLeft,omitempty"` +} + +// BackupVerificationSessionStatus defines the observed state of BackupVerificationSession +type BackupVerificationSessionStatus struct { + // Phase represents the current state of the backup verification process. + // +optional + Phase BackupVerificationSessionPhase `json:"phase,omitempty"` + + // Duration specifies the time required to complete the backup verification process + // +optional + Duration string `json:"duration,omitempty"` + + // Retried specifies whether this session was retried or not. + // This field will exist only if the `retryConfig` has been set in the respective backup verification strategy. + // +optional + Retried *bool `json:"retried,omitempty"` + + // Conditions represents list of conditions regarding this BackupSession + // +optional + Conditions []kmapi.Condition `json:"conditions,omitempty"` +} + +// BackupVerificationSessionPhase specifies the current state of the backup verification process +// +kubebuilder:validation:Enum=Running;Succeeded;Failed;Skipped +type BackupVerificationSessionPhase string + +const ( + BackupVerificationSessionRunning BackupVerificationSessionPhase = "Running" + BackupVerificationSessionSucceeded BackupVerificationSessionPhase = "Succeeded" + BackupVerificationSessionFailed BackupVerificationSessionPhase = "Failed" + BackupVerificationSessionSkipped BackupVerificationSessionPhase = "Skipped" +) + +// ============================ Conditions ======================== + +const ( + // TypeBackupVerificationSkipped indicates that the current session was skipped + TypeBackupVerificationSkipped = "BackupVerificationSkipped" + // ReasonSkippedVerifyingNewBackup indicates that the backup verification was skipped because the snapshot has already been verified + ReasonSkippedVerifyingNewBackup = "SnapshotAlreadyVerified" + + // TypeVerificationSessionHistoryCleaned indicates whether the backup history was cleaned or not according to sessionHistoryLimit + TypeVerificationSessionHistoryCleaned = "VerificationSessionHistoryCleaned" + ReasonSuccessfullyCleanedVerificationSessionHistory = "SuccessfullyCleanedVerificationSessionHistory" + ReasonFailedToCleanVerificationSessionHistory = "FailedToCleanVerificationSessionHistory" + + // TypeVerificationExecutorEnsured indicates whether the backup verification executor is ensured or not. + TypeVerificationExecutorEnsured = "VerificationExecutorEnsured" + ReasonSuccessfullyEnsuredVerificationExecutor = "SuccessfullyEnsuredVerificationExecutor" + ReasonFailedToEnsureVerificationExecutor = "FailedToEnsureVerificationExecutor" + + // TypeRestoreSucceeded indicates whether the restore is succeeded or not. + TypeRestoreSucceeded = "RestoreSucceeded" + ReasonSuccessfullyRestoredBackup = "SuccessfullyRestoredBackup" + ReasonFailedToRestoreBackup = "FailedToRestoreBackup" + + // TypeBackupVerified indicates whether backup is verified or not + TypeBackupVerified = "BackupVerified" + ReasonSuccessfullyVerifiedBackup = "SuccessfullyVerifiedBackup" + ReasonFailedToVerifyBackup = "FailedToVerifyBackup" +) + +//+kubebuilder:object:root=true + +// BackupVerificationSessionList contains a list of BackupVerificationSession +type BackupVerificationSessionList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []BackupVerificationSession `json:"items"` +} + +func init() { + SchemeBuilder.Register(&BackupVerificationSession{}, &BackupVerificationSessionList{}) +} diff --git a/vendor/kubestash.dev/apimachinery/apis/core/v1alpha1/backupverificationsession_webhook.go b/vendor/kubestash.dev/apimachinery/apis/core/v1alpha1/backupverificationsession_webhook.go new file mode 100644 index 00000000..6111c980 --- /dev/null +++ b/vendor/kubestash.dev/apimachinery/apis/core/v1alpha1/backupverificationsession_webhook.go @@ -0,0 +1,71 @@ +/* +Copyright AppsCode Inc. and Contributors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1alpha1 + +import ( + "fmt" + "k8s.io/apimachinery/pkg/runtime" + "reflect" + ctrl "sigs.k8s.io/controller-runtime" + logf "sigs.k8s.io/controller-runtime/pkg/log" + "sigs.k8s.io/controller-runtime/pkg/webhook" + "sigs.k8s.io/controller-runtime/pkg/webhook/admission" +) + +// log is for logging in this package. +var backupverificationsessionlog = logf.Log.WithName("backupverificationsession-resource") + +func (r *BackupVerificationSession) SetupWebhookWithManager(mgr ctrl.Manager) error { + return ctrl.NewWebhookManagedBy(mgr). + For(r). + Complete() +} + +// TODO(user): EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN! + +// TODO(user): change verbs to "verbs=create;update;delete" if you want to enable deletion validation. +//+kubebuilder:webhook:path=/validate-core-kubestash-com-v1alpha1-backupverificationsession,mutating=false,failurePolicy=fail,sideEffects=None,groups=core.kubestash.com,resources=backupverificationsessions,verbs=create;update,versions=v1alpha1,name=vbackupverificationsession.kb.io,admissionReviewVersions=v1 + +var _ webhook.Validator = &BackupVerificationSession{} + +// ValidateCreate implements webhook.Validator so a webhook will be registered for the type +func (r *BackupVerificationSession) ValidateCreate() (admission.Warnings, error) { + backupverificationsessionlog.Info("validate create", "name", r.Name) + + // TODO(user): fill in your validation logic upon object creation. + return nil, nil +} + +// ValidateUpdate implements webhook.Validator so a webhook will be registered for the type +func (r *BackupVerificationSession) ValidateUpdate(old runtime.Object) (admission.Warnings, error) { + backupverificationsessionlog.Info("validate update", "name", r.Name) + + oldBVS := old.(*BackupVerificationSession) + if !reflect.DeepEqual(oldBVS.Spec, r.Spec) { + return nil, fmt.Errorf("spec can not be updated") + } + + return nil, nil +} + +// ValidateDelete implements webhook.Validator so a webhook will be registered for the type +func (r *BackupVerificationSession) ValidateDelete() (admission.Warnings, error) { + backupverificationsessionlog.Info("validate delete", "name", r.Name) + + // TODO(user): fill in your validation logic upon object deletion. + return nil, nil +} diff --git a/vendor/kubestash.dev/apimachinery/apis/core/v1alpha1/backupverifier_helpers.go b/vendor/kubestash.dev/apimachinery/apis/core/v1alpha1/backupverifier_helpers.go new file mode 100644 index 00000000..9a3b9e76 --- /dev/null +++ b/vendor/kubestash.dev/apimachinery/apis/core/v1alpha1/backupverifier_helpers.go @@ -0,0 +1,26 @@ +/* +Copyright AppsCode Inc. and Contributors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1alpha1 + +import ( + "kmodules.xyz/client-go/apiextensions" + "kubestash.dev/apimachinery/crds" +) + +func (_ BackupVerifier) CustomResourceDefinition() *apiextensions.CustomResourceDefinition { + return crds.MustCustomResourceDefinition(GroupVersion.WithResource(ResourcePluralBackupVerifier)) +} diff --git a/vendor/kubestash.dev/apimachinery/apis/core/v1alpha1/backupverifier_types.go b/vendor/kubestash.dev/apimachinery/apis/core/v1alpha1/backupverifier_types.go new file mode 100644 index 00000000..00db122d --- /dev/null +++ b/vendor/kubestash.dev/apimachinery/apis/core/v1alpha1/backupverifier_types.go @@ -0,0 +1,136 @@ +/* +Copyright AppsCode Inc. and Contributors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1alpha1 + +import ( + core "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + kmapi "kmodules.xyz/client-go/api/v1" + ofst "kmodules.xyz/offshoot-api/api/v1" +) + +const ( + ResourceKindBackupVerifier = "BackupVerifier" + ResourceSingularBackupVerier = "backupverifier" + ResourcePluralBackupVerifier = "backupverificatiers" +) + +// +k8s:openapi-gen=true +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=backupverifier,singular=backupverifier,categories={kubestash,appscode,all} +// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp" + +// BackupVerifier represents backup verification configurations +type BackupVerifier struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec BackupVerifierSpec `json:"spec,omitempty"` +} + +// BackupVerifierSpec specifies the information related to the respective restore target, verification schedule, and verification type. +type BackupVerifierSpec struct { + // RestoreOption specifies the restore target, and addonInfo for backup verification + // +optional + RestoreOption *RestoreOption `json:"restoreOption,omitempty"` + + // Scheduler specifies the configuration for verification triggering CronJob + Scheduler *SchedulerSpec `json:"scheduler,omitempty"` + + // Function specifies the name of a Function CR that defines a container definition + // which will execute the verification logic for a particular application. + Function string `json:"function,omitempty"` + + // Volumes indicates the list of volumes that should be mounted on the verification job. + Volumes []ofst.Volume `json:"volumes,omitempty"` + + // VolumeMounts specifies the mount for the volumes specified in `Volumes` section + VolumeMounts []core.VolumeMount `json:"volumeMounts,omitempty"` + + // Type indicates the type of verifier that will verify the backup. + // Valid values are: + // - "RestoreOnly": KubeStash will create a RestoreSession with the tasks provided in BackupVerifier. + // - "Query": KubeStash operator will restore data and then create a job to run the queries. + // - "Script": KubeStash operator will restore data and then create a job to run the script. + Type VerificationType `json:"type,omitempty"` + + // Query specifies the queries to be run to verify backup. + // +kubebuilder:pruning:PreserveUnknownFields + // +optional + Query *runtime.RawExtension `json:"query,omitempty"` + + // Script specifies the script to be run to verify backup. + // +optional + Script *ScriptVerifierSpec `json:"script,omitempty"` + + // RetryConfig specifies the behavior of the retry mechanism in case of a verification failure. + // +optional + RetryConfig *RetryConfig `json:"retryConfig,omitempty"` + + // SessionHistoryLimit specifies how many BackupVerificationSessions and associate resources KubeStash should keep for debugging purpose. + // The default value is 1. + // +kubebuilder:default=1 + // +optional + SessionHistoryLimit int32 `json:"sessionHistoryLimit,omitempty"` + + // RuntimeSettings allow to specify Resources, NodeSelector, Affinity, Toleration, ReadinessProbe etc. + // for the verification job. + // +optional + RuntimeSettings ofst.RuntimeSettings `json:"runtimeSettings,omitempty"` +} + +type RestoreOption struct { + // Target indicates the target application where the data will be restored + // +optional + Target *kmapi.TypedObjectReference `json:"target,omitempty"` + + // AddonInfo specifies addon configuration that will be used to restore this target. + AddonInfo *AddonInfo `json:"addonInfo,omitempty"` +} + +// VerificationType specifies the type of verifier that will verify the backup +// +kubebuilder:validation:Enum=RestoreOnly;Query;Script +type VerificationType string + +const ( + RestoreOnlyVerificationType VerificationType = "RestoreOnly" + QueryVerificationType VerificationType = "Query" + ScriptVerificationType VerificationType = "Script" +) + +// ScriptVerifierSpec defines the script location in verifier job and the args to be provided with the script. +type ScriptVerifierSpec struct { + // Location specifies the absolute path of the script file's location. + Location string `json:"location,omitempty"` + + // Args specifies the arguments to be provided with the script. + Args []string `json:"args,omitempty"` +} + +//+kubebuilder:object:root=true + +// BackupVerifierList contains a list of BackupVerifier +type BackupVerifierList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []BackupVerifier `json:"items"` +} + +func init() { + SchemeBuilder.Register(&BackupVerifier{}, &BackupVerifierList{}) +} diff --git a/vendor/kubestash.dev/apimachinery/apis/core/v1alpha1/backupverifier_webhook.go b/vendor/kubestash.dev/apimachinery/apis/core/v1alpha1/backupverifier_webhook.go new file mode 100644 index 00000000..8cdab007 --- /dev/null +++ b/vendor/kubestash.dev/apimachinery/apis/core/v1alpha1/backupverifier_webhook.go @@ -0,0 +1,115 @@ +/* +Copyright AppsCode Inc. and Contributors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1alpha1 + +import ( + "fmt" + "k8s.io/apimachinery/pkg/runtime" + ctrl "sigs.k8s.io/controller-runtime" + logf "sigs.k8s.io/controller-runtime/pkg/log" + "sigs.k8s.io/controller-runtime/pkg/webhook" + "sigs.k8s.io/controller-runtime/pkg/webhook/admission" +) + +// log is for logging in this package. +var backupverifierlog = logf.Log.WithName("backupverifier-resource") + +func (v *BackupVerifier) SetupWebhookWithManager(mgr ctrl.Manager) error { + return ctrl.NewWebhookManagedBy(mgr). + For(v). + Complete() +} + +// TODO(user): EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN! + +// TODO(user): change verbs to "verbs=create;update;delete" if you want to enable deletion validation. +//+kubebuilder:webhook:path=/validate-core-kubestash-com-v1alpha1-backupverifier,mutating=false,failurePolicy=fail,sideEffects=None,groups=core.kubestash.com,resources=backupverifiers,verbs=create;update,versions=v1alpha1,name=vbackupverifier.kb.io,admissionReviewVersions=v1 + +var _ webhook.Validator = &BackupVerifier{} + +// ValidateCreate implements webhook.Validator so a webhook will be registered for the type +func (v *BackupVerifier) ValidateCreate() (admission.Warnings, error) { + backupverifierlog.Info("validate create", "name", v.Name) + + if err := v.validateVerifier(); err != nil { + return nil, err + } + + return nil, nil +} + +// ValidateUpdate implements webhook.Validator so a webhook will be registered for the type +func (v *BackupVerifier) ValidateUpdate(old runtime.Object) (admission.Warnings, error) { + backupverifierlog.Info("validate update", "name", v.Name) + + if err := v.validateVerifier(); err != nil { + return nil, err + } + + return nil, nil +} + +// ValidateDelete implements webhook.Validator so a webhook will be registered for the type +func (v *BackupVerifier) ValidateDelete() (admission.Warnings, error) { + backupverifierlog.Info("validate delete", "name", v.Name) + + // TODO(user): fill in your validation logic upon object deletion. + return nil, nil +} + +func (v *BackupVerifier) validateVerifier() error { + if v.Spec.RestoreOption == nil { + return fmt.Errorf("restoreOption for backupVerifier %s/%s cannot be empty", v.Namespace, v.Name) + } + + if v.Spec.RestoreOption.AddonInfo == nil { + return fmt.Errorf("addonInfo in restoreOption for backupVerifier %s/%s cannot be empty", v.Namespace, v.Name) + } + + if v.Spec.Scheduler != nil { + return fmt.Errorf("scheduler for backupVerifier %s/%s cannot be empty", v.Namespace, v.Name) + } + + if v.Spec.Type == "" { + return fmt.Errorf("type of backupVerifier %s/%s cannot be empty", v.Namespace, v.Name) + } + + if v.Spec.Type == QueryVerificationType { + if v.Spec.Query == nil { + return fmt.Errorf("query in backupVerifier %s/%s cannot be empty", v.Namespace, v.Name) + } + if v.Spec.Function == "" { + return fmt.Errorf("function in backupVerifier %s/%s cannot be empty", v.Namespace, v.Name) + } + } + + if v.Spec.Type == ScriptVerificationType { + if v.Spec.Script == nil { + return fmt.Errorf("script in backupVerifier %s/%s cannot be empty", v.Namespace, v.Name) + } + + if v.Spec.Script.Location == "" { + return fmt.Errorf("script location in backupVerifier %s/%s cannot be empty", v.Namespace, v.Name) + } + + if v.Spec.Function == "" { + return fmt.Errorf("function in backupVerifier %s/%s cannot be empty", v.Namespace, v.Name) + } + } + + return nil +} diff --git a/vendor/kubestash.dev/apimachinery/apis/core/v1alpha1/query_types.go b/vendor/kubestash.dev/apimachinery/apis/core/v1alpha1/query_types.go new file mode 100644 index 00000000..ebf9f4df --- /dev/null +++ b/vendor/kubestash.dev/apimachinery/apis/core/v1alpha1/query_types.go @@ -0,0 +1,146 @@ +/* +Copyright AppsCode Inc. and Contributors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1alpha1 + +// MySQLQuery specifies query for MySQL database +type MySQLQuery struct { + // Database refers to the database name being checked for existence + Database string `json:"database,omitempty"` + + // Table refers to the table name being checked for existence in specified Database + // +optional + Table string `json:"table,omitempty"` + + // RowCount represents the number of row to be checked in the specified Table + // +optional + RowCount *MatchExpression `json:"rowCount,omitempty"` +} + +// MariaDBQuery specifies query for MariaDB database +type MariaDBQuery struct { + // Database refers to the database name being checked for existence + Database string `json:"database,omitempty"` + + // Table refers to the table name being checked for existence in specified Database + // +optional + Table string `json:"table,omitempty"` + + // RowCount represents the number of row to be checked in the specified Table + // +optional + RowCount *MatchExpression `json:"rowCount,omitempty"` +} + +// PostgresQuery specifies query for Postgres database +type PostgresQuery struct { + // Database refers to the database name being checked for existence + Database string `json:"database,omitempty"` + + // Schema refers to the schema name being checked for existence in specified Database + // +optional + Schema string `json:"schema,omitempty"` + + // Table refers to the table name being checked for existence in specified Database + // +optional + Table string `json:"table,omitempty"` + + // RowCount represents the number of row to be checked in the specified Table + // +optional + RowCount *MatchExpression `json:"rowCount,omitempty"` +} + +// MongoDBQuery specifies query for MongoDB database +type MongoDBQuery struct { + // Database refers to the database name being checked for existence + Database string `json:"database,omitempty"` + + // Collection refers to the collection name being checked for existence in specified Database + // +optional + Collection string `json:"collection,omitempty"` + + // RowCount represents the number of document to be checked in the specified Collection + // +optional + DocumentCount *MatchExpression `json:"documentCount,omitempty"` +} + +// ElasticsearchQuery specifies query for Elasticsearch database +type ElasticsearchQuery struct { + // Index refers to the index name being checked for existence + Index string `json:"index,omitempty"` +} + +// RedisQuery specifies query for Redis database +type RedisQuery struct { + // Index refers to the database index being checked for existence + Index int `json:"index,omitempty"` + + // DbSize specifies the number of keys in the specified Database + // +optional + DbSize *MatchExpression `json:"dbSize,omitempty"` +} + +// SinglestoreQuery specifies query for Singlestore database +type SinglestoreQuery struct { + // Database refers to the database name being checked for existence + Database string `json:"database,omitempty"` + + // Table refers to the table name being checked for existence in specified Database + // +optional + Table string `json:"table,omitempty"` + + // RowCount represents the number of row to be checked in the specified Table + // +optional + RowCount *MatchExpression `json:"rowCount,omitempty"` +} + +// MSSQLServerQuery specifies query for MSSQLServer database +type MSSQLServerQuery struct { + // Database refers to the database name being checked for existence + Database string `json:"database,omitempty"` + + // Schema refers to the schema name being checked for existence in specified Database + // +optional + Schema string `json:"schema,omitempty"` + + // Table refers to the table name being checked for existence in specified Database + // +optional + Table string `json:"table,omitempty"` + + // RowCount represents the number of row to be checked in the specified Table + // +optional + RowCount *MatchExpression `json:"rowCount,omitempty"` +} + +type MatchExpression struct { + // Operator represents the operation that will be done on the given Value + Operator Operator `json:"operator,omitempty"` + + // Value represents the numerical value of the desired output + Value *int64 `json:"value,omitempty"` +} + +// Operator represents the operation that will be done +// +kubebuilder:validation:Enum=Equal;NotEqual;LessThan;LessThanOrEqual;GreaterThan;GreaterThanOrEqual +type Operator string + +const ( + EqualOperator Operator = "Equal" + NotEqualOperator Operator = "NotEqual" + LessThanOperator Operator = "LessThan" + LessThanOrEqualOperator Operator = "LessThanOrEqual" + GreaterThanOperator Operator = "GreaterThan" + GreaterThanOrEqualOperator Operator = "GreaterThanOrEqual" +) diff --git a/vendor/kubestash.dev/apimachinery/apis/core/v1alpha1/restoresession_helpers.go b/vendor/kubestash.dev/apimachinery/apis/core/v1alpha1/restoresession_helpers.go index 5577786b..7e436410 100644 --- a/vendor/kubestash.dev/apimachinery/apis/core/v1alpha1/restoresession_helpers.go +++ b/vendor/kubestash.dev/apimachinery/apis/core/v1alpha1/restoresession_helpers.go @@ -201,7 +201,6 @@ func (rs *RestoreSession) GetTargetObjectRef(snap *v1alpha1.Snapshot) *kmapi.Obj Name: rs.Spec.Target.Name, } } - return rs.getTargetRef(snap.Spec.AppRef) } @@ -224,9 +223,9 @@ func (rs *RestoreSession) getTargetRef(appRef kmapi.TypedObjectReference) *kmapi return targetRef } - overrideTargetRef := func(dbName, namespace string) { - if dbName != "" { - targetRef.Name = dbName + overrideTargetRef := func(name, namespace string) { + if name != "" { + targetRef.Name = name } if namespace != "" { targetRef.Namespace = namespace @@ -234,6 +233,11 @@ func (rs *RestoreSession) getTargetRef(appRef kmapi.TypedObjectReference) *kmapi } opt := rs.Spec.ManifestOptions + + if opt.Workload != nil { + overrideTargetRef("", opt.Workload.RestoreNamespace) + } + switch appRef.Kind { case apis.KindMySQL: if opt.MySQL != nil { diff --git a/vendor/kubestash.dev/apimachinery/apis/core/v1alpha1/restoresession_types.go b/vendor/kubestash.dev/apimachinery/apis/core/v1alpha1/restoresession_types.go index 719bdad8..ab08d698 100644 --- a/vendor/kubestash.dev/apimachinery/apis/core/v1alpha1/restoresession_types.go +++ b/vendor/kubestash.dev/apimachinery/apis/core/v1alpha1/restoresession_types.go @@ -33,7 +33,6 @@ const ( // +kubebuilder:subresource:status // +kubebuilder:resource:path=restoresessions,singular=restoresession,shortName=restore,categories={kubestash,appscode,all} // +kubebuilder:printcolumn:name="Repository",type="string",JSONPath=".spec.dataSource.repository" -// +kubebuilder:printcolumn:name="Failure-Policy",type="string",JSONPath=".spec.failurePolicy" // +kubebuilder:printcolumn:name="Phase",type="string",JSONPath=".status.phase" // +kubebuilder:printcolumn:name="Duration",type="string",JSONPath=".status.duration" // +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp" @@ -50,7 +49,6 @@ type RestoreSession struct { // RestoreSessionSpec specifies the necessary configurations for restoring data into a target type RestoreSessionSpec struct { // Target indicates the target application where the data will be restored. - // The target must be in the same namespace as the RestoreSession CR. // +optional Target *kmapi.TypedObjectReference `json:"target,omitempty"` @@ -114,6 +112,38 @@ type ManifestRestoreOptions struct { // Redis specifies the options for selecting particular Redis components to restore in manifest restore // +optional Redis *KubeDBManifestOptions `json:"redis,omitempty"` + + // RedisSentinel specifies the options for selecting particular RedisSentinel components to restore in manifest restore + // +optional + RedisSentinel *RedisSentinelManifestOptions `json:"redisSentinel,omitempty"` +} + +type RedisSentinelManifestOptions struct { + // RestoreNamespace specifies the Namespace where the restored files will be applied + // +optional + RestoreNamespace string `json:"restoreNamespace,omitempty"` + + // Sentinel specifies whether to restore the Sentinel manifest or not + // +kubebuilder:default=true + // +optional + Sentinel *bool `json:"sentinel,omitempty"` + + // SentinelName specifies the new name of the Sentinel yaml after restore + // +optional + SentinelName string `json:"SentinelName,omitempty"` + + // AuthSecret specifies whether to restore the AuthSecret manifest or not + // +kubebuilder:default=true + // +optional + AuthSecret *bool `json:"authSecret,omitempty"` + + // AuthSecretName specifies new name of the AuthSecret yaml after restore + // +optional + AuthSecretName string `json:"authSecretName,omitempty"` + + // TLSIssuerRef specifies the name of the IssuerRef used for TLS configurations for both client and server + // +optional + TLSIssuerRef *core.TypedLocalObjectReference `json:"tlsIssuerRef,omitempty"` } type WorkloadManifestOptions struct { @@ -130,7 +160,7 @@ type MSSQLServerManifestOptions struct { // DB specifies whether to restore the DB manifest or not // +kubebuilder:default=true // +optional - DB bool `json:"db,omitempty"` + DB *bool `json:"db,omitempty"` // DBName specifies the new name of the DB yaml after restore // +optional @@ -139,16 +169,12 @@ type MSSQLServerManifestOptions struct { // AuthSecret specifies whether to restore the AuthSecret manifest or not // +kubebuilder:default=true // +optional - AuthSecret bool `json:"authSecret,omitempty"` + AuthSecret *bool `json:"authSecret,omitempty"` // AuthSecretName specifies new name of the AuthSecret yaml after restore // +optional AuthSecretName string `json:"authSecretName,omitempty"` - // InternalAuthIssuerRef specifies the name of the IssuerRef used for endpoint authentication. - // +optional - InternalAuthIssuerRef *core.TypedLocalObjectReference `json:"internalAuthIssuerRef,omitempty"` - // TLSIssuerRef specifies the name of the IssuerRef used for TLS configurations for both client and server. // +optional TLSIssuerRef *core.TypedLocalObjectReference `json:"tlsIssuerRef,omitempty"` @@ -162,7 +188,7 @@ type DruidManifestOptions struct { // DB specifies whether to restore the DB manifest or not // +kubebuilder:default=true // +optional - DB bool `json:"db,omitempty"` + DB *bool `json:"db,omitempty"` // DBName specifies the new name of the DB yaml after restore // +optional @@ -171,7 +197,7 @@ type DruidManifestOptions struct { // AuthSecret specifies whether to restore the AuthSecret manifest or not // +kubebuilder:default=true // +optional - AuthSecret bool `json:"authSecret,omitempty"` + AuthSecret *bool `json:"authSecret,omitempty"` // AuthSecretName specifies new name of the AuthSecret yaml after restore // +optional @@ -180,7 +206,7 @@ type DruidManifestOptions struct { // ConfigSecret specifies whether to restore the ConfigSecret manifest or not // +kubebuilder:default=true // +optional - ConfigSecret bool `json:"configSecret,omitempty"` + ConfigSecret *bool `json:"configSecret,omitempty"` // ConfigSecretName specifies new name of the ConfigSecret yaml after restore // +optional @@ -189,7 +215,7 @@ type DruidManifestOptions struct { // DeepStorageSecret specifies whether to restore the DeepStorageSecret manifest or not // +kubebuilder:default=true // +optional - DeepStorageSecret bool `json:"deepStorageSecret,omitempty"` + DeepStorageSecret *bool `json:"deepStorageSecret,omitempty"` } type KubeDBManifestOptions struct { @@ -200,7 +226,7 @@ type KubeDBManifestOptions struct { // DB specifies whether to restore the DB manifest or not // +kubebuilder:default=true // +optional - DB bool `json:"db,omitempty"` + DB *bool `json:"db,omitempty"` // DBName specifies the new name of the DB yaml after restore // +optional @@ -209,7 +235,7 @@ type KubeDBManifestOptions struct { // AuthSecret specifies whether to restore the AuthSecret manifest or not // +kubebuilder:default=true // +optional - AuthSecret bool `json:"authSecret,omitempty"` + AuthSecret *bool `json:"authSecret,omitempty"` // AuthSecretName specifies new name of the AuthSecret yaml after restore // +optional @@ -218,7 +244,7 @@ type KubeDBManifestOptions struct { // ConfigSecret specifies whether to restore the ConfigSecret manifest or not // +kubebuilder:default=true // +optional - ConfigSecret bool `json:"configSecret,omitempty"` + ConfigSecret *bool `json:"configSecret,omitempty"` // ConfigSecretName specifies new name of the ConfigSecret yaml after restore // +optional @@ -227,7 +253,7 @@ type KubeDBManifestOptions struct { // InitScript specifies whether to restore the InitScript manifest or not // +kubebuilder:default=true // +optional - InitScript bool `json:"initScript,omitempty"` + InitScript *bool `json:"initScript,omitempty"` // TLSIssuerRef specifies the name of the IssuerRef used for TLS configurations for both client and server // +optional diff --git a/vendor/kubestash.dev/apimachinery/apis/core/v1alpha1/zz_generated.deepcopy.go b/vendor/kubestash.dev/apimachinery/apis/core/v1alpha1/zz_generated.deepcopy.go index 32eef501..c3b15f2a 100644 --- a/vendor/kubestash.dev/apimachinery/apis/core/v1alpha1/zz_generated.deepcopy.go +++ b/vendor/kubestash.dev/apimachinery/apis/core/v1alpha1/zz_generated.deepcopy.go @@ -26,8 +26,8 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "kmodules.xyz/client-go/api/v1" - offshoot_apiapiv1 "kmodules.xyz/offshoot-api/api/v1" - apiv1 "kmodules.xyz/prober/api/v1" + apiv1 "kmodules.xyz/offshoot-api/api/v1" + proberapiv1 "kmodules.xyz/prober/api/v1" "kubestash.dev/apimachinery/apis" ) @@ -43,12 +43,12 @@ func (in *AddonInfo) DeepCopyInto(out *AddonInfo) { } if in.ContainerRuntimeSettings != nil { in, out := &in.ContainerRuntimeSettings, &out.ContainerRuntimeSettings - *out = new(offshoot_apiapiv1.ContainerRuntimeSettings) + *out = new(apiv1.ContainerRuntimeSettings) (*in).DeepCopyInto(*out) } if in.JobTemplate != nil { in, out := &in.JobTemplate, &out.JobTemplate - *out = new(offshoot_apiapiv1.PodTemplateSpec) + *out = new(apiv1.PodTemplateSpec) (*in).DeepCopyInto(*out) } } @@ -634,11 +634,6 @@ func (in *BackupSessionStatus) DeepCopyInto(out *BackupSessionStatus) { } } in.Hooks.DeepCopyInto(&out.Hooks) - if in.Verifications != nil { - in, out := &in.Verifications, &out.Verifications - *out = make([]VerificationStatus, len(*in)) - copy(*out, *in) - } if in.RetentionPolicies != nil { in, out := &in.RetentionPolicies, &out.RetentionPolicies *out = make([]RetentionPolicyApplyStatus, len(*in)) @@ -672,6 +667,225 @@ func (in *BackupSessionStatus) DeepCopy() *BackupSessionStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BackupVerificationSession) DeepCopyInto(out *BackupVerificationSession) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackupVerificationSession. +func (in *BackupVerificationSession) DeepCopy() *BackupVerificationSession { + if in == nil { + return nil + } + out := new(BackupVerificationSession) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *BackupVerificationSession) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BackupVerificationSessionList) DeepCopyInto(out *BackupVerificationSessionList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]BackupVerificationSession, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackupVerificationSessionList. +func (in *BackupVerificationSessionList) DeepCopy() *BackupVerificationSessionList { + if in == nil { + return nil + } + out := new(BackupVerificationSessionList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *BackupVerificationSessionList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BackupVerificationSessionSpec) DeepCopyInto(out *BackupVerificationSessionSpec) { + *out = *in + if in.Invoker != nil { + in, out := &in.Invoker, &out.Invoker + *out = new(corev1.TypedLocalObjectReference) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackupVerificationSessionSpec. +func (in *BackupVerificationSessionSpec) DeepCopy() *BackupVerificationSessionSpec { + if in == nil { + return nil + } + out := new(BackupVerificationSessionSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BackupVerificationSessionStatus) DeepCopyInto(out *BackupVerificationSessionStatus) { + *out = *in + if in.Retried != nil { + in, out := &in.Retried, &out.Retried + *out = new(bool) + **out = **in + } + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]v1.Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackupVerificationSessionStatus. +func (in *BackupVerificationSessionStatus) DeepCopy() *BackupVerificationSessionStatus { + if in == nil { + return nil + } + out := new(BackupVerificationSessionStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BackupVerifier) DeepCopyInto(out *BackupVerifier) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackupVerifier. +func (in *BackupVerifier) DeepCopy() *BackupVerifier { + if in == nil { + return nil + } + out := new(BackupVerifier) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *BackupVerifier) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BackupVerifierList) DeepCopyInto(out *BackupVerifierList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]BackupVerifier, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackupVerifierList. +func (in *BackupVerifierList) DeepCopy() *BackupVerifierList { + if in == nil { + return nil + } + out := new(BackupVerifierList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *BackupVerifierList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BackupVerifierSpec) DeepCopyInto(out *BackupVerifierSpec) { + *out = *in + if in.RestoreOption != nil { + in, out := &in.RestoreOption, &out.RestoreOption + *out = new(RestoreOption) + (*in).DeepCopyInto(*out) + } + if in.Scheduler != nil { + in, out := &in.Scheduler, &out.Scheduler + *out = new(SchedulerSpec) + (*in).DeepCopyInto(*out) + } + if in.Volumes != nil { + in, out := &in.Volumes, &out.Volumes + *out = make([]apiv1.Volume, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.VolumeMounts != nil { + in, out := &in.VolumeMounts, &out.VolumeMounts + *out = make([]corev1.VolumeMount, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Query != nil { + in, out := &in.Query, &out.Query + *out = new(runtime.RawExtension) + (*in).DeepCopyInto(*out) + } + if in.Script != nil { + in, out := &in.Script, &out.Script + *out = new(ScriptVerifierSpec) + (*in).DeepCopyInto(*out) + } + if in.RetryConfig != nil { + in, out := &in.RetryConfig, &out.RetryConfig + *out = new(RetryConfig) + **out = **in + } + in.RuntimeSettings.DeepCopyInto(&out.RuntimeSettings) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackupVerifierSpec. +func (in *BackupVerifierSpec) DeepCopy() *BackupVerifierSpec { + if in == nil { + return nil + } + out := new(BackupVerifierSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *BatchSession) DeepCopyInto(out *BatchSession) { *out = *in @@ -717,6 +931,26 @@ func (in *ComponentRestoreStatus) DeepCopy() *ComponentRestoreStatus { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *DruidManifestOptions) DeepCopyInto(out *DruidManifestOptions) { *out = *in + if in.DB != nil { + in, out := &in.DB, &out.DB + *out = new(bool) + **out = **in + } + if in.AuthSecret != nil { + in, out := &in.AuthSecret, &out.AuthSecret + *out = new(bool) + **out = **in + } + if in.ConfigSecret != nil { + in, out := &in.ConfigSecret, &out.ConfigSecret + *out = new(bool) + **out = **in + } + if in.DeepStorageSecret != nil { + in, out := &in.DeepStorageSecret, &out.DeepStorageSecret + *out = new(bool) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DruidManifestOptions. @@ -729,6 +963,21 @@ func (in *DruidManifestOptions) DeepCopy() *DruidManifestOptions { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ElasticsearchQuery) DeepCopyInto(out *ElasticsearchQuery) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ElasticsearchQuery. +func (in *ElasticsearchQuery) DeepCopy() *ElasticsearchQuery { + if in == nil { + return nil + } + out := new(ElasticsearchQuery) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *FunctionHookExecutorSpec) DeepCopyInto(out *FunctionHookExecutorSpec) { *out = *in @@ -748,7 +997,7 @@ func (in *FunctionHookExecutorSpec) DeepCopyInto(out *FunctionHookExecutorSpec) } if in.Volumes != nil { in, out := &in.Volumes, &out.Volumes - *out = make([]offshoot_apiapiv1.Volume, len(*in)) + *out = make([]apiv1.Volume, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -832,7 +1081,7 @@ func (in *HookInfo) DeepCopyInto(out *HookInfo) { } if in.Volumes != nil { in, out := &in.Volumes, &out.Volumes - *out = make([]offshoot_apiapiv1.Volume, len(*in)) + *out = make([]apiv1.Volume, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -846,7 +1095,7 @@ func (in *HookInfo) DeepCopyInto(out *HookInfo) { } if in.RuntimeSettings != nil { in, out := &in.RuntimeSettings, &out.RuntimeSettings - *out = new(offshoot_apiapiv1.RuntimeSettings) + *out = new(apiv1.RuntimeSettings) (*in).DeepCopyInto(*out) } } @@ -959,7 +1208,7 @@ func (in *HookTemplateSpec) DeepCopyInto(out *HookTemplateSpec) { } if in.Action != nil { in, out := &in.Action, &out.Action - *out = new(apiv1.Handler) + *out = new(proberapiv1.Handler) (*in).DeepCopyInto(*out) } if in.Executor != nil { @@ -1033,6 +1282,26 @@ func (in *JobTemplate) DeepCopy() *JobTemplate { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *KubeDBManifestOptions) DeepCopyInto(out *KubeDBManifestOptions) { *out = *in + if in.DB != nil { + in, out := &in.DB, &out.DB + *out = new(bool) + **out = **in + } + if in.AuthSecret != nil { + in, out := &in.AuthSecret, &out.AuthSecret + *out = new(bool) + **out = **in + } + if in.ConfigSecret != nil { + in, out := &in.ConfigSecret, &out.ConfigSecret + *out = new(bool) + **out = **in + } + if in.InitScript != nil { + in, out := &in.InitScript, &out.InitScript + *out = new(bool) + **out = **in + } if in.TLSIssuerRef != nil { in, out := &in.TLSIssuerRef, &out.TLSIssuerRef *out = new(corev1.TypedLocalObjectReference) @@ -1053,10 +1322,15 @@ func (in *KubeDBManifestOptions) DeepCopy() *KubeDBManifestOptions { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *MSSQLServerManifestOptions) DeepCopyInto(out *MSSQLServerManifestOptions) { *out = *in - if in.InternalAuthIssuerRef != nil { - in, out := &in.InternalAuthIssuerRef, &out.InternalAuthIssuerRef - *out = new(corev1.TypedLocalObjectReference) - (*in).DeepCopyInto(*out) + if in.DB != nil { + in, out := &in.DB, &out.DB + *out = new(bool) + **out = **in + } + if in.AuthSecret != nil { + in, out := &in.AuthSecret, &out.AuthSecret + *out = new(bool) + **out = **in } if in.TLSIssuerRef != nil { in, out := &in.TLSIssuerRef, &out.TLSIssuerRef @@ -1075,6 +1349,26 @@ func (in *MSSQLServerManifestOptions) DeepCopy() *MSSQLServerManifestOptions { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MSSQLServerQuery) DeepCopyInto(out *MSSQLServerQuery) { + *out = *in + if in.RowCount != nil { + in, out := &in.RowCount, &out.RowCount + *out = new(MatchExpression) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MSSQLServerQuery. +func (in *MSSQLServerQuery) DeepCopy() *MSSQLServerQuery { + if in == nil { + return nil + } + out := new(MSSQLServerQuery) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ManifestRestoreOptions) DeepCopyInto(out *ManifestRestoreOptions) { *out = *in @@ -1111,7 +1405,7 @@ func (in *ManifestRestoreOptions) DeepCopyInto(out *ManifestRestoreOptions) { if in.Druid != nil { in, out := &in.Druid, &out.Druid *out = new(DruidManifestOptions) - **out = **in + (*in).DeepCopyInto(*out) } if in.ZooKeeper != nil { in, out := &in.ZooKeeper, &out.ZooKeeper @@ -1128,6 +1422,11 @@ func (in *ManifestRestoreOptions) DeepCopyInto(out *ManifestRestoreOptions) { *out = new(KubeDBManifestOptions) (*in).DeepCopyInto(*out) } + if in.RedisSentinel != nil { + in, out := &in.RedisSentinel, &out.RedisSentinel + *out = new(RedisSentinelManifestOptions) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManifestRestoreOptions. @@ -1140,6 +1439,86 @@ func (in *ManifestRestoreOptions) DeepCopy() *ManifestRestoreOptions { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MariaDBQuery) DeepCopyInto(out *MariaDBQuery) { + *out = *in + if in.RowCount != nil { + in, out := &in.RowCount, &out.RowCount + *out = new(MatchExpression) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MariaDBQuery. +func (in *MariaDBQuery) DeepCopy() *MariaDBQuery { + if in == nil { + return nil + } + out := new(MariaDBQuery) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MatchExpression) DeepCopyInto(out *MatchExpression) { + *out = *in + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(int64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MatchExpression. +func (in *MatchExpression) DeepCopy() *MatchExpression { + if in == nil { + return nil + } + out := new(MatchExpression) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MongoDBQuery) DeepCopyInto(out *MongoDBQuery) { + *out = *in + if in.DocumentCount != nil { + in, out := &in.DocumentCount, &out.DocumentCount + *out = new(MatchExpression) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MongoDBQuery. +func (in *MongoDBQuery) DeepCopy() *MongoDBQuery { + if in == nil { + return nil + } + out := new(MongoDBQuery) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MySQLQuery) DeepCopyInto(out *MySQLQuery) { + *out = *in + if in.RowCount != nil { + in, out := &in.RowCount, &out.RowCount + *out = new(MatchExpression) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MySQLQuery. +func (in *MySQLQuery) DeepCopy() *MySQLQuery { + if in == nil { + return nil + } + out := new(MySQLQuery) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *OffshootStatus) DeepCopyInto(out *OffshootStatus) { *out = *in @@ -1220,6 +1599,76 @@ func (in *PodHookExecutorSpec) DeepCopy() *PodHookExecutorSpec { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PostgresQuery) DeepCopyInto(out *PostgresQuery) { + *out = *in + if in.RowCount != nil { + in, out := &in.RowCount, &out.RowCount + *out = new(MatchExpression) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PostgresQuery. +func (in *PostgresQuery) DeepCopy() *PostgresQuery { + if in == nil { + return nil + } + out := new(PostgresQuery) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RedisQuery) DeepCopyInto(out *RedisQuery) { + *out = *in + if in.DbSize != nil { + in, out := &in.DbSize, &out.DbSize + *out = new(MatchExpression) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RedisQuery. +func (in *RedisQuery) DeepCopy() *RedisQuery { + if in == nil { + return nil + } + out := new(RedisQuery) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RedisSentinelManifestOptions) DeepCopyInto(out *RedisSentinelManifestOptions) { + *out = *in + if in.Sentinel != nil { + in, out := &in.Sentinel, &out.Sentinel + *out = new(bool) + **out = **in + } + if in.AuthSecret != nil { + in, out := &in.AuthSecret, &out.AuthSecret + *out = new(bool) + **out = **in + } + if in.TLSIssuerRef != nil { + in, out := &in.TLSIssuerRef, &out.TLSIssuerRef + *out = new(corev1.TypedLocalObjectReference) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RedisSentinelManifestOptions. +func (in *RedisSentinelManifestOptions) DeepCopy() *RedisSentinelManifestOptions { + if in == nil { + return nil + } + out := new(RedisSentinelManifestOptions) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RepoStatus) DeepCopyInto(out *RepoStatus) { *out = *in @@ -1238,6 +1687,11 @@ func (in *RepoStatus) DeepCopy() *RepoStatus { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RepositoryInfo) DeepCopyInto(out *RepositoryInfo) { *out = *in + if in.BackupVerifier != nil { + in, out := &in.BackupVerifier, &out.BackupVerifier + *out = new(v1.ObjectReference) + **out = **in + } if in.EncryptionSecret != nil { in, out := &in.EncryptionSecret, &out.EncryptionSecret *out = new(v1.ObjectReference) @@ -1335,6 +1789,31 @@ func (in *RestoreHooks) DeepCopy() *RestoreHooks { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RestoreOption) DeepCopyInto(out *RestoreOption) { + *out = *in + if in.Target != nil { + in, out := &in.Target, &out.Target + *out = new(v1.TypedObjectReference) + **out = **in + } + if in.AddonInfo != nil { + in, out := &in.AddonInfo, &out.AddonInfo + *out = new(AddonInfo) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RestoreOption. +func (in *RestoreOption) DeepCopy() *RestoreOption { + if in == nil { + return nil + } + out := new(RestoreOption) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RestoreSession) DeepCopyInto(out *RestoreSession) { *out = *in @@ -1579,6 +2058,26 @@ func (in *SchedulerSpec) DeepCopy() *SchedulerSpec { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ScriptVerifierSpec) DeepCopyInto(out *ScriptVerifierSpec) { + *out = *in + if in.Args != nil { + in, out := &in.Args, &out.Args + *out = make([]string, len(*in)) + copy(*out, *in) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ScriptVerifierSpec. +func (in *ScriptVerifierSpec) DeepCopy() *ScriptVerifierSpec { + if in == nil { + return nil + } + out := new(ScriptVerifierSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Session) DeepCopyInto(out *Session) { *out = *in @@ -1668,6 +2167,26 @@ func (in *SessionStatus) DeepCopy() *SessionStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SinglestoreQuery) DeepCopyInto(out *SinglestoreQuery) { + *out = *in + if in.RowCount != nil { + in, out := &in.RowCount, &out.RowCount + *out = new(MatchExpression) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SinglestoreQuery. +func (in *SinglestoreQuery) DeepCopy() *SinglestoreQuery { + if in == nil { + return nil + } + out := new(SinglestoreQuery) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *SnapshotStatus) DeepCopyInto(out *SnapshotStatus) { *out = *in @@ -1797,7 +2316,7 @@ func (in *TargetVolumeInfo) DeepCopyInto(out *TargetVolumeInfo) { *out = *in if in.Volumes != nil { in, out := &in.Volumes, &out.Volumes - *out = make([]offshoot_apiapiv1.Volume, len(*in)) + *out = make([]apiv1.Volume, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -1811,7 +2330,7 @@ func (in *TargetVolumeInfo) DeepCopyInto(out *TargetVolumeInfo) { } if in.VolumeClaimTemplates != nil { in, out := &in.VolumeClaimTemplates, &out.VolumeClaimTemplates - *out = make([]offshoot_apiapiv1.PersistentVolumeClaim, len(*in)) + *out = make([]apiv1.PersistentVolumeClaim, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -1867,51 +2386,6 @@ func (in *TaskReference) DeepCopy() *TaskReference { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *VerificationStatus) DeepCopyInto(out *VerificationStatus) { - *out = *in -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VerificationStatus. -func (in *VerificationStatus) DeepCopy() *VerificationStatus { - if in == nil { - return nil - } - out := new(VerificationStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *VerificationStrategy) DeepCopyInto(out *VerificationStrategy) { - *out = *in - if in.Verifier != nil { - in, out := &in.Verifier, &out.Verifier - *out = new(v1.TypedObjectReference) - **out = **in - } - if in.Params != nil { - in, out := &in.Params, &out.Params - *out = new(runtime.RawExtension) - (*in).DeepCopyInto(*out) - } - if in.RetryConfig != nil { - in, out := &in.RetryConfig, &out.RetryConfig - *out = new(RetryConfig) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VerificationStrategy. -func (in *VerificationStrategy) DeepCopy() *VerificationStrategy { - if in == nil { - return nil - } - out := new(VerificationStrategy) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *WorkloadManifestOptions) DeepCopyInto(out *WorkloadManifestOptions) { *out = *in diff --git a/vendor/kubestash.dev/apimachinery/apis/storage/v1alpha1/snapshot_types.go b/vendor/kubestash.dev/apimachinery/apis/storage/v1alpha1/snapshot_types.go index 1c7d02a0..65ff51ac 100644 --- a/vendor/kubestash.dev/apimachinery/apis/storage/v1alpha1/snapshot_types.go +++ b/vendor/kubestash.dev/apimachinery/apis/storage/v1alpha1/snapshot_types.go @@ -110,6 +110,10 @@ type SnapshotStatus struct { // +optional VerificationStatus VerificationStatus `json:"verificationStatus,omitempty"` + // VerificationSession specifies which BackupVerificationSession verified this Snapshot + // +optional + VerificationSession string `json:"verificationSession,omitempty"` + // SnapshotTime represents the timestamp when this Snapshot was taken. // +optional SnapshotTime *metav1.Time `json:"snapshotTime,omitempty"` @@ -232,6 +236,14 @@ type ResticStats struct { // Size represents the restic snapshot size // +optional Size string `json:"size,omitempty"` + + // StartTime represents the timestamp at which the restic command was triggered + // +optional + StartTime *metav1.Time `json:"startTime,omitempty"` + + // EndTime represents the timestamp at which the restic command successfully executed + // +optional + EndTime *metav1.Time `json:"endTime,omitempty"` } // VolumeSnapshotterStats specifies the "VolumeSnapshotter" driver specific information diff --git a/vendor/kubestash.dev/apimachinery/apis/storage/v1alpha1/zz_generated.deepcopy.go b/vendor/kubestash.dev/apimachinery/apis/storage/v1alpha1/zz_generated.deepcopy.go index 2be96888..66fe44da 100644 --- a/vendor/kubestash.dev/apimachinery/apis/storage/v1alpha1/zz_generated.deepcopy.go +++ b/vendor/kubestash.dev/apimachinery/apis/storage/v1alpha1/zz_generated.deepcopy.go @@ -197,7 +197,9 @@ func (in *Component) DeepCopyInto(out *Component) { if in.ResticStats != nil { in, out := &in.ResticStats, &out.ResticStats *out = make([]ResticStats, len(*in)) - copy(*out, *in) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } if in.WalGStats != nil { in, out := &in.WalGStats, &out.WalGStats @@ -453,6 +455,14 @@ func (in *RepositoryStatus) DeepCopy() *RepositoryStatus { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ResticStats) DeepCopyInto(out *ResticStats) { *out = *in + if in.StartTime != nil { + in, out := &in.StartTime, &out.StartTime + *out = (*in).DeepCopy() + } + if in.EndTime != nil { + in, out := &in.EndTime, &out.EndTime + *out = (*in).DeepCopy() + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResticStats. diff --git a/vendor/kubestash.dev/apimachinery/apis/variables.go b/vendor/kubestash.dev/apimachinery/apis/variables.go index d14b0f9c..0890accc 100644 --- a/vendor/kubestash.dev/apimachinery/apis/variables.go +++ b/vendor/kubestash.dev/apimachinery/apis/variables.go @@ -26,9 +26,10 @@ const ( Snapshot = "snapshot" - Namespace = "namespace" - BackupSession = "backupSession" - RestoreSession = "restoreSession" + Namespace = "namespace" + BackupSession = "backupSession" + RestoreSession = "restoreSession" + BackupVerificationSession = "backupVerificationSession" // EnableCache is false when TmpDir.DisableCaching is true in backupConfig/restoreSession // default is true diff --git a/vendor/kubestash.dev/apimachinery/crds/addons.kubestash.com_addons.yaml b/vendor/kubestash.dev/apimachinery/crds/addons.kubestash.com_addons.yaml index df828722..3b54a850 100644 --- a/vendor/kubestash.dev/apimachinery/crds/addons.kubestash.com_addons.yaml +++ b/vendor/kubestash.dev/apimachinery/crds/addons.kubestash.com_addons.yaml @@ -25,34 +25,17 @@ spec: name: v1alpha1 schema: openAPIV3Schema: - description: Addon specifies the backup and restore capabilities for a specific - type of target. For example, MySQL addon specifies the backup and restore - capabilities of MySQL database where Postgres addon specifies backup and - restore capabilities for PostgreSQL database. An Addon CR defines these - capabilities as tasks for backup and restore. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: AddonSpec defines the specification for backup and restore - tasks. properties: backupTasks: - description: BackupTasks specifies a list of backup tasks that can - be performed by the addon. items: - description: Task defines the specification of a backup/restore - task. properties: driver: allOf: @@ -64,23 +47,8 @@ spec: - Restic - WalG - VolumeSnapshotter - description: 'Driver specifies the underlying tool that will - be used to upload the data to the backend storage. Valid values - are: - "Restic": The underlying tool is [restic](https://restic.net/). - - "WalG": The underlying tool is [wal-g](https://github.com/wal-g/wal-g).' type: string executor: - description: 'Executor specifies the type of entity that will - execute the task. For example, it can be a Job, a sidecar - container, an ephemeral container, or a Job that creates additional - Jobs/Pods for executing the backup/restore logic. Valid values - are: - "Job": KubeStash will create a Job to execute the backup/restore - task. - "Sidecar": KubeStash will inject a sidecar container - into the application to execute the backup/restore task. - - "EphemeralContainer": KubeStash will attach an ephemeral container - to the respective Pods to execute the backup/restore task. - - "MultiLevelJob": KubeStash will create a Job that will create - additional Jobs/Pods to execute the backup/restore task.' enum: - Job - Sidecar @@ -88,100 +56,40 @@ spec: - MultiLevelJob type: string function: - description: Function specifies the name of a Function CR that - defines a container definition which will execute the backup/restore - logic for a particular application. type: string name: - description: Name specifies the name of the task. The name of - a Task should indicate what this task does. For example, a - name LogicalBackup indicate that this task performs a logical - backup of a database. type: string parameters: - description: Parameters defines a list of parameters that is - used by the task to execute its logic. items: - description: ParameterDefinition defines the parameter names, - their usage, their requirements etc. properties: default: - description: Default specifies a default value for the - parameter type: string name: - description: Name specifies the name of the parameter type: string required: - description: Required specify whether this parameter is - required or not type: boolean usage: - description: Usage specifies the usage of this parameter type: string type: object type: array singleton: - description: Singleton specifies whether this task will be executed - on a single job or across multiple jobs. type: boolean volumeMounts: - description: VolumeMounts specifies the mount path of the volumes - specified in the VolumeTemplate section. These volumes will - be mounted directly on the Job/Container created/injected - by KubeStash operator. If the volume type is VolumeClaimTemplate, - then KubeStash operator is responsible for creating the volume. items: - description: VolumeMount describes a mounting of a Volume - within a container. properties: mountPath: - description: Path within the container at which the volume - should be mounted. Must not contain ':'. type: string mountPropagation: - description: mountPropagation determines how mounts are - propagated from the host to container and the other - way around. When not set, MountPropagationNone is used. - This field is beta in 1.10. When RecursiveReadOnly is - set to IfPossible or to Enabled, MountPropagation must - be None or unspecified (which defaults to None). type: string name: - description: This must match the Name of a Volume. type: string readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. type: boolean recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only - mounts should be handled recursively. \n If ReadOnly - is false, this field has no meaning and must be unspecified. - \n If ReadOnly is true, and this field is set to Disabled, - the mount is not made recursively read-only. If this - field is set to IfPossible, the mount is made recursively - read-only, if it is supported by the container runtime. - \ If this field is set to Enabled, the mount is made - recursively read-only if it is supported by the container - runtime, otherwise the pod will not be started and an - error will be generated to indicate the reason. \n If - this field is set to IfPossible or Enabled, MountPropagation - must be set to None (or be unspecified, which defaults - to None). \n If this field is not specified, it is treated - as an equivalent of Disabled." type: string subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). type: string subPathExpr: - description: Expanded path within the volume from which - the container's volume should be mounted. Behaves similarly - to SubPath but environment variable references $(VAR_NAME) - are expanded using the container's environment. Defaults - to "" (volume's root). SubPathExpr and SubPath are mutually - exclusive. type: string required: - mountPath @@ -189,272 +97,113 @@ spec: type: object type: array volumeTemplate: - description: VolumeTemplate specifies a list of volume templates - that is used by the respective backup/restore Job to execute - its logic. User can overwrite these volume templates using - `addonVolumes` field of BackupConfiguration/BackupBatch. items: - description: VolumeTemplate specifies the name, usage, and - the source of volume that will be used by the addon to execute - it's backup/restore task. properties: name: - description: Name specifies the name of the volume type: string source: - description: Source specifies the source of this volume. properties: awsElasticBlockStore: - description: 'awsElasticBlockStore represents an AWS - Disk resource that is attached to a kubelet''s host - machine and then exposed to the pod. More info: - https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' properties: fsType: - description: 'fsType is the filesystem type of - the volume that you want to mount. Tip: Ensure - that the filesystem type is supported by the - host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if - unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem - from compromising the machine' type: string partition: - description: 'partition is the partition in the - volume that you want to mount. If omitted, the - default is to mount by volume name. Examples: - For volume /dev/sda1, you specify the partition - as "1". Similarly, the volume partition for - /dev/sda is "0" (or you can leave the property - empty).' format: int32 type: integer readOnly: - description: 'readOnly value true will force the - readOnly setting in VolumeMounts. More info: - https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: boolean volumeID: - description: 'volumeID is unique ID of the persistent - disk resource in AWS (Amazon EBS volume). More - info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: string required: - volumeID type: object azureDisk: - description: azureDisk represents an Azure Data Disk - mount on the host and bind mount to the pod. properties: cachingMode: - description: 'cachingMode is the Host Caching - mode: None, Read Only, Read Write.' type: string diskName: - description: diskName is the Name of the data - disk in the blob storage type: string diskURI: - description: diskURI is the URI of data disk in - the blob storage type: string fsType: - description: fsType is Filesystem type to mount. - Must be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified. type: string kind: - description: 'kind expected values are Shared: - multiple blob disks per storage account Dedicated: - single blob disk per storage account Managed: - azure managed data disk (only in managed availability - set). defaults to shared' type: string readOnly: - description: readOnly Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting - in VolumeMounts. type: boolean required: - diskName - diskURI type: object azureFile: - description: azureFile represents an Azure File Service - mount on the host and bind mount to the pod. properties: readOnly: - description: readOnly defaults to false (read/write). - ReadOnly here will force the ReadOnly setting - in VolumeMounts. type: boolean secretName: - description: secretName is the name of secret - that contains Azure Storage Account Name and - Key type: string shareName: - description: shareName is the azure share Name type: string required: - secretName - shareName type: object cephfs: - description: cephFS represents a Ceph FS mount on - the host that shares a pod's lifetime properties: monitors: - description: 'monitors is Required: Monitors is - a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' items: type: string type: array x-kubernetes-list-type: atomic path: - description: 'path is Optional: Used as the mounted - root, rather than the full Ceph tree, default - is /' type: string readOnly: - description: 'readOnly is Optional: Defaults to - false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. More info: - https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: boolean secretFile: - description: 'secretFile is Optional: SecretFile - is the path to key ring for User, default is - /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string secretRef: - description: 'secretRef is Optional: SecretRef - is reference to the authentication secret for - User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' properties: name: default: "" - description: 'Name of the referent. This field - is effectively required, but due to backwards - compatibility is allowed to be empty. Instances - of this type with an empty value here are - almost certainly wrong. TODO: Add other - useful fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is optional: User is the rados - user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string required: - monitors type: object cinder: - description: 'cinder represents a cinder volume attached - and mounted on kubelets host machine. More info: - https://examples.k8s.io/mysql-cinder-pd/README.md' properties: fsType: - description: 'fsType is the filesystem type to - mount. Must be a filesystem type supported by - the host operating system. Examples: "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string readOnly: - description: 'readOnly defaults to false (read/write). - ReadOnly here will force the ReadOnly setting - in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: boolean secretRef: - description: 'secretRef is optional: points to - a secret object containing parameters used to - connect to OpenStack.' properties: name: default: "" - description: 'Name of the referent. This field - is effectively required, but due to backwards - compatibility is allowed to be empty. Instances - of this type with an empty value here are - almost certainly wrong. TODO: Add other - useful fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic volumeID: - description: 'volumeID used to identify the volume - in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string required: - volumeID type: object configMap: - description: configMap represents a configMap that - should populate this volume properties: defaultMode: - description: 'defaultMode is optional: mode bits - used to set permissions on created files by - default. Must be an octal value between 0000 - and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. - Defaults to 0644. Directories within the path - are not affected by this setting. This might - be in conflict with other options that affect - the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer items: - description: items if unspecified, each key-value - pair in the Data field of the referenced ConfigMap - will be projected into the volume as a file - whose name is the key and content is the value. - If specified, the listed keys will be projected - into the specified paths, and unlisted keys - will not be present. If a key is specified which - is not present in the ConfigMap, the volume - setup will error unless it is marked optional. - Paths must be relative and may not contain the - '..' path or start with '..'. items: - description: Maps a string key to a path within - a volume. properties: key: - description: key is the key to project. type: string mode: - description: 'mode is Optional: mode bits - used to set permissions on this file. - Must be an octal value between 0000 and - 0777 or a decimal value between 0 and - 511. YAML accepts both octal and decimal - values, JSON requires decimal values for - mode bits. If not specified, the volume - defaultMode will be used. This might be - in conflict with other options that affect - the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer path: - description: path is the relative path of - the file to map the key to. May not be - an absolute path. May not contain the - path element '..'. May not start with - the string '..'. type: string required: - key @@ -464,166 +213,67 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of the referent. This field - is effectively required, but due to backwards - compatibility is allowed to be empty. Instances - of this type with an empty value here are almost - certainly wrong. TODO: Add other useful fields. - apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional specify whether the ConfigMap - or its keys must be defined type: boolean type: object x-kubernetes-map-type: atomic csi: - description: csi (Container Storage Interface) represents - ephemeral storage that is handled by certain external - CSI drivers (Beta feature). properties: driver: - description: driver is the name of the CSI driver - that handles this volume. Consult with your - admin for the correct name as registered in - the cluster. type: string fsType: - description: fsType to mount. Ex. "ext4", "xfs", - "ntfs". If not provided, the empty value is - passed to the associated CSI driver which will - determine the default filesystem to apply. type: string nodePublishSecretRef: - description: nodePublishSecretRef is a reference - to the secret object containing sensitive information - to pass to the CSI driver to complete the CSI - NodePublishVolume and NodeUnpublishVolume calls. - This field is optional, and may be empty if - no secret is required. If the secret object - contains more than one secret, all secret references - are passed. properties: name: default: "" - description: 'Name of the referent. This field - is effectively required, but due to backwards - compatibility is allowed to be empty. Instances - of this type with an empty value here are - almost certainly wrong. TODO: Add other - useful fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic readOnly: - description: readOnly specifies a read-only configuration - for the volume. Defaults to false (read/write). type: boolean volumeAttributes: additionalProperties: type: string - description: volumeAttributes stores driver-specific - properties that are passed to the CSI driver. - Consult your driver's documentation for supported - values. type: object required: - driver type: object downwardAPI: - description: downwardAPI represents downward API about - the pod that should populate this volume properties: defaultMode: - description: 'Optional: mode bits to use on created - files by default. Must be a Optional: mode bits - used to set permissions on created files by - default. Must be an octal value between 0000 - and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. - Defaults to 0644. Directories within the path - are not affected by this setting. This might - be in conflict with other options that affect - the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer items: - description: Items is a list of downward API volume - file items: - description: DownwardAPIVolumeFile represents - information to create the file containing - the pod field properties: fieldRef: - description: 'Required: Selects a field - of the pod: only annotations, labels, - name, namespace and uid are supported.' properties: apiVersion: - description: Version of the schema the - FieldPath is written in terms of, - defaults to "v1". type: string fieldPath: - description: Path of the field to select - in the specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: mode bits used to - set permissions on this file, must be - an octal value between 0000 and 0777 or - a decimal value between 0 and 511. YAML - accepts both octal and decimal values, - JSON requires decimal values for mode - bits. If not specified, the volume defaultMode - will be used. This might be in conflict - with other options that affect the file - mode, like fsGroup, and the result can - be other mode bits set.' format: int32 type: integer path: - description: 'Required: Path is the relative - path name of the file to be created. Must - not be absolute or contain the ''..'' - path. Must be utf-8 encoded. The first - item of the relative path must not start - with ''..''' type: string resourceFieldRef: - description: 'Selects a resource of the - container: only resources limits and requests - (limits.cpu, limits.memory, requests.cpu - and requests.memory) are currently supported.' properties: containerName: - description: 'Container name: required - for volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output format - of the exposed resources, defaults - to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to - select' type: string required: - resource @@ -636,204 +286,50 @@ spec: x-kubernetes-list-type: atomic type: object emptyDir: - description: 'emptyDir represents a temporary directory - that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' properties: medium: - description: 'medium represents what type of storage - medium should back this directory. The default - is "" which means to use the node''s default - medium. Must be an empty string (default) or - Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: anyOf: - type: integer - type: string - description: 'sizeLimit is the total amount of - local storage required for this EmptyDir volume. - The size limit is also applicable for memory - medium. The maximum usage on memory medium EmptyDir - would be the minimum value between the SizeLimit - specified here and the sum of memory limits - of all containers in a pod. The default is nil - which means that the limit is undefined. More - info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object ephemeral: - description: "ephemeral represents a volume that is - handled by a cluster storage driver. The volume's - lifecycle is tied to the pod that defines it - it - will be created before the pod starts, and deleted - when the pod is removed. \n Use this if: a) the - volume is only needed while the pod runs, b) features - of normal volumes like restoring from snapshot or - capacity tracking are needed, c) the storage driver - is specified through a storage class, and d) the - storage driver supports dynamic volume provisioning - through a PersistentVolumeClaim (see EphemeralVolumeSource - for more information on the connection between this - volume type and PersistentVolumeClaim). \n Use PersistentVolumeClaim - or one of the vendor-specific APIs for volumes that - persist for longer than the lifecycle of an individual - pod. \n Use CSI for light-weight local ephemeral - volumes if the CSI driver is meant to be used that - way - see the documentation of the driver for more - information. \n A pod can use both types of ephemeral - volumes and persistent volumes at the same time." properties: volumeClaimTemplate: - description: "Will be used to create a stand-alone - PVC to provision the volume. The pod in which - this EphemeralVolumeSource is embedded will - be the owner of the PVC, i.e. the PVC will be - deleted together with the pod. The name of - the PVC will be `-` where - `` is the name from the `PodSpec.Volumes` - array entry. Pod validation will reject the - pod if the concatenated name is not valid for - a PVC (for example, too long). \n An existing - PVC with that name that is not owned by the - pod will *not* be used for the pod to avoid - using an unrelated volume by mistake. Starting - the pod is then blocked until the unrelated - PVC is removed. If such a pre-created PVC is - meant to be used by the pod, the PVC has to - updated with an owner reference to the pod once - the pod exists. Normally this should not be - necessary, but it may be useful when manually - reconstructing a broken cluster. \n This field - is read-only and no changes will be made by - Kubernetes to the PVC after it has been created. - \n Required, must not be nil." properties: metadata: - description: May contain labels and annotations - that will be copied into the PVC when creating - it. No other fields are allowed and will - be rejected during validation. properties: annotations: additionalProperties: type: string - description: 'Annotations is an unstructured - key value map stored with a resource - that may be set by external tools to - store and retrieve arbitrary metadata. - They are not queryable and should be - preserved when modifying objects. More - info: http://kubernetes.io/docs/user-guide/annotations' type: object generateName: - description: "GenerateName is an optional - prefix, used by the server, to generate - a unique name ONLY IF the Name field - has not been provided. If this field - is used, the name returned to the client - will be different than the name passed. - This value will also be combined with - a unique suffix. The provided value - has the same validation rules as the - Name field, and may be truncated by - the length of the suffix required to - make the value unique on the server. - \n If this field is specified and the - generated name exists, the server will - NOT return a 409 - instead, it will - either return 201 Created or 500 with - Reason ServerTimeout indicating a unique - name could not be found in the time - allotted, and the client should retry - (optionally after the time indicated - in the Retry-After header). \n Applied - only if Name is not specified. More - info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" type: string labels: additionalProperties: type: string - description: 'Map of string keys and values - that can be used to organize and categorize - (scope and select) objects. May match - selectors of replication controllers - and services. More info: http://kubernetes.io/docs/user-guide/labels' type: object name: - description: 'Name must be unique within - a namespace. Is required when creating - resources, although some resources may - allow a client to request the generation - of an appropriate name automatically. - Name is primarily intended for creation - idempotence and configuration definition. - Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' type: string namespace: - description: "Namespace defines the space - within each name must be unique. An - empty namespace is equivalent to the - \"default\" namespace, but \"default\" - is the canonical representation. Not - all objects are required to be scoped - to a namespace - the value of this field - for those objects will be empty. \n - Must be a DNS_LABEL. Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/namespaces" type: string ownerReferences: - description: List of objects depended - by this object. If ALL objects in the - list have been deleted, this object - will be garbage collected. If this object - is managed by a controller, then an - entry in this list will point to this - controller, with the controller field - set to true. There cannot be more than - one managing controller. items: - description: OwnerReference contains - enough information to let you identify - an owning object. An owning object - must be in the same namespace as the - dependent, or be cluster-scoped, so - there is no namespace field. properties: apiVersion: - description: API version of the - referent. type: string blockOwnerDeletion: - description: If true, AND if the - owner has the "foregroundDeletion" - finalizer, then the owner cannot - be deleted from the key-value - store until this reference is - removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion - for how the garbage collector - interacts with this field and - enforces the foreground deletion. - Defaults to false. To set this - field, a user needs "delete" permission - of the owner, otherwise 422 (Unprocessable - Entity) will be returned. type: boolean controller: - description: If true, this reference - points to the managing controller. type: boolean kind: - description: 'Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: - description: 'UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -845,53 +341,19 @@ spec: type: array type: object spec: - description: The specification for the PersistentVolumeClaim. - The entire content is copied unchanged into - the PVC that gets created from this template. - The same fields as in a PersistentVolumeClaim - are also valid here. properties: accessModes: - description: 'accessModes contains the - desired access modes the volume should - have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array x-kubernetes-list-type: atomic dataSource: - description: 'dataSource field can be - used to specify either: * An existing - VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an external controller - can support the specified data source, - it will create a new volume based on - the contents of the specified data source. - When the AnyVolumeDataSource feature - gate is enabled, dataSource contents - will be copied to dataSourceRef, and - dataSourceRef contents will be copied - to dataSource when dataSourceRef.namespace - is not specified. If the namespace is - specified, then dataSourceRef will not - be copied to dataSource.' properties: apiGroup: - description: APIGroup is the group - for the resource being referenced. - If APIGroup is not specified, the - specified Kind must be in the core - API group. For any other third-party - types, APIGroup is required. type: string kind: - description: Kind is the type of resource - being referenced type: string name: - description: Name is the name of resource - being referenced type: string required: - kind @@ -899,88 +361,20 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef specifies - the object from which to populate the - volume with data, if a non-empty volume - is desired. This may be any object from - a non-empty API group (non core object) - or a PersistentVolumeClaim object. When - this field is specified, volume binding - will only succeed if the type of the - specified object matches some installed - volume populator or dynamic provisioner. - This field will replace the functionality - of the dataSource field and as such - if both fields are non-empty, they must - have the same value. For backwards compatibility, - when namespace isn''t specified in dataSourceRef, - both fields (dataSource and dataSourceRef) - will be set to the same value automatically - if one of them is empty and the other - is non-empty. When namespace is specified - in dataSourceRef, dataSource isn''t - set to the same value and must be empty. - There are three important differences - between dataSource and dataSourceRef: - * While dataSource only allows two specific - types of objects, dataSourceRef allows - any non-core object, as well as PersistentVolumeClaim - objects. * While dataSource ignores - disallowed values (dropping them), dataSourceRef - preserves all values, and generates - an error if a disallowed value is specified. - * While dataSource only allows local - objects, dataSourceRef allows objects - in any namespaces. (Beta) Using this - field requires the AnyVolumeDataSource - feature gate to be enabled. (Alpha) - Using the namespace field of dataSourceRef - requires the CrossNamespaceVolumeDataSource - feature gate to be enabled.' properties: apiGroup: - description: APIGroup is the group - for the resource being referenced. - If APIGroup is not specified, the - specified Kind must be in the core - API group. For any other third-party - types, APIGroup is required. type: string kind: - description: Kind is the type of resource - being referenced type: string name: - description: Name is the name of resource - being referenced type: string namespace: - description: Namespace is the namespace - of resource being referenced Note - that when a namespace is specified, - a gateway.networking.k8s.io/ReferenceGrant - object is required in the referent - namespace to allow that namespace's - owner to accept the reference. See - the ReferenceGrant documentation - for details. (Alpha) This field - requires the CrossNamespaceVolumeDataSource - feature gate to be enabled. type: string required: - kind - name type: object resources: - description: 'resources represents the - minimum resources the volume should - have. If RecoverVolumeExpansionFailure - feature is enabled users are allowed - to specify resource requirements that - are lower than previous value but must - still be higher than capacity recorded - in the status field of the claim. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: @@ -989,9 +383,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the - maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -1000,52 +391,18 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the - minimum amount of compute resources - required. If Requests is omitted - for a container, it defaults to - Limits if that is explicitly specified, - otherwise to an implementation-defined - value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: - description: selector is a label query - over volumes to consider for binding. properties: matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. properties: key: - description: key is the label - key that the selector applies - to. type: string operator: - description: operator represents - a key's relationship to a - set of values. Valid operators - are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an array - of string values. If the operator - is In or NotIn, the values - array must be non-empty. If - the operator is Exists or - DoesNotExist, the values array - must be empty. This array - is replaced during a strategic - merge patch. items: type: string type: array @@ -1059,60 +416,16 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map - of {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are - ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName is the - name of the StorageClass required by - the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeAttributesClassName: - description: 'volumeAttributesClassName - may be used to set the VolumeAttributesClass - used by this claim. If specified, the - CSI driver will create or update the - volume with the attributes defined in - the corresponding VolumeAttributesClass. - This has a different purpose than storageClassName, - it can be changed after the claim is - created. An empty string value means - that no VolumeAttributesClass will be - applied to the claim but it''s not allowed - to reset this field to empty string - once it is set. If unspecified and the - PersistentVolumeClaim is unbound, the - default VolumeAttributesClass will be - set by the persistentvolume controller - if it exists. If the resource referred - to by volumeAttributesClass does not - exist, this PersistentVolumeClaim will - be set to a Pending state, as reflected - by the modifyVolumeStatus field, until - such as a resource exists. More info: - https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires the - VolumeAttributesClass feature gate to - be enabled.' type: string volumeMode: - description: volumeMode defines what type - of volume is required by the claim. - Value of Filesystem is implied when - not included in claim spec. type: string volumeName: - description: volumeName is the binding - reference to the PersistentVolume backing - this claim. type: string type: object required: @@ -1120,91 +433,41 @@ spec: type: object type: object fc: - description: fc represents a Fibre Channel resource - that is attached to a kubelet's host machine and - then exposed to the pod. properties: fsType: - description: 'fsType is the filesystem type to - mount. Must be a filesystem type supported by - the host operating system. Ex. "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if - unspecified. TODO: how do we prevent errors - in the filesystem from compromising the machine' type: string lun: - description: 'lun is Optional: FC target lun number' format: int32 type: integer readOnly: - description: 'readOnly is Optional: Defaults to - false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts.' type: boolean targetWWNs: - description: 'targetWWNs is Optional: FC target - worldwide names (WWNs)' items: type: string type: array x-kubernetes-list-type: atomic wwids: - description: 'wwids Optional: FC volume world - wide identifiers (wwids) Either wwids or combination - of targetWWNs and lun must be set, but not both - simultaneously.' items: type: string type: array x-kubernetes-list-type: atomic type: object flexVolume: - description: flexVolume represents a generic volume - resource that is provisioned/attached using an exec - based plugin. properties: driver: - description: driver is the name of the driver - to use for this volume. type: string fsType: - description: fsType is the filesystem type to - mount. Must be a filesystem type supported by - the host operating system. Ex. "ext4", "xfs", - "ntfs". The default filesystem depends on FlexVolume - script. type: string options: additionalProperties: type: string - description: 'options is Optional: this field - holds extra command options if any.' type: object readOnly: - description: 'readOnly is Optional: defaults to - false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts.' type: boolean secretRef: - description: 'secretRef is Optional: secretRef - is reference to the secret object containing - sensitive information to pass to the plugin - scripts. This may be empty if no secret object - is specified. If the secret object contains - more than one secret, all secrets are passed - to the plugin scripts.' properties: name: default: "" - description: 'Name of the referent. This field - is effectively required, but due to backwards - compatibility is allowed to be empty. Instances - of this type with an empty value here are - almost certainly wrong. TODO: Add other - useful fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic @@ -1212,182 +475,79 @@ spec: - driver type: object flocker: - description: flocker represents a Flocker volume attached - to a kubelet's host machine. This depends on the - Flocker control service being running properties: datasetName: - description: datasetName is Name of the dataset - stored as metadata -> name on the dataset for - Flocker should be considered as deprecated type: string datasetUUID: - description: datasetUUID is the UUID of the dataset. - This is unique identifier of a Flocker dataset type: string type: object gcePersistentDisk: - description: 'gcePersistentDisk represents a GCE Disk - resource that is attached to a kubelet''s host machine - and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' properties: fsType: - description: 'fsType is filesystem type of the - volume that you want to mount. Tip: Ensure that - the filesystem type is supported by the host - operating system. Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem - from compromising the machine' type: string partition: - description: 'partition is the partition in the - volume that you want to mount. If omitted, the - default is to mount by volume name. Examples: - For volume /dev/sda1, you specify the partition - as "1". Similarly, the volume partition for - /dev/sda is "0" (or you can leave the property - empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' format: int32 type: integer pdName: - description: 'pdName is unique name of the PD - resource in GCE. Used to identify the disk in - GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: string readOnly: - description: 'readOnly here will force the ReadOnly - setting in VolumeMounts. Defaults to false. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: boolean required: - pdName type: object glusterfs: - description: 'glusterfs represents a Glusterfs mount - on the host that shares a pod''s lifetime. More - info: https://examples.k8s.io/volumes/glusterfs/README.md' properties: endpoints: - description: 'endpoints is the endpoint name that - details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string path: - description: 'path is the Glusterfs volume path. - More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string readOnly: - description: 'readOnly here will force the Glusterfs - volume to be mounted with read-only permissions. - Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: boolean required: - endpoints - path type: object hostPath: - description: 'hostPath represents a pre-existing file - or directory on the host machine that is directly - exposed to the container. This is generally used - for system agents or other privileged things that - are allowed to see the host machine. Most containers - will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict who can use - host directory mounts and who can/can not mount - host directories as read/write.' properties: path: - description: 'path of the directory on the host. - If the path is a symlink, it will follow the - link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string type: - description: 'type for HostPath Volume Defaults - to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string required: - path type: object iscsi: - description: 'iscsi represents an ISCSI Disk resource - that is attached to a kubelet''s host machine and - then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' properties: chapAuthDiscovery: - description: chapAuthDiscovery defines whether - support iSCSI Discovery CHAP authentication type: boolean chapAuthSession: - description: chapAuthSession defines whether support - iSCSI Session CHAP authentication type: boolean fsType: - description: 'fsType is the filesystem type of - the volume that you want to mount. Tip: Ensure - that the filesystem type is supported by the - host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if - unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem - from compromising the machine' type: string initiatorName: - description: initiatorName is the custom iSCSI - Initiator Name. If initiatorName is specified - with iscsiInterface simultaneously, new iSCSI - interface : will - be created for the connection. type: string iqn: - description: iqn is the target iSCSI Qualified - Name. type: string iscsiInterface: - description: iscsiInterface is the interface Name - that uses an iSCSI transport. Defaults to 'default' - (tcp). type: string lun: - description: lun represents iSCSI Target Lun number. format: int32 type: integer portals: - description: portals is the iSCSI Target Portal - List. The portal is either an IP or ip_addr:port - if the port is other than default (typically - TCP ports 860 and 3260). items: type: string type: array x-kubernetes-list-type: atomic readOnly: - description: readOnly here will force the ReadOnly - setting in VolumeMounts. Defaults to false. type: boolean secretRef: - description: secretRef is the CHAP Secret for - iSCSI target and initiator authentication properties: name: default: "" - description: 'Name of the referent. This field - is effectively required, but due to backwards - compatibility is allowed to be empty. Instances - of this type with an empty value here are - almost certainly wrong. TODO: Add other - useful fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic targetPortal: - description: targetPortal is iSCSI Target Portal. - The Portal is either an IP or ip_addr:port if - the port is other than default (typically TCP - ports 860 and 3260). type: string required: - iqn @@ -1395,167 +555,66 @@ spec: - targetPortal type: object nfs: - description: 'nfs represents an NFS mount on the host - that shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' properties: path: - description: 'path that is exported by the NFS - server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string readOnly: - description: 'readOnly here will force the NFS - export to be mounted with read-only permissions. - Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: boolean server: - description: 'server is the hostname or IP address - of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string required: - path - server type: object persistentVolumeClaim: - description: 'persistentVolumeClaimVolumeSource represents - a reference to a PersistentVolumeClaim in the same - namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: claimName: - description: 'claimName is the name of a PersistentVolumeClaim - in the same namespace as the pod using this - volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' type: string readOnly: - description: readOnly Will force the ReadOnly - setting in VolumeMounts. Default false. type: boolean required: - claimName type: object photonPersistentDisk: - description: photonPersistentDisk represents a PhotonController - persistent disk attached and mounted on kubelets - host machine properties: fsType: - description: fsType is the filesystem type to - mount. Must be a filesystem type supported by - the host operating system. Ex. "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if - unspecified. type: string pdID: - description: pdID is the ID that identifies Photon - Controller persistent disk type: string required: - pdID type: object portworxVolume: - description: portworxVolume represents a portworx - volume attached and mounted on kubelets host machine properties: fsType: - description: fSType represents the filesystem - type to mount Must be a filesystem type supported - by the host operating system. Ex. "ext4", "xfs". - Implicitly inferred to be "ext4" if unspecified. type: string readOnly: - description: readOnly defaults to false (read/write). - ReadOnly here will force the ReadOnly setting - in VolumeMounts. type: boolean volumeID: - description: volumeID uniquely identifies a Portworx - volume type: string required: - volumeID type: object projected: - description: projected items for all in one resources - secrets, configmaps, and downward API properties: defaultMode: - description: defaultMode are the mode bits used - to set permissions on created files by default. - Must be an octal value between 0000 and 0777 - or a decimal value between 0 and 511. YAML accepts - both octal and decimal values, JSON requires - decimal values for mode bits. Directories within - the path are not affected by this setting. This - might be in conflict with other options that - affect the file mode, like fsGroup, and the - result can be other mode bits set. format: int32 type: integer sources: - description: sources is the list of volume projections items: - description: Projection that may be projected - along with other supported volume types properties: clusterTrustBundle: - description: "ClusterTrustBundle allows - a pod to access the `.spec.trustBundle` - field of ClusterTrustBundle objects in - an auto-updating file. \n Alpha, gated - by the ClusterTrustBundleProjection feature - gate. \n ClusterTrustBundle objects can - either be selected by name, or by the - combination of signer name and a label - selector. \n Kubelet performs aggressive - normalization of the PEM contents written - into the pod filesystem. Esoteric PEM - features such as inter-block comments - and block headers are stripped. Certificates - are deduplicated. The ordering of certificates - within the file is arbitrary, and Kubelet - may change the order over time." properties: labelSelector: - description: Select all ClusterTrustBundles - that match this label selector. Only - has effect if signerName is set. Mutually-exclusive - with name. If unset, interpreted - as "match nothing". If set but empty, - interpreted as "match everything". properties: matchExpressions: - description: matchExpressions is - a list of label selector requirements. - The requirements are ANDed. items: - description: A label selector - requirement is a selector that - contains values, a key, and - an operator that relates the - key and values. properties: key: - description: key is the label - key that the selector applies - to. type: string operator: - description: operator represents - a key's relationship to - a set of values. Valid operators - are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an - array of string values. - If the operator is In or - NotIn, the values array - must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be - empty. This array is replaced - during a strategic merge - patch. items: type: string type: array @@ -1569,99 +628,31 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map - of {key,value} pairs. A single - {key,value} in the matchLabels - map is equivalent to an element - of matchExpressions, whose key - field is "key", the operator is - "In", and the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic name: - description: Select a single ClusterTrustBundle - by object name. Mutually-exclusive - with signerName and labelSelector. type: string optional: - description: If true, don't block pod - startup if the referenced ClusterTrustBundle(s) - aren't available. If using name, - then the named ClusterTrustBundle - is allowed not to exist. If using - signerName, then the combination of - signerName and labelSelector is allowed - to match zero ClusterTrustBundles. type: boolean path: - description: Relative path from the - volume root to write the bundle. type: string signerName: - description: Select all ClusterTrustBundles - that match this signer name. Mutually-exclusive - with name. The contents of all selected - ClusterTrustBundles will be unified - and deduplicated. type: string required: - path type: object configMap: - description: configMap information about - the configMap data to project properties: items: - description: items if unspecified, each - key-value pair in the Data field of - the referenced ConfigMap will be projected - into the volume as a file whose name - is the key and content is the value. - If specified, the listed keys will - be projected into the specified paths, - and unlisted keys will not be present. - If a key is specified which is not - present in the ConfigMap, the volume - setup will error unless it is marked - optional. Paths must be relative and - may not contain the '..' path or start - with '..'. items: - description: Maps a string key to - a path within a volume. properties: key: - description: key is the key to - project. type: string mode: - description: 'mode is Optional: - mode bits used to set permissions - on this file. Must be an octal - value between 0000 and 0777 - or a decimal value between 0 - and 511. YAML accepts both octal - and decimal values, JSON requires - decimal values for mode bits. - If not specified, the volume - defaultMode will be used. This - might be in conflict with other - options that affect the file - mode, like fsGroup, and the - result can be other mode bits - set.' format: int32 type: integer path: - description: path is the relative - path of the file to map the - key to. May not be an absolute - path. May not contain the path - element '..'. May not start - with the string '..'. type: string required: - key @@ -1671,108 +662,42 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value here - are almost certainly wrong. TODO: - Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional specify whether - the ConfigMap or its keys must be - defined type: boolean type: object x-kubernetes-map-type: atomic downwardAPI: - description: downwardAPI information about - the downwardAPI data to project properties: items: - description: Items is a list of DownwardAPIVolume - file items: - description: DownwardAPIVolumeFile - represents information to create - the file containing the pod field properties: fieldRef: - description: 'Required: Selects - a field of the pod: only annotations, - labels, name, namespace and - uid are supported.' properties: apiVersion: - description: Version of the - schema the FieldPath is - written in terms of, defaults - to "v1". type: string fieldPath: - description: Path of the field - to select in the specified - API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: mode bits - used to set permissions on this - file, must be an octal value - between 0000 and 0777 or a decimal - value between 0 and 511. YAML - accepts both octal and decimal - values, JSON requires decimal - values for mode bits. If not - specified, the volume defaultMode - will be used. This might be - in conflict with other options - that affect the file mode, like - fsGroup, and the result can - be other mode bits set.' format: int32 type: integer path: - description: 'Required: Path is the - relative path name of the file - to be created. Must not be absolute - or contain the ''..'' path. - Must be utf-8 encoded. The first - item of the relative path must - not start with ''..''' type: string resourceFieldRef: - description: 'Selects a resource - of the container: only resources - limits and requests (limits.cpu, - limits.memory, requests.cpu - and requests.memory) are currently - supported.' properties: containerName: - description: 'Container name: - required for volumes, optional - for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the - output format of the exposed - resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource - to select' type: string required: - resource @@ -1785,57 +710,16 @@ spec: x-kubernetes-list-type: atomic type: object secret: - description: secret information about the - secret data to project properties: items: - description: items if unspecified, each - key-value pair in the Data field of - the referenced Secret will be projected - into the volume as a file whose name - is the key and content is the value. - If specified, the listed keys will - be projected into the specified paths, - and unlisted keys will not be present. - If a key is specified which is not - present in the Secret, the volume - setup will error unless it is marked - optional. Paths must be relative and - may not contain the '..' path or start - with '..'. items: - description: Maps a string key to - a path within a volume. properties: key: - description: key is the key to - project. type: string mode: - description: 'mode is Optional: - mode bits used to set permissions - on this file. Must be an octal - value between 0000 and 0777 - or a decimal value between 0 - and 511. YAML accepts both octal - and decimal values, JSON requires - decimal values for mode bits. - If not specified, the volume - defaultMode will be used. This - might be in conflict with other - options that affect the file - mode, like fsGroup, and the - result can be other mode bits - set.' format: int32 type: integer path: - description: path is the relative - path of the file to map the - key to. May not be an absolute - path. May not contain the path - element '..'. May not start - with the string '..'. type: string required: - key @@ -1845,56 +729,19 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value here - are almost certainly wrong. TODO: - Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional field specify - whether the Secret or its key must - be defined type: boolean type: object x-kubernetes-map-type: atomic serviceAccountToken: - description: serviceAccountToken is information - about the serviceAccountToken data to - project properties: audience: - description: audience is the intended - audience of the token. A recipient - of a token must identify itself with - an identifier specified in the audience - of the token, and otherwise should - reject the token. The audience defaults - to the identifier of the apiserver. type: string expirationSeconds: - description: expirationSeconds is the - requested duration of validity of - the service account token. As the - token approaches expiration, the kubelet - volume plugin will proactively rotate - the service account token. The kubelet - will start trying to rotate the token - if the token is older than 80 percent - of its time to live or if the token - is older than 24 hours.Defaults to - 1 hour and must be at least 10 minutes. format: int64 type: integer path: - description: path is the path relative - to the mount point of the file to - project the token into. type: string required: - path @@ -1904,174 +751,79 @@ spec: x-kubernetes-list-type: atomic type: object quobyte: - description: quobyte represents a Quobyte mount on - the host that shares a pod's lifetime properties: group: - description: group to map volume access to Default - is no group type: string readOnly: - description: readOnly here will force the Quobyte - volume to be mounted with read-only permissions. - Defaults to false. type: boolean registry: - description: registry represents a single or multiple - Quobyte Registry services specified as a string - as host:port pair (multiple entries are separated - with commas) which acts as the central registry - for volumes type: string tenant: - description: tenant owning the given Quobyte volume - in the Backend Used with dynamically provisioned - Quobyte volumes, value is set by the plugin type: string user: - description: user to map volume access to Defaults - to serivceaccount user type: string volume: - description: volume is a string that references - an already created Quobyte volume by name. type: string required: - registry - volume type: object rbd: - description: 'rbd represents a Rados Block Device - mount on the host that shares a pod''s lifetime. - More info: https://examples.k8s.io/volumes/rbd/README.md' properties: fsType: - description: 'fsType is the filesystem type of - the volume that you want to mount. Tip: Ensure - that the filesystem type is supported by the - host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if - unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem - from compromising the machine' type: string image: - description: 'image is the rados image name. More - info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string keyring: - description: 'keyring is the path to key ring - for RBDUser. Default is /etc/ceph/keyring. More - info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string monitors: - description: 'monitors is a collection of Ceph - monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' items: type: string type: array x-kubernetes-list-type: atomic pool: - description: 'pool is the rados pool name. Default - is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string readOnly: - description: 'readOnly here will force the ReadOnly - setting in VolumeMounts. Defaults to false. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: boolean secretRef: - description: 'secretRef is name of the authentication - secret for RBDUser. If provided overrides keyring. - Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' properties: name: default: "" - description: 'Name of the referent. This field - is effectively required, but due to backwards - compatibility is allowed to be empty. Instances - of this type with an empty value here are - almost certainly wrong. TODO: Add other - useful fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is the rados user name. Default - is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string required: - image - monitors type: object scaleIO: - description: scaleIO represents a ScaleIO persistent - volume attached and mounted on Kubernetes nodes. properties: fsType: - description: fsType is the filesystem type to - mount. Must be a filesystem type supported by - the host operating system. Ex. "ext4", "xfs", - "ntfs". Default is "xfs". type: string gateway: - description: gateway is the host address of the - ScaleIO API Gateway. type: string protectionDomain: - description: protectionDomain is the name of the - ScaleIO Protection Domain for the configured - storage. type: string readOnly: - description: readOnly Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting - in VolumeMounts. type: boolean secretRef: - description: secretRef references to the secret - for ScaleIO user and other sensitive information. - If this is not provided, Login operation will - fail. properties: name: default: "" - description: 'Name of the referent. This field - is effectively required, but due to backwards - compatibility is allowed to be empty. Instances - of this type with an empty value here are - almost certainly wrong. TODO: Add other - useful fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic sslEnabled: - description: sslEnabled Flag enable/disable SSL - communication with Gateway, default false type: boolean storageMode: - description: storageMode indicates whether the - storage for a volume should be ThickProvisioned - or ThinProvisioned. Default is ThinProvisioned. type: string storagePool: - description: storagePool is the ScaleIO Storage - Pool associated with the protection domain. type: string system: - description: system is the name of the storage - system as configured in ScaleIO. type: string volumeName: - description: volumeName is the name of a volume - already created in the ScaleIO system that is - associated with this volume source. type: string required: - gateway @@ -2079,62 +831,19 @@ spec: - system type: object secret: - description: 'secret represents a secret that should - populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' properties: defaultMode: - description: 'defaultMode is Optional: mode bits - used to set permissions on created files by - default. Must be an octal value between 0000 - and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. - Defaults to 0644. Directories within the path - are not affected by this setting. This might - be in conflict with other options that affect - the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer items: - description: items If unspecified, each key-value - pair in the Data field of the referenced Secret - will be projected into the volume as a file - whose name is the key and content is the value. - If specified, the listed keys will be projected - into the specified paths, and unlisted keys - will not be present. If a key is specified which - is not present in the Secret, the volume setup - will error unless it is marked optional. Paths - must be relative and may not contain the '..' - path or start with '..'. items: - description: Maps a string key to a path within - a volume. properties: key: - description: key is the key to project. type: string mode: - description: 'mode is Optional: mode bits - used to set permissions on this file. - Must be an octal value between 0000 and - 0777 or a decimal value between 0 and - 511. YAML accepts both octal and decimal - values, JSON requires decimal values for - mode bits. If not specified, the volume - defaultMode will be used. This might be - in conflict with other options that affect - the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer path: - description: path is the relative path of - the file to map the key to. May not be - an absolute path. May not contain the - path element '..'. May not start with - the string '..'. type: string required: - key @@ -2143,188 +852,60 @@ spec: type: array x-kubernetes-list-type: atomic optional: - description: optional field specify whether the - Secret or its keys must be defined type: boolean secretName: - description: 'secretName is the name of the secret - in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' type: string type: object storageos: - description: storageOS represents a StorageOS volume - attached and mounted on Kubernetes nodes. properties: fsType: - description: fsType is the filesystem type to - mount. Must be a filesystem type supported by - the host operating system. Ex. "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if - unspecified. type: string readOnly: - description: readOnly defaults to false (read/write). - ReadOnly here will force the ReadOnly setting - in VolumeMounts. type: boolean secretRef: - description: secretRef specifies the secret to - use for obtaining the StorageOS API credentials. If - not specified, default values will be attempted. properties: name: default: "" - description: 'Name of the referent. This field - is effectively required, but due to backwards - compatibility is allowed to be empty. Instances - of this type with an empty value here are - almost certainly wrong. TODO: Add other - useful fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic volumeName: - description: volumeName is the human-readable - name of the StorageOS volume. Volume names - are only unique within a namespace. type: string volumeNamespace: - description: volumeNamespace specifies the scope - of the volume within StorageOS. If no namespace - is specified then the Pod's namespace will be - used. This allows the Kubernetes name scoping - to be mirrored within StorageOS for tighter - integration. Set VolumeName to any name to override - the default behaviour. Set to "default" if you - are not using namespaces within StorageOS. Namespaces - that do not pre-exist within StorageOS will - be created. type: string type: object volumeClaimTemplate: - description: VolumeClaimTemplate specifies a template - for volume to use by the backup/restore executor properties: metadata: - description: May contain labels and annotations - that will be copied into the PVC when creating - it. No other fields are allowed and will be - rejected during validation. properties: annotations: additionalProperties: type: string - description: 'Annotations is an unstructured - key value map stored with a resource that - may be set by external tools to store and - retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying - objects. More info: http://kubernetes.io/docs/user-guide/annotations' type: object generateName: - description: "GenerateName is an optional - prefix, used by the server, to generate - a unique name ONLY IF the Name field has - not been provided. If this field is used, - the name returned to the client will be - different than the name passed. This value - will also be combined with a unique suffix. - The provided value has the same validation - rules as the Name field, and may be truncated - by the length of the suffix required to - make the value unique on the server. \n - If this field is specified and the generated - name exists, the server will NOT return - a 409 - instead, it will either return 201 - Created or 500 with Reason ServerTimeout - indicating a unique name could not be found - in the time allotted, and the client should - retry (optionally after the time indicated - in the Retry-After header). \n Applied only - if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" type: string labels: additionalProperties: type: string - description: 'Map of string keys and values - that can be used to organize and categorize - (scope and select) objects. May match selectors - of replication controllers and services. - More info: http://kubernetes.io/docs/user-guide/labels' type: object name: - description: 'Name must be unique within a - namespace. Is required when creating resources, - although some resources may allow a client - to request the generation of an appropriate - name automatically. Name is primarily intended - for creation idempotence and configuration - definition. Cannot be updated. More info: - http://kubernetes.io/docs/user-guide/identifiers#names' type: string namespace: - description: "Namespace defines the space - within each name must be unique. An empty - namespace is equivalent to the \"default\" - namespace, but \"default\" is the canonical - representation. Not all objects are required - to be scoped to a namespace - the value - of this field for those objects will be - empty. \n Must be a DNS_LABEL. Cannot be - updated. More info: http://kubernetes.io/docs/user-guide/namespaces" type: string ownerReferences: - description: List of objects depended by this - object. If ALL objects in the list have - been deleted, this object will be garbage - collected. If this object is managed by - a controller, then an entry in this list - will point to this controller, with the - controller field set to true. There cannot - be more than one managing controller. items: - description: OwnerReference contains enough - information to let you identify an owning - object. An owning object must be in the - same namespace as the dependent, or be - cluster-scoped, so there is no namespace - field. properties: apiVersion: - description: API version of the referent. type: string blockOwnerDeletion: - description: If true, AND if the owner - has the "foregroundDeletion" finalizer, - then the owner cannot be deleted from - the key-value store until this reference - is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion - for how the garbage collector interacts - with this field and enforces the foreground - deletion. Defaults to false. To set - this field, a user needs "delete" - permission of the owner, otherwise - 422 (Unprocessable Entity) will be - returned. type: boolean controller: - description: If true, this reference - points to the managing controller. type: boolean kind: - description: 'Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: - description: 'UID of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -2336,51 +917,19 @@ spec: type: array type: object spec: - description: The specification for the PersistentVolumeClaim. - The entire content is copied unchanged into - the PVC that gets created from this template. - The same fields as in a PersistentVolumeClaim - are also valid here. properties: accessModes: - description: 'accessModes contains the desired - access modes the volume should have. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array x-kubernetes-list-type: atomic dataSource: - description: 'dataSource field can be used - to specify either: * An existing VolumeSnapshot - object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an external controller - can support the specified data source, it - will create a new volume based on the contents - of the specified data source. When the AnyVolumeDataSource - feature gate is enabled, dataSource contents - will be copied to dataSourceRef, and dataSourceRef - contents will be copied to dataSource when - dataSourceRef.namespace is not specified. - If the namespace is specified, then dataSourceRef - will not be copied to dataSource.' properties: apiGroup: - description: APIGroup is the group for - the resource being referenced. If APIGroup - is not specified, the specified Kind - must be in the core API group. For any - other third-party types, APIGroup is - required. type: string kind: - description: Kind is the type of resource - being referenced type: string name: - description: Name is the name of resource - being referenced type: string required: - kind @@ -2388,82 +937,20 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef specifies the - object from which to populate the volume - with data, if a non-empty volume is desired. - This may be any object from a non-empty - API group (non core object) or a PersistentVolumeClaim - object. When this field is specified, volume - binding will only succeed if the type of - the specified object matches some installed - volume populator or dynamic provisioner. - This field will replace the functionality - of the dataSource field and as such if both - fields are non-empty, they must have the - same value. For backwards compatibility, - when namespace isn''t specified in dataSourceRef, - both fields (dataSource and dataSourceRef) - will be set to the same value automatically - if one of them is empty and the other is - non-empty. When namespace is specified in - dataSourceRef, dataSource isn''t set to - the same value and must be empty. There - are three important differences between - dataSource and dataSourceRef: * While dataSource - only allows two specific types of objects, - dataSourceRef allows any non-core object, - as well as PersistentVolumeClaim objects. - * While dataSource ignores disallowed values - (dropping them), dataSourceRef preserves - all values, and generates an error if a - disallowed value is specified. * While dataSource - only allows local objects, dataSourceRef - allows objects in any namespaces. (Beta) - Using this field requires the AnyVolumeDataSource - feature gate to be enabled. (Alpha) Using - the namespace field of dataSourceRef requires - the CrossNamespaceVolumeDataSource feature - gate to be enabled.' properties: apiGroup: - description: APIGroup is the group for - the resource being referenced. If APIGroup - is not specified, the specified Kind - must be in the core API group. For any - other third-party types, APIGroup is - required. type: string kind: - description: Kind is the type of resource - being referenced type: string name: - description: Name is the name of resource - being referenced type: string namespace: - description: Namespace is the namespace - of resource being referenced Note that - when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant - object is required in the referent namespace - to allow that namespace's owner to accept - the reference. See the ReferenceGrant - documentation for details. (Alpha) This - field requires the CrossNamespaceVolumeDataSource - feature gate to be enabled. type: string required: - kind - name type: object resources: - description: 'resources represents the minimum - resources the volume should have. If RecoverVolumeExpansionFailure - feature is enabled users are allowed to - specify resource requirements that are lower - than previous value but must still be higher - than capacity recorded in the status field - of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: @@ -2472,9 +959,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum - amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -2483,48 +967,18 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum - amount of compute resources required. - If Requests is omitted for a container, - it defaults to Limits if that is explicitly - specified, otherwise to an implementation-defined - value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: - description: selector is a label query over - volumes to consider for binding. properties: matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. properties: key: - description: key is the label key - that the selector applies to. type: string operator: - description: operator represents - a key's relationship to a set - of values. Valid operators are - In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array - of string values. If the operator - is In or NotIn, the values array - must be non-empty. If the operator - is Exists or DoesNotExist, the - values array must be empty. This - array is replaced during a strategic - merge patch. items: type: string type: array @@ -2538,98 +992,43 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName is the name - of the StorageClass required by the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeAttributesClassName: - description: 'volumeAttributesClassName may - be used to set the VolumeAttributesClass - used by this claim. If specified, the CSI - driver will create or update the volume - with the attributes defined in the corresponding - VolumeAttributesClass. This has a different - purpose than storageClassName, it can be - changed after the claim is created. An empty - string value means that no VolumeAttributesClass - will be applied to the claim but it''s not - allowed to reset this field to empty string - once it is set. If unspecified and the PersistentVolumeClaim - is unbound, the default VolumeAttributesClass - will be set by the persistentvolume controller - if it exists. If the resource referred to - by volumeAttributesClass does not exist, - this PersistentVolumeClaim will be set to - a Pending state, as reflected by the modifyVolumeStatus - field, until such as a resource exists. - More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires the VolumeAttributesClass - feature gate to be enabled.' type: string volumeMode: - description: volumeMode defines what type - of volume is required by the claim. Value - of Filesystem is implied when not included - in claim spec. type: string volumeName: - description: volumeName is the binding reference - to the PersistentVolume backing this claim. type: string type: object required: - spec type: object vsphereVolume: - description: vsphereVolume represents a vSphere volume - attached and mounted on kubelets host machine properties: fsType: - description: fsType is filesystem type to mount. - Must be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified. type: string storagePolicyID: - description: storagePolicyID is the storage Policy - Based Management (SPBM) profile ID associated - with the StoragePolicyName. type: string storagePolicyName: - description: storagePolicyName is the storage - Policy Based Management (SPBM) profile name. type: string volumePath: - description: volumePath is the path that identifies - vSphere volume vmdk type: string required: - volumePath type: object type: object usage: - description: Usage specifies the usage of the volume. type: string type: object type: array type: object type: array restoreTasks: - description: RestoreTasks specifies a list of restore tasks that can - be performed by the addon. items: - description: Task defines the specification of a backup/restore - task. properties: driver: allOf: @@ -2641,23 +1040,8 @@ spec: - Restic - WalG - VolumeSnapshotter - description: 'Driver specifies the underlying tool that will - be used to upload the data to the backend storage. Valid values - are: - "Restic": The underlying tool is [restic](https://restic.net/). - - "WalG": The underlying tool is [wal-g](https://github.com/wal-g/wal-g).' type: string executor: - description: 'Executor specifies the type of entity that will - execute the task. For example, it can be a Job, a sidecar - container, an ephemeral container, or a Job that creates additional - Jobs/Pods for executing the backup/restore logic. Valid values - are: - "Job": KubeStash will create a Job to execute the backup/restore - task. - "Sidecar": KubeStash will inject a sidecar container - into the application to execute the backup/restore task. - - "EphemeralContainer": KubeStash will attach an ephemeral container - to the respective Pods to execute the backup/restore task. - - "MultiLevelJob": KubeStash will create a Job that will create - additional Jobs/Pods to execute the backup/restore task.' enum: - Job - Sidecar @@ -2665,100 +1049,40 @@ spec: - MultiLevelJob type: string function: - description: Function specifies the name of a Function CR that - defines a container definition which will execute the backup/restore - logic for a particular application. type: string name: - description: Name specifies the name of the task. The name of - a Task should indicate what this task does. For example, a - name LogicalBackup indicate that this task performs a logical - backup of a database. type: string parameters: - description: Parameters defines a list of parameters that is - used by the task to execute its logic. items: - description: ParameterDefinition defines the parameter names, - their usage, their requirements etc. properties: default: - description: Default specifies a default value for the - parameter type: string name: - description: Name specifies the name of the parameter type: string required: - description: Required specify whether this parameter is - required or not type: boolean usage: - description: Usage specifies the usage of this parameter type: string type: object type: array singleton: - description: Singleton specifies whether this task will be executed - on a single job or across multiple jobs. type: boolean volumeMounts: - description: VolumeMounts specifies the mount path of the volumes - specified in the VolumeTemplate section. These volumes will - be mounted directly on the Job/Container created/injected - by KubeStash operator. If the volume type is VolumeClaimTemplate, - then KubeStash operator is responsible for creating the volume. items: - description: VolumeMount describes a mounting of a Volume - within a container. properties: mountPath: - description: Path within the container at which the volume - should be mounted. Must not contain ':'. type: string mountPropagation: - description: mountPropagation determines how mounts are - propagated from the host to container and the other - way around. When not set, MountPropagationNone is used. - This field is beta in 1.10. When RecursiveReadOnly is - set to IfPossible or to Enabled, MountPropagation must - be None or unspecified (which defaults to None). type: string name: - description: This must match the Name of a Volume. type: string readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. type: boolean recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only - mounts should be handled recursively. \n If ReadOnly - is false, this field has no meaning and must be unspecified. - \n If ReadOnly is true, and this field is set to Disabled, - the mount is not made recursively read-only. If this - field is set to IfPossible, the mount is made recursively - read-only, if it is supported by the container runtime. - \ If this field is set to Enabled, the mount is made - recursively read-only if it is supported by the container - runtime, otherwise the pod will not be started and an - error will be generated to indicate the reason. \n If - this field is set to IfPossible or Enabled, MountPropagation - must be set to None (or be unspecified, which defaults - to None). \n If this field is not specified, it is treated - as an equivalent of Disabled." type: string subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). type: string subPathExpr: - description: Expanded path within the volume from which - the container's volume should be mounted. Behaves similarly - to SubPath but environment variable references $(VAR_NAME) - are expanded using the container's environment. Defaults - to "" (volume's root). SubPathExpr and SubPath are mutually - exclusive. type: string required: - mountPath @@ -2766,272 +1090,113 @@ spec: type: object type: array volumeTemplate: - description: VolumeTemplate specifies a list of volume templates - that is used by the respective backup/restore Job to execute - its logic. User can overwrite these volume templates using - `addonVolumes` field of BackupConfiguration/BackupBatch. items: - description: VolumeTemplate specifies the name, usage, and - the source of volume that will be used by the addon to execute - it's backup/restore task. properties: name: - description: Name specifies the name of the volume type: string source: - description: Source specifies the source of this volume. properties: awsElasticBlockStore: - description: 'awsElasticBlockStore represents an AWS - Disk resource that is attached to a kubelet''s host - machine and then exposed to the pod. More info: - https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' properties: fsType: - description: 'fsType is the filesystem type of - the volume that you want to mount. Tip: Ensure - that the filesystem type is supported by the - host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if - unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem - from compromising the machine' type: string partition: - description: 'partition is the partition in the - volume that you want to mount. If omitted, the - default is to mount by volume name. Examples: - For volume /dev/sda1, you specify the partition - as "1". Similarly, the volume partition for - /dev/sda is "0" (or you can leave the property - empty).' format: int32 type: integer readOnly: - description: 'readOnly value true will force the - readOnly setting in VolumeMounts. More info: - https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: boolean volumeID: - description: 'volumeID is unique ID of the persistent - disk resource in AWS (Amazon EBS volume). More - info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: string required: - volumeID type: object azureDisk: - description: azureDisk represents an Azure Data Disk - mount on the host and bind mount to the pod. properties: cachingMode: - description: 'cachingMode is the Host Caching - mode: None, Read Only, Read Write.' type: string diskName: - description: diskName is the Name of the data - disk in the blob storage type: string diskURI: - description: diskURI is the URI of data disk in - the blob storage type: string fsType: - description: fsType is Filesystem type to mount. - Must be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified. type: string kind: - description: 'kind expected values are Shared: - multiple blob disks per storage account Dedicated: - single blob disk per storage account Managed: - azure managed data disk (only in managed availability - set). defaults to shared' type: string readOnly: - description: readOnly Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting - in VolumeMounts. type: boolean required: - diskName - diskURI type: object azureFile: - description: azureFile represents an Azure File Service - mount on the host and bind mount to the pod. properties: readOnly: - description: readOnly defaults to false (read/write). - ReadOnly here will force the ReadOnly setting - in VolumeMounts. type: boolean secretName: - description: secretName is the name of secret - that contains Azure Storage Account Name and - Key type: string shareName: - description: shareName is the azure share Name type: string required: - secretName - shareName type: object cephfs: - description: cephFS represents a Ceph FS mount on - the host that shares a pod's lifetime properties: monitors: - description: 'monitors is Required: Monitors is - a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' items: type: string type: array x-kubernetes-list-type: atomic path: - description: 'path is Optional: Used as the mounted - root, rather than the full Ceph tree, default - is /' type: string readOnly: - description: 'readOnly is Optional: Defaults to - false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. More info: - https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: boolean secretFile: - description: 'secretFile is Optional: SecretFile - is the path to key ring for User, default is - /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string secretRef: - description: 'secretRef is Optional: SecretRef - is reference to the authentication secret for - User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' properties: name: default: "" - description: 'Name of the referent. This field - is effectively required, but due to backwards - compatibility is allowed to be empty. Instances - of this type with an empty value here are - almost certainly wrong. TODO: Add other - useful fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is optional: User is the rados - user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string required: - monitors type: object cinder: - description: 'cinder represents a cinder volume attached - and mounted on kubelets host machine. More info: - https://examples.k8s.io/mysql-cinder-pd/README.md' properties: fsType: - description: 'fsType is the filesystem type to - mount. Must be a filesystem type supported by - the host operating system. Examples: "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string readOnly: - description: 'readOnly defaults to false (read/write). - ReadOnly here will force the ReadOnly setting - in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: boolean secretRef: - description: 'secretRef is optional: points to - a secret object containing parameters used to - connect to OpenStack.' properties: name: default: "" - description: 'Name of the referent. This field - is effectively required, but due to backwards - compatibility is allowed to be empty. Instances - of this type with an empty value here are - almost certainly wrong. TODO: Add other - useful fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic volumeID: - description: 'volumeID used to identify the volume - in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string required: - volumeID type: object configMap: - description: configMap represents a configMap that - should populate this volume properties: defaultMode: - description: 'defaultMode is optional: mode bits - used to set permissions on created files by - default. Must be an octal value between 0000 - and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. - Defaults to 0644. Directories within the path - are not affected by this setting. This might - be in conflict with other options that affect - the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer items: - description: items if unspecified, each key-value - pair in the Data field of the referenced ConfigMap - will be projected into the volume as a file - whose name is the key and content is the value. - If specified, the listed keys will be projected - into the specified paths, and unlisted keys - will not be present. If a key is specified which - is not present in the ConfigMap, the volume - setup will error unless it is marked optional. - Paths must be relative and may not contain the - '..' path or start with '..'. items: - description: Maps a string key to a path within - a volume. properties: key: - description: key is the key to project. type: string mode: - description: 'mode is Optional: mode bits - used to set permissions on this file. - Must be an octal value between 0000 and - 0777 or a decimal value between 0 and - 511. YAML accepts both octal and decimal - values, JSON requires decimal values for - mode bits. If not specified, the volume - defaultMode will be used. This might be - in conflict with other options that affect - the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer path: - description: path is the relative path of - the file to map the key to. May not be - an absolute path. May not contain the - path element '..'. May not start with - the string '..'. type: string required: - key @@ -3041,166 +1206,67 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of the referent. This field - is effectively required, but due to backwards - compatibility is allowed to be empty. Instances - of this type with an empty value here are almost - certainly wrong. TODO: Add other useful fields. - apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional specify whether the ConfigMap - or its keys must be defined type: boolean type: object x-kubernetes-map-type: atomic csi: - description: csi (Container Storage Interface) represents - ephemeral storage that is handled by certain external - CSI drivers (Beta feature). properties: driver: - description: driver is the name of the CSI driver - that handles this volume. Consult with your - admin for the correct name as registered in - the cluster. type: string fsType: - description: fsType to mount. Ex. "ext4", "xfs", - "ntfs". If not provided, the empty value is - passed to the associated CSI driver which will - determine the default filesystem to apply. type: string nodePublishSecretRef: - description: nodePublishSecretRef is a reference - to the secret object containing sensitive information - to pass to the CSI driver to complete the CSI - NodePublishVolume and NodeUnpublishVolume calls. - This field is optional, and may be empty if - no secret is required. If the secret object - contains more than one secret, all secret references - are passed. properties: name: default: "" - description: 'Name of the referent. This field - is effectively required, but due to backwards - compatibility is allowed to be empty. Instances - of this type with an empty value here are - almost certainly wrong. TODO: Add other - useful fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic readOnly: - description: readOnly specifies a read-only configuration - for the volume. Defaults to false (read/write). type: boolean volumeAttributes: additionalProperties: type: string - description: volumeAttributes stores driver-specific - properties that are passed to the CSI driver. - Consult your driver's documentation for supported - values. type: object required: - driver type: object downwardAPI: - description: downwardAPI represents downward API about - the pod that should populate this volume properties: defaultMode: - description: 'Optional: mode bits to use on created - files by default. Must be a Optional: mode bits - used to set permissions on created files by - default. Must be an octal value between 0000 - and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. - Defaults to 0644. Directories within the path - are not affected by this setting. This might - be in conflict with other options that affect - the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer items: - description: Items is a list of downward API volume - file items: - description: DownwardAPIVolumeFile represents - information to create the file containing - the pod field properties: fieldRef: - description: 'Required: Selects a field - of the pod: only annotations, labels, - name, namespace and uid are supported.' properties: apiVersion: - description: Version of the schema the - FieldPath is written in terms of, - defaults to "v1". type: string fieldPath: - description: Path of the field to select - in the specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: mode bits used to - set permissions on this file, must be - an octal value between 0000 and 0777 or - a decimal value between 0 and 511. YAML - accepts both octal and decimal values, - JSON requires decimal values for mode - bits. If not specified, the volume defaultMode - will be used. This might be in conflict - with other options that affect the file - mode, like fsGroup, and the result can - be other mode bits set.' format: int32 type: integer path: - description: 'Required: Path is the relative - path name of the file to be created. Must - not be absolute or contain the ''..'' - path. Must be utf-8 encoded. The first - item of the relative path must not start - with ''..''' type: string resourceFieldRef: - description: 'Selects a resource of the - container: only resources limits and requests - (limits.cpu, limits.memory, requests.cpu - and requests.memory) are currently supported.' properties: containerName: - description: 'Container name: required - for volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output format - of the exposed resources, defaults - to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to - select' type: string required: - resource @@ -3213,204 +1279,50 @@ spec: x-kubernetes-list-type: atomic type: object emptyDir: - description: 'emptyDir represents a temporary directory - that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' properties: medium: - description: 'medium represents what type of storage - medium should back this directory. The default - is "" which means to use the node''s default - medium. Must be an empty string (default) or - Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: anyOf: - type: integer - type: string - description: 'sizeLimit is the total amount of - local storage required for this EmptyDir volume. - The size limit is also applicable for memory - medium. The maximum usage on memory medium EmptyDir - would be the minimum value between the SizeLimit - specified here and the sum of memory limits - of all containers in a pod. The default is nil - which means that the limit is undefined. More - info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object ephemeral: - description: "ephemeral represents a volume that is - handled by a cluster storage driver. The volume's - lifecycle is tied to the pod that defines it - it - will be created before the pod starts, and deleted - when the pod is removed. \n Use this if: a) the - volume is only needed while the pod runs, b) features - of normal volumes like restoring from snapshot or - capacity tracking are needed, c) the storage driver - is specified through a storage class, and d) the - storage driver supports dynamic volume provisioning - through a PersistentVolumeClaim (see EphemeralVolumeSource - for more information on the connection between this - volume type and PersistentVolumeClaim). \n Use PersistentVolumeClaim - or one of the vendor-specific APIs for volumes that - persist for longer than the lifecycle of an individual - pod. \n Use CSI for light-weight local ephemeral - volumes if the CSI driver is meant to be used that - way - see the documentation of the driver for more - information. \n A pod can use both types of ephemeral - volumes and persistent volumes at the same time." properties: volumeClaimTemplate: - description: "Will be used to create a stand-alone - PVC to provision the volume. The pod in which - this EphemeralVolumeSource is embedded will - be the owner of the PVC, i.e. the PVC will be - deleted together with the pod. The name of - the PVC will be `-` where - `` is the name from the `PodSpec.Volumes` - array entry. Pod validation will reject the - pod if the concatenated name is not valid for - a PVC (for example, too long). \n An existing - PVC with that name that is not owned by the - pod will *not* be used for the pod to avoid - using an unrelated volume by mistake. Starting - the pod is then blocked until the unrelated - PVC is removed. If such a pre-created PVC is - meant to be used by the pod, the PVC has to - updated with an owner reference to the pod once - the pod exists. Normally this should not be - necessary, but it may be useful when manually - reconstructing a broken cluster. \n This field - is read-only and no changes will be made by - Kubernetes to the PVC after it has been created. - \n Required, must not be nil." properties: metadata: - description: May contain labels and annotations - that will be copied into the PVC when creating - it. No other fields are allowed and will - be rejected during validation. properties: annotations: additionalProperties: type: string - description: 'Annotations is an unstructured - key value map stored with a resource - that may be set by external tools to - store and retrieve arbitrary metadata. - They are not queryable and should be - preserved when modifying objects. More - info: http://kubernetes.io/docs/user-guide/annotations' type: object generateName: - description: "GenerateName is an optional - prefix, used by the server, to generate - a unique name ONLY IF the Name field - has not been provided. If this field - is used, the name returned to the client - will be different than the name passed. - This value will also be combined with - a unique suffix. The provided value - has the same validation rules as the - Name field, and may be truncated by - the length of the suffix required to - make the value unique on the server. - \n If this field is specified and the - generated name exists, the server will - NOT return a 409 - instead, it will - either return 201 Created or 500 with - Reason ServerTimeout indicating a unique - name could not be found in the time - allotted, and the client should retry - (optionally after the time indicated - in the Retry-After header). \n Applied - only if Name is not specified. More - info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" type: string labels: additionalProperties: type: string - description: 'Map of string keys and values - that can be used to organize and categorize - (scope and select) objects. May match - selectors of replication controllers - and services. More info: http://kubernetes.io/docs/user-guide/labels' type: object name: - description: 'Name must be unique within - a namespace. Is required when creating - resources, although some resources may - allow a client to request the generation - of an appropriate name automatically. - Name is primarily intended for creation - idempotence and configuration definition. - Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' type: string namespace: - description: "Namespace defines the space - within each name must be unique. An - empty namespace is equivalent to the - \"default\" namespace, but \"default\" - is the canonical representation. Not - all objects are required to be scoped - to a namespace - the value of this field - for those objects will be empty. \n - Must be a DNS_LABEL. Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/namespaces" type: string ownerReferences: - description: List of objects depended - by this object. If ALL objects in the - list have been deleted, this object - will be garbage collected. If this object - is managed by a controller, then an - entry in this list will point to this - controller, with the controller field - set to true. There cannot be more than - one managing controller. items: - description: OwnerReference contains - enough information to let you identify - an owning object. An owning object - must be in the same namespace as the - dependent, or be cluster-scoped, so - there is no namespace field. properties: apiVersion: - description: API version of the - referent. type: string blockOwnerDeletion: - description: If true, AND if the - owner has the "foregroundDeletion" - finalizer, then the owner cannot - be deleted from the key-value - store until this reference is - removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion - for how the garbage collector - interacts with this field and - enforces the foreground deletion. - Defaults to false. To set this - field, a user needs "delete" permission - of the owner, otherwise 422 (Unprocessable - Entity) will be returned. type: boolean controller: - description: If true, this reference - points to the managing controller. type: boolean kind: - description: 'Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: - description: 'UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -3422,53 +1334,19 @@ spec: type: array type: object spec: - description: The specification for the PersistentVolumeClaim. - The entire content is copied unchanged into - the PVC that gets created from this template. - The same fields as in a PersistentVolumeClaim - are also valid here. properties: accessModes: - description: 'accessModes contains the - desired access modes the volume should - have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array x-kubernetes-list-type: atomic dataSource: - description: 'dataSource field can be - used to specify either: * An existing - VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an external controller - can support the specified data source, - it will create a new volume based on - the contents of the specified data source. - When the AnyVolumeDataSource feature - gate is enabled, dataSource contents - will be copied to dataSourceRef, and - dataSourceRef contents will be copied - to dataSource when dataSourceRef.namespace - is not specified. If the namespace is - specified, then dataSourceRef will not - be copied to dataSource.' properties: apiGroup: - description: APIGroup is the group - for the resource being referenced. - If APIGroup is not specified, the - specified Kind must be in the core - API group. For any other third-party - types, APIGroup is required. type: string kind: - description: Kind is the type of resource - being referenced type: string name: - description: Name is the name of resource - being referenced type: string required: - kind @@ -3476,88 +1354,20 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef specifies - the object from which to populate the - volume with data, if a non-empty volume - is desired. This may be any object from - a non-empty API group (non core object) - or a PersistentVolumeClaim object. When - this field is specified, volume binding - will only succeed if the type of the - specified object matches some installed - volume populator or dynamic provisioner. - This field will replace the functionality - of the dataSource field and as such - if both fields are non-empty, they must - have the same value. For backwards compatibility, - when namespace isn''t specified in dataSourceRef, - both fields (dataSource and dataSourceRef) - will be set to the same value automatically - if one of them is empty and the other - is non-empty. When namespace is specified - in dataSourceRef, dataSource isn''t - set to the same value and must be empty. - There are three important differences - between dataSource and dataSourceRef: - * While dataSource only allows two specific - types of objects, dataSourceRef allows - any non-core object, as well as PersistentVolumeClaim - objects. * While dataSource ignores - disallowed values (dropping them), dataSourceRef - preserves all values, and generates - an error if a disallowed value is specified. - * While dataSource only allows local - objects, dataSourceRef allows objects - in any namespaces. (Beta) Using this - field requires the AnyVolumeDataSource - feature gate to be enabled. (Alpha) - Using the namespace field of dataSourceRef - requires the CrossNamespaceVolumeDataSource - feature gate to be enabled.' properties: apiGroup: - description: APIGroup is the group - for the resource being referenced. - If APIGroup is not specified, the - specified Kind must be in the core - API group. For any other third-party - types, APIGroup is required. type: string kind: - description: Kind is the type of resource - being referenced type: string name: - description: Name is the name of resource - being referenced type: string namespace: - description: Namespace is the namespace - of resource being referenced Note - that when a namespace is specified, - a gateway.networking.k8s.io/ReferenceGrant - object is required in the referent - namespace to allow that namespace's - owner to accept the reference. See - the ReferenceGrant documentation - for details. (Alpha) This field - requires the CrossNamespaceVolumeDataSource - feature gate to be enabled. type: string required: - kind - name type: object resources: - description: 'resources represents the - minimum resources the volume should - have. If RecoverVolumeExpansionFailure - feature is enabled users are allowed - to specify resource requirements that - are lower than previous value but must - still be higher than capacity recorded - in the status field of the claim. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: @@ -3566,9 +1376,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the - maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -3577,52 +1384,18 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the - minimum amount of compute resources - required. If Requests is omitted - for a container, it defaults to - Limits if that is explicitly specified, - otherwise to an implementation-defined - value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: - description: selector is a label query - over volumes to consider for binding. properties: matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. properties: key: - description: key is the label - key that the selector applies - to. type: string operator: - description: operator represents - a key's relationship to a - set of values. Valid operators - are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an array - of string values. If the operator - is In or NotIn, the values - array must be non-empty. If - the operator is Exists or - DoesNotExist, the values array - must be empty. This array - is replaced during a strategic - merge patch. items: type: string type: array @@ -3636,60 +1409,16 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map - of {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are - ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName is the - name of the StorageClass required by - the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeAttributesClassName: - description: 'volumeAttributesClassName - may be used to set the VolumeAttributesClass - used by this claim. If specified, the - CSI driver will create or update the - volume with the attributes defined in - the corresponding VolumeAttributesClass. - This has a different purpose than storageClassName, - it can be changed after the claim is - created. An empty string value means - that no VolumeAttributesClass will be - applied to the claim but it''s not allowed - to reset this field to empty string - once it is set. If unspecified and the - PersistentVolumeClaim is unbound, the - default VolumeAttributesClass will be - set by the persistentvolume controller - if it exists. If the resource referred - to by volumeAttributesClass does not - exist, this PersistentVolumeClaim will - be set to a Pending state, as reflected - by the modifyVolumeStatus field, until - such as a resource exists. More info: - https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires the - VolumeAttributesClass feature gate to - be enabled.' type: string volumeMode: - description: volumeMode defines what type - of volume is required by the claim. - Value of Filesystem is implied when - not included in claim spec. type: string volumeName: - description: volumeName is the binding - reference to the PersistentVolume backing - this claim. type: string type: object required: @@ -3697,91 +1426,41 @@ spec: type: object type: object fc: - description: fc represents a Fibre Channel resource - that is attached to a kubelet's host machine and - then exposed to the pod. properties: fsType: - description: 'fsType is the filesystem type to - mount. Must be a filesystem type supported by - the host operating system. Ex. "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if - unspecified. TODO: how do we prevent errors - in the filesystem from compromising the machine' type: string lun: - description: 'lun is Optional: FC target lun number' format: int32 type: integer readOnly: - description: 'readOnly is Optional: Defaults to - false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts.' type: boolean targetWWNs: - description: 'targetWWNs is Optional: FC target - worldwide names (WWNs)' items: type: string type: array x-kubernetes-list-type: atomic wwids: - description: 'wwids Optional: FC volume world - wide identifiers (wwids) Either wwids or combination - of targetWWNs and lun must be set, but not both - simultaneously.' items: type: string type: array x-kubernetes-list-type: atomic type: object flexVolume: - description: flexVolume represents a generic volume - resource that is provisioned/attached using an exec - based plugin. properties: driver: - description: driver is the name of the driver - to use for this volume. type: string fsType: - description: fsType is the filesystem type to - mount. Must be a filesystem type supported by - the host operating system. Ex. "ext4", "xfs", - "ntfs". The default filesystem depends on FlexVolume - script. type: string options: additionalProperties: type: string - description: 'options is Optional: this field - holds extra command options if any.' type: object readOnly: - description: 'readOnly is Optional: defaults to - false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts.' type: boolean secretRef: - description: 'secretRef is Optional: secretRef - is reference to the secret object containing - sensitive information to pass to the plugin - scripts. This may be empty if no secret object - is specified. If the secret object contains - more than one secret, all secrets are passed - to the plugin scripts.' properties: name: default: "" - description: 'Name of the referent. This field - is effectively required, but due to backwards - compatibility is allowed to be empty. Instances - of this type with an empty value here are - almost certainly wrong. TODO: Add other - useful fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic @@ -3789,182 +1468,79 @@ spec: - driver type: object flocker: - description: flocker represents a Flocker volume attached - to a kubelet's host machine. This depends on the - Flocker control service being running properties: datasetName: - description: datasetName is Name of the dataset - stored as metadata -> name on the dataset for - Flocker should be considered as deprecated type: string datasetUUID: - description: datasetUUID is the UUID of the dataset. - This is unique identifier of a Flocker dataset type: string type: object gcePersistentDisk: - description: 'gcePersistentDisk represents a GCE Disk - resource that is attached to a kubelet''s host machine - and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' properties: fsType: - description: 'fsType is filesystem type of the - volume that you want to mount. Tip: Ensure that - the filesystem type is supported by the host - operating system. Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem - from compromising the machine' type: string partition: - description: 'partition is the partition in the - volume that you want to mount. If omitted, the - default is to mount by volume name. Examples: - For volume /dev/sda1, you specify the partition - as "1". Similarly, the volume partition for - /dev/sda is "0" (or you can leave the property - empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' format: int32 type: integer pdName: - description: 'pdName is unique name of the PD - resource in GCE. Used to identify the disk in - GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: string readOnly: - description: 'readOnly here will force the ReadOnly - setting in VolumeMounts. Defaults to false. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: boolean required: - pdName type: object glusterfs: - description: 'glusterfs represents a Glusterfs mount - on the host that shares a pod''s lifetime. More - info: https://examples.k8s.io/volumes/glusterfs/README.md' properties: endpoints: - description: 'endpoints is the endpoint name that - details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string path: - description: 'path is the Glusterfs volume path. - More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string readOnly: - description: 'readOnly here will force the Glusterfs - volume to be mounted with read-only permissions. - Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: boolean required: - endpoints - path type: object hostPath: - description: 'hostPath represents a pre-existing file - or directory on the host machine that is directly - exposed to the container. This is generally used - for system agents or other privileged things that - are allowed to see the host machine. Most containers - will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict who can use - host directory mounts and who can/can not mount - host directories as read/write.' properties: path: - description: 'path of the directory on the host. - If the path is a symlink, it will follow the - link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string type: - description: 'type for HostPath Volume Defaults - to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string required: - path type: object iscsi: - description: 'iscsi represents an ISCSI Disk resource - that is attached to a kubelet''s host machine and - then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' properties: chapAuthDiscovery: - description: chapAuthDiscovery defines whether - support iSCSI Discovery CHAP authentication type: boolean chapAuthSession: - description: chapAuthSession defines whether support - iSCSI Session CHAP authentication type: boolean fsType: - description: 'fsType is the filesystem type of - the volume that you want to mount. Tip: Ensure - that the filesystem type is supported by the - host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if - unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem - from compromising the machine' type: string initiatorName: - description: initiatorName is the custom iSCSI - Initiator Name. If initiatorName is specified - with iscsiInterface simultaneously, new iSCSI - interface : will - be created for the connection. type: string iqn: - description: iqn is the target iSCSI Qualified - Name. type: string iscsiInterface: - description: iscsiInterface is the interface Name - that uses an iSCSI transport. Defaults to 'default' - (tcp). type: string lun: - description: lun represents iSCSI Target Lun number. format: int32 type: integer portals: - description: portals is the iSCSI Target Portal - List. The portal is either an IP or ip_addr:port - if the port is other than default (typically - TCP ports 860 and 3260). items: type: string type: array x-kubernetes-list-type: atomic readOnly: - description: readOnly here will force the ReadOnly - setting in VolumeMounts. Defaults to false. type: boolean secretRef: - description: secretRef is the CHAP Secret for - iSCSI target and initiator authentication properties: name: default: "" - description: 'Name of the referent. This field - is effectively required, but due to backwards - compatibility is allowed to be empty. Instances - of this type with an empty value here are - almost certainly wrong. TODO: Add other - useful fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic targetPortal: - description: targetPortal is iSCSI Target Portal. - The Portal is either an IP or ip_addr:port if - the port is other than default (typically TCP - ports 860 and 3260). type: string required: - iqn @@ -3972,167 +1548,66 @@ spec: - targetPortal type: object nfs: - description: 'nfs represents an NFS mount on the host - that shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' properties: path: - description: 'path that is exported by the NFS - server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string readOnly: - description: 'readOnly here will force the NFS - export to be mounted with read-only permissions. - Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: boolean server: - description: 'server is the hostname or IP address - of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string required: - path - server type: object persistentVolumeClaim: - description: 'persistentVolumeClaimVolumeSource represents - a reference to a PersistentVolumeClaim in the same - namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: claimName: - description: 'claimName is the name of a PersistentVolumeClaim - in the same namespace as the pod using this - volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' type: string readOnly: - description: readOnly Will force the ReadOnly - setting in VolumeMounts. Default false. type: boolean required: - claimName type: object photonPersistentDisk: - description: photonPersistentDisk represents a PhotonController - persistent disk attached and mounted on kubelets - host machine properties: fsType: - description: fsType is the filesystem type to - mount. Must be a filesystem type supported by - the host operating system. Ex. "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if - unspecified. type: string pdID: - description: pdID is the ID that identifies Photon - Controller persistent disk type: string required: - pdID type: object portworxVolume: - description: portworxVolume represents a portworx - volume attached and mounted on kubelets host machine properties: fsType: - description: fSType represents the filesystem - type to mount Must be a filesystem type supported - by the host operating system. Ex. "ext4", "xfs". - Implicitly inferred to be "ext4" if unspecified. type: string readOnly: - description: readOnly defaults to false (read/write). - ReadOnly here will force the ReadOnly setting - in VolumeMounts. type: boolean volumeID: - description: volumeID uniquely identifies a Portworx - volume type: string required: - volumeID type: object projected: - description: projected items for all in one resources - secrets, configmaps, and downward API properties: defaultMode: - description: defaultMode are the mode bits used - to set permissions on created files by default. - Must be an octal value between 0000 and 0777 - or a decimal value between 0 and 511. YAML accepts - both octal and decimal values, JSON requires - decimal values for mode bits. Directories within - the path are not affected by this setting. This - might be in conflict with other options that - affect the file mode, like fsGroup, and the - result can be other mode bits set. format: int32 type: integer sources: - description: sources is the list of volume projections items: - description: Projection that may be projected - along with other supported volume types properties: clusterTrustBundle: - description: "ClusterTrustBundle allows - a pod to access the `.spec.trustBundle` - field of ClusterTrustBundle objects in - an auto-updating file. \n Alpha, gated - by the ClusterTrustBundleProjection feature - gate. \n ClusterTrustBundle objects can - either be selected by name, or by the - combination of signer name and a label - selector. \n Kubelet performs aggressive - normalization of the PEM contents written - into the pod filesystem. Esoteric PEM - features such as inter-block comments - and block headers are stripped. Certificates - are deduplicated. The ordering of certificates - within the file is arbitrary, and Kubelet - may change the order over time." properties: labelSelector: - description: Select all ClusterTrustBundles - that match this label selector. Only - has effect if signerName is set. Mutually-exclusive - with name. If unset, interpreted - as "match nothing". If set but empty, - interpreted as "match everything". properties: matchExpressions: - description: matchExpressions is - a list of label selector requirements. - The requirements are ANDed. items: - description: A label selector - requirement is a selector that - contains values, a key, and - an operator that relates the - key and values. properties: key: - description: key is the label - key that the selector applies - to. type: string operator: - description: operator represents - a key's relationship to - a set of values. Valid operators - are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an - array of string values. - If the operator is In or - NotIn, the values array - must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be - empty. This array is replaced - during a strategic merge - patch. items: type: string type: array @@ -4146,99 +1621,31 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map - of {key,value} pairs. A single - {key,value} in the matchLabels - map is equivalent to an element - of matchExpressions, whose key - field is "key", the operator is - "In", and the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic name: - description: Select a single ClusterTrustBundle - by object name. Mutually-exclusive - with signerName and labelSelector. type: string optional: - description: If true, don't block pod - startup if the referenced ClusterTrustBundle(s) - aren't available. If using name, - then the named ClusterTrustBundle - is allowed not to exist. If using - signerName, then the combination of - signerName and labelSelector is allowed - to match zero ClusterTrustBundles. type: boolean path: - description: Relative path from the - volume root to write the bundle. type: string signerName: - description: Select all ClusterTrustBundles - that match this signer name. Mutually-exclusive - with name. The contents of all selected - ClusterTrustBundles will be unified - and deduplicated. type: string required: - path type: object configMap: - description: configMap information about - the configMap data to project properties: items: - description: items if unspecified, each - key-value pair in the Data field of - the referenced ConfigMap will be projected - into the volume as a file whose name - is the key and content is the value. - If specified, the listed keys will - be projected into the specified paths, - and unlisted keys will not be present. - If a key is specified which is not - present in the ConfigMap, the volume - setup will error unless it is marked - optional. Paths must be relative and - may not contain the '..' path or start - with '..'. items: - description: Maps a string key to - a path within a volume. properties: key: - description: key is the key to - project. type: string mode: - description: 'mode is Optional: - mode bits used to set permissions - on this file. Must be an octal - value between 0000 and 0777 - or a decimal value between 0 - and 511. YAML accepts both octal - and decimal values, JSON requires - decimal values for mode bits. - If not specified, the volume - defaultMode will be used. This - might be in conflict with other - options that affect the file - mode, like fsGroup, and the - result can be other mode bits - set.' format: int32 type: integer path: - description: path is the relative - path of the file to map the - key to. May not be an absolute - path. May not contain the path - element '..'. May not start - with the string '..'. type: string required: - key @@ -4248,108 +1655,42 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value here - are almost certainly wrong. TODO: - Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional specify whether - the ConfigMap or its keys must be - defined type: boolean type: object x-kubernetes-map-type: atomic downwardAPI: - description: downwardAPI information about - the downwardAPI data to project properties: items: - description: Items is a list of DownwardAPIVolume - file items: - description: DownwardAPIVolumeFile - represents information to create - the file containing the pod field properties: fieldRef: - description: 'Required: Selects - a field of the pod: only annotations, - labels, name, namespace and - uid are supported.' properties: apiVersion: - description: Version of the - schema the FieldPath is - written in terms of, defaults - to "v1". type: string fieldPath: - description: Path of the field - to select in the specified - API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: mode bits - used to set permissions on this - file, must be an octal value - between 0000 and 0777 or a decimal - value between 0 and 511. YAML - accepts both octal and decimal - values, JSON requires decimal - values for mode bits. If not - specified, the volume defaultMode - will be used. This might be - in conflict with other options - that affect the file mode, like - fsGroup, and the result can - be other mode bits set.' format: int32 type: integer path: - description: 'Required: Path is the - relative path name of the file - to be created. Must not be absolute - or contain the ''..'' path. - Must be utf-8 encoded. The first - item of the relative path must - not start with ''..''' type: string resourceFieldRef: - description: 'Selects a resource - of the container: only resources - limits and requests (limits.cpu, - limits.memory, requests.cpu - and requests.memory) are currently - supported.' properties: containerName: - description: 'Container name: - required for volumes, optional - for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the - output format of the exposed - resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource - to select' type: string required: - resource @@ -4362,57 +1703,16 @@ spec: x-kubernetes-list-type: atomic type: object secret: - description: secret information about the - secret data to project properties: items: - description: items if unspecified, each - key-value pair in the Data field of - the referenced Secret will be projected - into the volume as a file whose name - is the key and content is the value. - If specified, the listed keys will - be projected into the specified paths, - and unlisted keys will not be present. - If a key is specified which is not - present in the Secret, the volume - setup will error unless it is marked - optional. Paths must be relative and - may not contain the '..' path or start - with '..'. items: - description: Maps a string key to - a path within a volume. properties: key: - description: key is the key to - project. type: string mode: - description: 'mode is Optional: - mode bits used to set permissions - on this file. Must be an octal - value between 0000 and 0777 - or a decimal value between 0 - and 511. YAML accepts both octal - and decimal values, JSON requires - decimal values for mode bits. - If not specified, the volume - defaultMode will be used. This - might be in conflict with other - options that affect the file - mode, like fsGroup, and the - result can be other mode bits - set.' format: int32 type: integer path: - description: path is the relative - path of the file to map the - key to. May not be an absolute - path. May not contain the path - element '..'. May not start - with the string '..'. type: string required: - key @@ -4422,56 +1722,19 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value here - are almost certainly wrong. TODO: - Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional field specify - whether the Secret or its key must - be defined type: boolean type: object x-kubernetes-map-type: atomic serviceAccountToken: - description: serviceAccountToken is information - about the serviceAccountToken data to - project properties: audience: - description: audience is the intended - audience of the token. A recipient - of a token must identify itself with - an identifier specified in the audience - of the token, and otherwise should - reject the token. The audience defaults - to the identifier of the apiserver. type: string expirationSeconds: - description: expirationSeconds is the - requested duration of validity of - the service account token. As the - token approaches expiration, the kubelet - volume plugin will proactively rotate - the service account token. The kubelet - will start trying to rotate the token - if the token is older than 80 percent - of its time to live or if the token - is older than 24 hours.Defaults to - 1 hour and must be at least 10 minutes. format: int64 type: integer path: - description: path is the path relative - to the mount point of the file to - project the token into. type: string required: - path @@ -4481,174 +1744,79 @@ spec: x-kubernetes-list-type: atomic type: object quobyte: - description: quobyte represents a Quobyte mount on - the host that shares a pod's lifetime properties: group: - description: group to map volume access to Default - is no group type: string readOnly: - description: readOnly here will force the Quobyte - volume to be mounted with read-only permissions. - Defaults to false. type: boolean registry: - description: registry represents a single or multiple - Quobyte Registry services specified as a string - as host:port pair (multiple entries are separated - with commas) which acts as the central registry - for volumes type: string tenant: - description: tenant owning the given Quobyte volume - in the Backend Used with dynamically provisioned - Quobyte volumes, value is set by the plugin type: string user: - description: user to map volume access to Defaults - to serivceaccount user type: string volume: - description: volume is a string that references - an already created Quobyte volume by name. type: string required: - registry - volume type: object rbd: - description: 'rbd represents a Rados Block Device - mount on the host that shares a pod''s lifetime. - More info: https://examples.k8s.io/volumes/rbd/README.md' properties: fsType: - description: 'fsType is the filesystem type of - the volume that you want to mount. Tip: Ensure - that the filesystem type is supported by the - host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if - unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem - from compromising the machine' type: string image: - description: 'image is the rados image name. More - info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string keyring: - description: 'keyring is the path to key ring - for RBDUser. Default is /etc/ceph/keyring. More - info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string monitors: - description: 'monitors is a collection of Ceph - monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' items: type: string type: array x-kubernetes-list-type: atomic pool: - description: 'pool is the rados pool name. Default - is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string readOnly: - description: 'readOnly here will force the ReadOnly - setting in VolumeMounts. Defaults to false. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: boolean secretRef: - description: 'secretRef is name of the authentication - secret for RBDUser. If provided overrides keyring. - Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' properties: name: default: "" - description: 'Name of the referent. This field - is effectively required, but due to backwards - compatibility is allowed to be empty. Instances - of this type with an empty value here are - almost certainly wrong. TODO: Add other - useful fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is the rados user name. Default - is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string required: - image - monitors type: object scaleIO: - description: scaleIO represents a ScaleIO persistent - volume attached and mounted on Kubernetes nodes. properties: fsType: - description: fsType is the filesystem type to - mount. Must be a filesystem type supported by - the host operating system. Ex. "ext4", "xfs", - "ntfs". Default is "xfs". type: string gateway: - description: gateway is the host address of the - ScaleIO API Gateway. type: string protectionDomain: - description: protectionDomain is the name of the - ScaleIO Protection Domain for the configured - storage. type: string readOnly: - description: readOnly Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting - in VolumeMounts. type: boolean secretRef: - description: secretRef references to the secret - for ScaleIO user and other sensitive information. - If this is not provided, Login operation will - fail. properties: name: default: "" - description: 'Name of the referent. This field - is effectively required, but due to backwards - compatibility is allowed to be empty. Instances - of this type with an empty value here are - almost certainly wrong. TODO: Add other - useful fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic sslEnabled: - description: sslEnabled Flag enable/disable SSL - communication with Gateway, default false type: boolean storageMode: - description: storageMode indicates whether the - storage for a volume should be ThickProvisioned - or ThinProvisioned. Default is ThinProvisioned. type: string storagePool: - description: storagePool is the ScaleIO Storage - Pool associated with the protection domain. type: string system: - description: system is the name of the storage - system as configured in ScaleIO. type: string volumeName: - description: volumeName is the name of a volume - already created in the ScaleIO system that is - associated with this volume source. type: string required: - gateway @@ -4656,62 +1824,19 @@ spec: - system type: object secret: - description: 'secret represents a secret that should - populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' properties: defaultMode: - description: 'defaultMode is Optional: mode bits - used to set permissions on created files by - default. Must be an octal value between 0000 - and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. - Defaults to 0644. Directories within the path - are not affected by this setting. This might - be in conflict with other options that affect - the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer items: - description: items If unspecified, each key-value - pair in the Data field of the referenced Secret - will be projected into the volume as a file - whose name is the key and content is the value. - If specified, the listed keys will be projected - into the specified paths, and unlisted keys - will not be present. If a key is specified which - is not present in the Secret, the volume setup - will error unless it is marked optional. Paths - must be relative and may not contain the '..' - path or start with '..'. items: - description: Maps a string key to a path within - a volume. properties: key: - description: key is the key to project. type: string mode: - description: 'mode is Optional: mode bits - used to set permissions on this file. - Must be an octal value between 0000 and - 0777 or a decimal value between 0 and - 511. YAML accepts both octal and decimal - values, JSON requires decimal values for - mode bits. If not specified, the volume - defaultMode will be used. This might be - in conflict with other options that affect - the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer path: - description: path is the relative path of - the file to map the key to. May not be - an absolute path. May not contain the - path element '..'. May not start with - the string '..'. type: string required: - key @@ -4720,188 +1845,60 @@ spec: type: array x-kubernetes-list-type: atomic optional: - description: optional field specify whether the - Secret or its keys must be defined type: boolean secretName: - description: 'secretName is the name of the secret - in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' type: string type: object storageos: - description: storageOS represents a StorageOS volume - attached and mounted on Kubernetes nodes. properties: fsType: - description: fsType is the filesystem type to - mount. Must be a filesystem type supported by - the host operating system. Ex. "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if - unspecified. type: string readOnly: - description: readOnly defaults to false (read/write). - ReadOnly here will force the ReadOnly setting - in VolumeMounts. type: boolean secretRef: - description: secretRef specifies the secret to - use for obtaining the StorageOS API credentials. If - not specified, default values will be attempted. properties: name: default: "" - description: 'Name of the referent. This field - is effectively required, but due to backwards - compatibility is allowed to be empty. Instances - of this type with an empty value here are - almost certainly wrong. TODO: Add other - useful fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic volumeName: - description: volumeName is the human-readable - name of the StorageOS volume. Volume names - are only unique within a namespace. type: string volumeNamespace: - description: volumeNamespace specifies the scope - of the volume within StorageOS. If no namespace - is specified then the Pod's namespace will be - used. This allows the Kubernetes name scoping - to be mirrored within StorageOS for tighter - integration. Set VolumeName to any name to override - the default behaviour. Set to "default" if you - are not using namespaces within StorageOS. Namespaces - that do not pre-exist within StorageOS will - be created. type: string type: object volumeClaimTemplate: - description: VolumeClaimTemplate specifies a template - for volume to use by the backup/restore executor properties: metadata: - description: May contain labels and annotations - that will be copied into the PVC when creating - it. No other fields are allowed and will be - rejected during validation. properties: annotations: additionalProperties: type: string - description: 'Annotations is an unstructured - key value map stored with a resource that - may be set by external tools to store and - retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying - objects. More info: http://kubernetes.io/docs/user-guide/annotations' type: object generateName: - description: "GenerateName is an optional - prefix, used by the server, to generate - a unique name ONLY IF the Name field has - not been provided. If this field is used, - the name returned to the client will be - different than the name passed. This value - will also be combined with a unique suffix. - The provided value has the same validation - rules as the Name field, and may be truncated - by the length of the suffix required to - make the value unique on the server. \n - If this field is specified and the generated - name exists, the server will NOT return - a 409 - instead, it will either return 201 - Created or 500 with Reason ServerTimeout - indicating a unique name could not be found - in the time allotted, and the client should - retry (optionally after the time indicated - in the Retry-After header). \n Applied only - if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" type: string labels: additionalProperties: type: string - description: 'Map of string keys and values - that can be used to organize and categorize - (scope and select) objects. May match selectors - of replication controllers and services. - More info: http://kubernetes.io/docs/user-guide/labels' type: object name: - description: 'Name must be unique within a - namespace. Is required when creating resources, - although some resources may allow a client - to request the generation of an appropriate - name automatically. Name is primarily intended - for creation idempotence and configuration - definition. Cannot be updated. More info: - http://kubernetes.io/docs/user-guide/identifiers#names' type: string namespace: - description: "Namespace defines the space - within each name must be unique. An empty - namespace is equivalent to the \"default\" - namespace, but \"default\" is the canonical - representation. Not all objects are required - to be scoped to a namespace - the value - of this field for those objects will be - empty. \n Must be a DNS_LABEL. Cannot be - updated. More info: http://kubernetes.io/docs/user-guide/namespaces" type: string ownerReferences: - description: List of objects depended by this - object. If ALL objects in the list have - been deleted, this object will be garbage - collected. If this object is managed by - a controller, then an entry in this list - will point to this controller, with the - controller field set to true. There cannot - be more than one managing controller. items: - description: OwnerReference contains enough - information to let you identify an owning - object. An owning object must be in the - same namespace as the dependent, or be - cluster-scoped, so there is no namespace - field. properties: apiVersion: - description: API version of the referent. type: string blockOwnerDeletion: - description: If true, AND if the owner - has the "foregroundDeletion" finalizer, - then the owner cannot be deleted from - the key-value store until this reference - is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion - for how the garbage collector interacts - with this field and enforces the foreground - deletion. Defaults to false. To set - this field, a user needs "delete" - permission of the owner, otherwise - 422 (Unprocessable Entity) will be - returned. type: boolean controller: - description: If true, this reference - points to the managing controller. type: boolean kind: - description: 'Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: - description: 'UID of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -4913,51 +1910,19 @@ spec: type: array type: object spec: - description: The specification for the PersistentVolumeClaim. - The entire content is copied unchanged into - the PVC that gets created from this template. - The same fields as in a PersistentVolumeClaim - are also valid here. properties: accessModes: - description: 'accessModes contains the desired - access modes the volume should have. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array x-kubernetes-list-type: atomic dataSource: - description: 'dataSource field can be used - to specify either: * An existing VolumeSnapshot - object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an external controller - can support the specified data source, it - will create a new volume based on the contents - of the specified data source. When the AnyVolumeDataSource - feature gate is enabled, dataSource contents - will be copied to dataSourceRef, and dataSourceRef - contents will be copied to dataSource when - dataSourceRef.namespace is not specified. - If the namespace is specified, then dataSourceRef - will not be copied to dataSource.' properties: apiGroup: - description: APIGroup is the group for - the resource being referenced. If APIGroup - is not specified, the specified Kind - must be in the core API group. For any - other third-party types, APIGroup is - required. type: string kind: - description: Kind is the type of resource - being referenced type: string name: - description: Name is the name of resource - being referenced type: string required: - kind @@ -4965,82 +1930,20 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef specifies the - object from which to populate the volume - with data, if a non-empty volume is desired. - This may be any object from a non-empty - API group (non core object) or a PersistentVolumeClaim - object. When this field is specified, volume - binding will only succeed if the type of - the specified object matches some installed - volume populator or dynamic provisioner. - This field will replace the functionality - of the dataSource field and as such if both - fields are non-empty, they must have the - same value. For backwards compatibility, - when namespace isn''t specified in dataSourceRef, - both fields (dataSource and dataSourceRef) - will be set to the same value automatically - if one of them is empty and the other is - non-empty. When namespace is specified in - dataSourceRef, dataSource isn''t set to - the same value and must be empty. There - are three important differences between - dataSource and dataSourceRef: * While dataSource - only allows two specific types of objects, - dataSourceRef allows any non-core object, - as well as PersistentVolumeClaim objects. - * While dataSource ignores disallowed values - (dropping them), dataSourceRef preserves - all values, and generates an error if a - disallowed value is specified. * While dataSource - only allows local objects, dataSourceRef - allows objects in any namespaces. (Beta) - Using this field requires the AnyVolumeDataSource - feature gate to be enabled. (Alpha) Using - the namespace field of dataSourceRef requires - the CrossNamespaceVolumeDataSource feature - gate to be enabled.' properties: apiGroup: - description: APIGroup is the group for - the resource being referenced. If APIGroup - is not specified, the specified Kind - must be in the core API group. For any - other third-party types, APIGroup is - required. type: string kind: - description: Kind is the type of resource - being referenced type: string name: - description: Name is the name of resource - being referenced type: string namespace: - description: Namespace is the namespace - of resource being referenced Note that - when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant - object is required in the referent namespace - to allow that namespace's owner to accept - the reference. See the ReferenceGrant - documentation for details. (Alpha) This - field requires the CrossNamespaceVolumeDataSource - feature gate to be enabled. type: string required: - kind - name type: object resources: - description: 'resources represents the minimum - resources the volume should have. If RecoverVolumeExpansionFailure - feature is enabled users are allowed to - specify resource requirements that are lower - than previous value but must still be higher - than capacity recorded in the status field - of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: @@ -5049,9 +1952,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum - amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -5060,48 +1960,18 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum - amount of compute resources required. - If Requests is omitted for a container, - it defaults to Limits if that is explicitly - specified, otherwise to an implementation-defined - value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: - description: selector is a label query over - volumes to consider for binding. properties: matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. properties: key: - description: key is the label key - that the selector applies to. type: string operator: - description: operator represents - a key's relationship to a set - of values. Valid operators are - In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array - of string values. If the operator - is In or NotIn, the values array - must be non-empty. If the operator - is Exists or DoesNotExist, the - values array must be empty. This - array is replaced during a strategic - merge patch. items: type: string type: array @@ -5115,87 +1985,36 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName is the name - of the StorageClass required by the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeAttributesClassName: - description: 'volumeAttributesClassName may - be used to set the VolumeAttributesClass - used by this claim. If specified, the CSI - driver will create or update the volume - with the attributes defined in the corresponding - VolumeAttributesClass. This has a different - purpose than storageClassName, it can be - changed after the claim is created. An empty - string value means that no VolumeAttributesClass - will be applied to the claim but it''s not - allowed to reset this field to empty string - once it is set. If unspecified and the PersistentVolumeClaim - is unbound, the default VolumeAttributesClass - will be set by the persistentvolume controller - if it exists. If the resource referred to - by volumeAttributesClass does not exist, - this PersistentVolumeClaim will be set to - a Pending state, as reflected by the modifyVolumeStatus - field, until such as a resource exists. - More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires the VolumeAttributesClass - feature gate to be enabled.' type: string volumeMode: - description: volumeMode defines what type - of volume is required by the claim. Value - of Filesystem is implied when not included - in claim spec. type: string volumeName: - description: volumeName is the binding reference - to the PersistentVolume backing this claim. type: string type: object required: - spec type: object vsphereVolume: - description: vsphereVolume represents a vSphere volume - attached and mounted on kubelets host machine properties: fsType: - description: fsType is filesystem type to mount. - Must be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified. type: string storagePolicyID: - description: storagePolicyID is the storage Policy - Based Management (SPBM) profile ID associated - with the StoragePolicyName. type: string storagePolicyName: - description: storagePolicyName is the storage - Policy Based Management (SPBM) profile name. type: string volumePath: - description: volumePath is the path that identifies - vSphere volume vmdk type: string required: - volumePath type: object type: object usage: - description: Usage specifies the usage of the volume. type: string type: object type: array diff --git a/vendor/kubestash.dev/apimachinery/crds/addons.kubestash.com_functions.yaml b/vendor/kubestash.dev/apimachinery/crds/addons.kubestash.com_functions.yaml index 2059686a..d4f2af67 100644 --- a/vendor/kubestash.dev/apimachinery/crds/addons.kubestash.com_functions.yaml +++ b/vendor/kubestash.dev/apimachinery/crds/addons.kubestash.com_functions.yaml @@ -27,222 +27,107 @@ spec: name: v1alpha1 schema: openAPIV3Schema: - description: Function is the Schema for the functions API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: args: - description: 'Args specifies the arguments to the entrypoint. The - docker image''s CMD is used if this is not provided. Variable references - $(VAR_NAME) are expanded using the container''s environment. If - a variable cannot be resolved, the reference in the input string - will be unchanged. The $(VAR_NAME) syntax can be escaped with a - double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, - regardless of whether the variable exists or not. Cannot be updated. - More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array availableVersions: - description: 'AvailableVersions is the list of available addon versions - This is needed for the KubeStash resolver, if Image has some variables - in it. For example, `image: ghcr.io/kubedb/mongodb-restic-plugin:v0.7.0_${DB_VERSION}`' items: type: string type: array command: - description: 'Entrypoint array. Not executed within a shell. The docker - image''s ENTRYPOINT is used if this is not provided. Variable references - $(VAR_NAME) are expanded using the container''s environment. If - a variable cannot be resolved, the reference in the input string - will be unchanged. The $(VAR_NAME) syntax can be escaped with a - double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, - regardless of whether the variable exists or not. Cannot be updated. - More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array image: - description: 'Image specifies the docker image name. More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config management to - default or override container images in workload controllers like - Deployments and StatefulSets.' type: string ports: - description: Ports specifies the list of ports to expose from the - container. Exposing a port here gives the system additional information - about the network connections a container uses, but is primarily - informational. Not specifying a port here DOES NOT prevent that - port from being exposed. Any port which is listening on the default - "0.0.0.0" address inside a container will be accessible from the - network. Cannot be updated. items: - description: ContainerPort represents a network port in a single - container. properties: containerPort: - description: Number of port to expose on the pod's IP address. - This must be a valid port number, 0 < x < 65536. format: int32 type: integer hostIP: - description: What host IP to bind the external port to. type: string hostPort: - description: Number of port to expose on the host. If specified, - this must be a valid port number, 0 < x < 65536. If HostNetwork - is specified, this must match ContainerPort. Most containers - do not need this. format: int32 type: integer name: - description: If specified, this must be an IANA_SVC_NAME and - unique within the pod. Each named port in a pod must have - a unique name. Name for the port that can be referred to by - services. type: string protocol: default: TCP - description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults - to "TCP". type: string required: - containerPort type: object type: array runtimeSettings: - description: RuntimeSettings allow to specify Resources, LivenessProbe, - ReadinessProbe, Lifecycle, SecurityContext etc. properties: env: - description: List of environment variables to set in the container. - Cannot be updated. items: - description: EnvVar represents an environment variable present - in a Container. properties: name: - description: Name of the environment variable. Must be a - C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in - the container and any service environment variables. If - a variable cannot be resolved, the reference in the input - string will be unchanged. Double $$ are reduced to a single - $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless - of whether the variable exists or not. Defaults to "".' type: string valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. properties: configMapKeyRef: - description: Selects a key of a ConfigMap. properties: key: - description: The key to select. type: string name: default: "" - description: 'Name of the referent. This field is - effectively required, but due to backwards compatibility - is allowed to be empty. Instances of this type - with an empty value here are almost certainly - wrong. TODO: Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs.' properties: apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". type: string fieldPath: - description: Path of the field to select in the - specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' properties: containerName: - description: 'Container name: required for volumes, - optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output format of the - exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to select' type: string required: - resource type: object x-kubernetes-map-type: atomic secretKeyRef: - description: Selects a key of a secret in the pod's - namespace properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: default: "" - description: 'Name of the referent. This field is - effectively required, but due to backwards compatibility - is allowed to be empty. Instances of this type - with an empty value here are almost certainly - wrong. TODO: Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -254,63 +139,31 @@ spec: type: object type: array envFrom: - description: List of sources to populate environment variables - in the container. The keys defined within a source must be a - C_IDENTIFIER. All invalid keys will be reported as an event - when the container is starting. When a key exists in multiple - sources, the value associated with the last source will take - precedence. Values defined by an Env with a duplicate key will - take precedence. Cannot be updated. items: - description: EnvFromSource represents the source of a set of - ConfigMaps properties: configMapRef: - description: The ConfigMap to select from properties: name: default: "" - description: 'Name of the referent. This field is effectively - required, but due to backwards compatibility is allowed - to be empty. Instances of this type with an empty - value here are almost certainly wrong. TODO: Add other - useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the ConfigMap must be defined type: boolean type: object x-kubernetes-map-type: atomic prefix: - description: An optional identifier to prepend to each key - in the ConfigMap. Must be a C_IDENTIFIER. type: string secretRef: - description: The Secret to select from properties: name: default: "" - description: 'Name of the referent. This field is effectively - required, but due to backwards compatibility is allowed - to be empty. Instances of this type with an empty - value here are almost certainly wrong. TODO: Add other - useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the Secret must be defined type: boolean type: object x-kubernetes-map-type: atomic type: object type: array ionice: - description: 'Settings to configure `ionice` to throttle the load - on disk. More info: http://kennystechtalk.blogspot.com/2015/04/throttling-cpu-usage-with-linux-cgroups.html - More info: https://oakbytes.wordpress.com/2012/06/06/linux-scheduler-cfs-and-nice/' properties: class: format: int32 @@ -320,55 +173,27 @@ spec: type: integer type: object lifecycle: - description: Actions that the management system should take in - response to container lifecycle events. Cannot be updated. properties: postStart: - description: 'PostStart is called immediately after a container - is created. If the handler fails, the container is terminated - and restarted according to its restart policy. Other management - of the container blocks until the hook completes. More info: - https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', - etc) won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes properties: name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. type: string value: - description: The header field value type: string required: - name @@ -377,108 +202,58 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port to access - on the container. Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. type: string required: - port type: object sleep: - description: Sleep represents the duration that the container - should sleep before being terminated. properties: seconds: - description: Seconds is the number of seconds to sleep. format: int64 type: integer required: - seconds type: object tcpSocket: - description: Deprecated. TCPSocket is NOT supported as - a LifecycleHandler and kept for the backward compatibility. - There are no validation of this field and lifecycle - hooks will fail in runtime when tcp handler is specified. properties: host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access - on the container. Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: - description: 'PreStop is called immediately before a container - is terminated due to an API request or management event - such as liveness/startup probe failure, preemption, resource - contention, etc. The handler is not called if the container - crashes or exits. The Pod''s termination grace period countdown - begins before the PreStop hook is executed. Regardless of - the outcome of the handler, the container will eventually - terminate within the Pod''s termination grace period (unless - delayed by finalizers). Other management of the container - blocks until the hook completes or until the termination - grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', - etc) won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes properties: name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. type: string value: - description: The header field value type: string required: - name @@ -487,51 +262,33 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port to access - on the container. Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. type: string required: - port type: object sleep: - description: Sleep represents the duration that the container - should sleep before being terminated. properties: seconds: - description: Seconds is the number of seconds to sleep. format: int64 type: integer required: - seconds type: object tcpSocket: - description: Deprecated. TCPSocket is NOT supported as - a LifecycleHandler and kept for the backward compatibility. - There are no validation of this field and lifecycle - hooks will fail in runtime when tcp handler is specified. properties: host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access - on the container. Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -539,72 +296,38 @@ spec: type: object type: object livenessProbe: - description: 'Periodic probe of container liveness. Container - will be restarted if the probe fails. Cannot be updated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute inside - the container, the working directory for the command is - root ('/') in the container's filesystem. The command - is simply exec'd, it is not run inside a shell, so traditional - shell instructions ('|', etc) won't work. To use a shell, - you need to explicitly call out to that shell. Exit - status of 0 is treated as live/healthy and non-zero - is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive failures for the probe to - be considered failed after having succeeded. Defaults to - 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC port. properties: port: - description: Port number of the gRPC service. Number must - be in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name of the service to place - in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior is - defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. items: - description: HTTPHeader describes a custom header to - be used in HTTP probes properties: name: - description: The header field name. This will be - canonicalized upon output, so case-variant names - will be understood as the same header. type: string value: - description: The header field value type: string required: - name @@ -613,159 +336,84 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port to access on the - container. Number must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has started - before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe to - be considered successful after having failed. Defaults to - 1. Must be 1 for liveness and startup. Minimum value is - 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving a TCP - port. properties: host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on the - container. Number must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs to - terminate gracefully upon probe failure. The grace period - is the duration in seconds after the processes running in - the pod are sent a termination signal and the time when - the processes are forcibly halted with a kill signal. Set - this value longer than the expected cleanup time for your - process. If this value is nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this value overrides the value - provided by the pod spec. Value must be non-negative integer. - The value zero indicates stop immediately via the kill signal - (no opportunity to shut down). This is a beta field and - requires enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds is - used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object nice: - description: 'Settings to configure `nice` to throttle the load - on cpu. More info: http://kennystechtalk.blogspot.com/2015/04/throttling-cpu-usage-with-linux-cgroups.html - More info: https://oakbytes.wordpress.com/2012/06/06/linux-scheduler-cfs-and-nice/' properties: adjustment: format: int32 type: integer type: object readinessProbe: - description: 'Periodic probe of container service readiness. Container - will be removed from service endpoints if the probe fails. Cannot - be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute inside - the container, the working directory for the command is - root ('/') in the container's filesystem. The command - is simply exec'd, it is not run inside a shell, so traditional - shell instructions ('|', etc) won't work. To use a shell, - you need to explicitly call out to that shell. Exit - status of 0 is treated as live/healthy and non-zero - is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive failures for the probe to - be considered failed after having succeeded. Defaults to - 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC port. properties: port: - description: Port number of the gRPC service. Number must - be in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name of the service to place - in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior is - defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. items: - description: HTTPHeader describes a custom header to - be used in HTTP probes properties: name: - description: The header field name. This will be - canonicalized upon output, so case-variant names - will be understood as the same header. type: string value: - description: The header field value type: string required: - name @@ -774,101 +422,51 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port to access on the - container. Number must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has started - before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe to - be considered successful after having failed. Defaults to - 1. Must be 1 for liveness and startup. Minimum value is - 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving a TCP - port. properties: host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on the - container. Number must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs to - terminate gracefully upon probe failure. The grace period - is the duration in seconds after the processes running in - the pod are sent a termination signal and the time when - the processes are forcibly halted with a kill signal. Set - this value longer than the expected cleanup time for your - process. If this value is nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this value overrides the value - provided by the pod spec. Value must be non-negative integer. - The value zero indicates stop immediately via the kill signal - (no opportunity to shut down). This is a beta field and - requires enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds is - used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object resources: - description: 'Compute Resources required by container. Cannot - be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' properties: claims: - description: "Claims lists the names of resources, defined - in spec.resourceClaims, that are used by this container. - \n This is an alpha field and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It can only be - set for containers." items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of one entry in - pod.spec.resourceClaims of the Pod where this field - is used. It makes that resource available inside a - container. type: string required: - name @@ -884,8 +482,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -894,222 +490,87 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. Requests cannot exceed - Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: - description: 'Security options the pod should run with. More info: - https://kubernetes.io/docs/concepts/policy/security-context/ - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a - process can gain more privileges than its parent process. - This bool directly controls if the no_new_privs flag will - be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged - 2) has CAP_SYS_ADMIN Note that this field cannot be set - when spec.os.name is windows.' type: boolean appArmorProfile: - description: appArmorProfile is the AppArmor options to use - by this container. If set, this profile overrides the pod's - appArmorProfile. Note that this field cannot be set when - spec.os.name is windows. properties: localhostProfile: - description: localhostProfile indicates a profile loaded - on the node that should be used. The profile must be - preconfigured on the node to work. Must match the loaded - name of the profile. Must be set if and only if type - is "Localhost". type: string type: - description: 'type indicates which kind of AppArmor profile - will be applied. Valid options are: Localhost - a profile - pre-loaded on the node. RuntimeDefault - the container - runtime''s default profile. Unconfined - no AppArmor - enforcement.' type: string required: - type type: object capabilities: - description: The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted by the - container runtime. Note that this field cannot be set when - spec.os.name is windows. properties: add: - description: Added capabilities items: - description: Capability represent POSIX capabilities - type type: string type: array x-kubernetes-list-type: atomic drop: - description: Removed capabilities items: - description: Capability represent POSIX capabilities - type type: string type: array x-kubernetes-list-type: atomic type: object privileged: - description: Run container in privileged mode. Processes in - privileged containers are essentially equivalent to root - on the host. Defaults to false. Note that this field cannot - be set when spec.os.name is windows. type: boolean procMount: - description: procMount denotes the type of proc mount to use - for the containers. The default is DefaultProcMount which - uses the container runtime defaults for readonly paths and - masked paths. This requires the ProcMountType feature flag - to be enabled. Note that this field cannot be set when spec.os.name - is windows. type: string readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. - Default is false. Note that this field cannot be set when - spec.os.name is windows. type: boolean runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be set - in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set when - spec.os.name is windows. format: int64 type: integer runAsNonRoot: - description: Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail - to start the container if it does. If unset or false, no - such validation will be performed. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata if - unspecified. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. Note - that this field cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be applied to the container. - If unspecified, the container runtime will allocate a random - SELinux context for each container. May also be set in - PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set when - spec.os.name is windows. properties: level: - description: Level is SELinux level label that applies - to the container. type: string role: - description: Role is a SELinux role label that applies - to the container. type: string type: - description: Type is a SELinux type label that applies - to the container. type: string user: - description: User is a SELinux user label that applies - to the container. type: string type: object seccompProfile: - description: The seccomp options to use by this container. - If seccomp options are provided at both the pod & container - level, the container options override the pod options. Note - that this field cannot be set when spec.os.name is windows. properties: localhostProfile: - description: localhostProfile indicates a profile defined - in a file on the node should be used. The profile must - be preconfigured on the node to work. Must be a descending - path, relative to the kubelet's configured seccomp profile - location. Must be set if type is "Localhost". Must NOT - be set for any other type. type: string type: - description: "type indicates which kind of seccomp profile - will be applied. Valid options are: \n Localhost - a - profile defined in a file on the node should be used. - RuntimeDefault - the container runtime default profile - should be used. Unconfined - no profile should be applied." type: string required: - type type: object windowsOptions: - description: The Windows specific settings applied to all - containers. If unspecified, the options from the PodSecurityContext - will be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is - linux. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named - by the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the - GMSA credential spec to use. type: string hostProcess: - description: HostProcess determines if a container should - be run as a 'Host Process' container. All of a Pod's - containers must have the same effective HostProcess - value (it is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In addition, - if HostProcess is true then HostNetwork must also be - set to true. type: boolean runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set in - PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext - takes precedence. type: string type: object type: object type: object volumeDevices: - description: VolumeDevices is the list of block devices to be used - by the container. This is an alpha feature and may change in the - future. items: - description: volumeDevice describes a mapping of a raw block device - within a container. properties: devicePath: - description: devicePath is the path inside of the container - that the device will be mapped to. type: string name: - description: name must match the name of a persistentVolumeClaim - in the pod type: string required: - devicePath @@ -1117,57 +578,21 @@ spec: type: object type: array volumeMounts: - description: VolumeMounts specifies the Pod volumes to mount into - the container's filesystem. Cannot be updated. items: - description: VolumeMount describes a mounting of a Volume within - a container. properties: mountPath: - description: Path within the container at which the volume should - be mounted. Must not contain ':'. type: string mountPropagation: - description: mountPropagation determines how mounts are propagated - from the host to container and the other way around. When - not set, MountPropagationNone is used. This field is beta - in 1.10. When RecursiveReadOnly is set to IfPossible or to - Enabled, MountPropagation must be None or unspecified (which - defaults to None). type: string name: - description: This must match the Name of a Volume. type: string readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. type: boolean recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only - mounts should be handled recursively. \n If ReadOnly is false, - this field has no meaning and must be unspecified. \n If ReadOnly - is true, and this field is set to Disabled, the mount is not - made recursively read-only. If this field is set to IfPossible, - the mount is made recursively read-only, if it is supported - by the container runtime. If this field is set to Enabled, - the mount is made recursively read-only if it is supported - by the container runtime, otherwise the pod will not be started - and an error will be generated to indicate the reason. \n - If this field is set to IfPossible or Enabled, MountPropagation - must be set to None (or be unspecified, which defaults to - None). \n If this field is not specified, it is treated as - an equivalent of Disabled." type: string subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). type: string subPathExpr: - description: Expanded path within the volume from which the - container's volume should be mounted. Behaves similarly to - SubPath but environment variable references $(VAR_NAME) are - expanded using the container's environment. Defaults to "" - (volume's root). SubPathExpr and SubPath are mutually exclusive. type: string required: - mountPath @@ -1175,9 +600,6 @@ spec: type: object type: array workingDir: - description: WorkDir specifies the container's working directory. - If not specified, the container runtime's default will be used, - which might be configured in the container image. Cannot be updated. type: string type: object type: object diff --git a/vendor/kubestash.dev/apimachinery/crds/core.kubestash.com_backupbatches.yaml b/vendor/kubestash.dev/apimachinery/crds/core.kubestash.com_backupbatches.yaml index 790559ec..b2b6c171 100644 --- a/vendor/kubestash.dev/apimachinery/crds/core.kubestash.com_backupbatches.yaml +++ b/vendor/kubestash.dev/apimachinery/crds/core.kubestash.com_backupbatches.yaml @@ -25,72 +25,34 @@ spec: name: v1alpha1 schema: openAPIV3Schema: - description: BackupBatch specifies the configurations for taking backup of - multiple co-related applications. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: BackupBatchSpec defines the targets of backup, the backend - where the backed up data will be stored, and the session configuration - which specifies when and how to take the backup. properties: backends: - description: "Backends specifies a list of storage references where - the backed up data will be stored. The respective BackupStorages - can be in a different namespace than the BackupBatch. However, it - must be allowed by the `usagePolicy` of the BackupStorage to refer - from this namespace. \n This field is optional, if you don't provide - any backend here, KubeStash will use the default BackupStorage for - the namespace. If a default BackupStorage does not exist in the - same namespace, then KubeStash will look for a default BackupStorage - in other namespaces that allows using it from the BackupBatch namespace." items: - description: BackendReference specifies reference to a storage where - the backed up data will be stored. properties: name: - description: Name provides an identifier for this storage. type: string retentionPolicy: - description: RetentionPolicy refers to a RetentionPolicy CRs - which defines how to cleanup the old Snapshots. This field - is optional. If you don't provide this field, KubeStash will - use the default RetentionPolicy for the namespace. If there - is no default RetentionPolicy for the namespace, then KubeStash - will find a RetentionPolicy from other namespaces that is - allowed to use from the current namespace. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string required: - name type: object storageRef: - description: StorageRef refers to the CR that holds the information - of a storage. You can refer to the BackupStorage CR of a different - namespace as long as it is allowed by the `usagePolicy` of - the BackupStorage.` properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string required: - name @@ -98,238 +60,102 @@ spec: type: object type: array paused: - description: Paused indicates that the BackupBatch has been paused - from taking backup. Default value is 'false'. If you set `paused` - field to `true`, KubeStash will suspend the respective backup triggering - CronJob and skip processing any further events for this BackupBatch. type: boolean sessions: - description: Session defines a list of session configurations that - specifies when and how to take backup. items: - description: BatchSession specifies the session configuration for - the targets. properties: backupTimeout: - description: BackupTimeout specifies the maximum duration of - backup. Backup will be considered Failed if backup tasks do - not complete within this time limit. By default, KubeStash - don't set any timeout for backup. type: string hooks: - description: Hooks specifies the backup hooks that should be - executed before and/or after the backup. properties: postBackup: - description: PostBackup specifies a list of hooks that will - be executed after backup items: - description: HookInfo specifies the information about - the backup/restore hooks properties: executionPolicy: default: Always - description: 'ExecutionPolicy specifies when to execute - the hook. Valid values are: - "Always": KubeStash - will execute this hook no matter the backup/restore - failed. This is the default execution policy. - - "OnSuccess": KubeStash will execute this hook only - if the backup/restore has succeeded. - "OnFailure": - KubeStash will execute this hook only if the backup/restore - has failed.' enum: - Always - OnSuccess - OnFailure type: string hookTemplate: - description: HookTemplate points to a HookTemplate - CR that will be used to execute the hook. You can - refer to a HookTemplate from other namespaces as - long as your current namespace is allowed by the - `usagePolicy` in the respective HookTemplate. properties: name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string required: - name type: object maxRetry: - description: MaxRetry specifies how many times KubeStash - should retry the hook execution in case of failure. - The default value of this field is 0 which means - no retry. format: int32 minimum: 0 type: integer name: - description: Name specifies a name for the hook type: string params: - description: Params specifies parameters for the hook. - You must provide the parameter in the HookTemplates - desired structure. type: object x-kubernetes-preserve-unknown-fields: true runtimeSettings: - description: RuntimeSettings specifies runtime configurations - for the hook executor Job. Use this field only for - `Function` type hook executor. properties: container: properties: env: - description: List of environment variables - to set in the container. Cannot be updated. items: - description: EnvVar represents an environment - variable present in a Container. properties: name: - description: Name of the environment - variable. Must be a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) - are expanded using the previously - defined environment variables in the - container and any service environment - variables. If a variable cannot be - resolved, the reference in the input - string will be unchanged. Double $$ - are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: - i.e. "$$(VAR_NAME)" will produce the - string literal "$(VAR_NAME)". Escaped - references will never be expanded, - regardless of whether the variable - exists or not. Defaults to "".' type: string valueFrom: - description: Source for the environment - variable's value. Cannot be used if - value is not empty. properties: configMapKeyRef: - description: Selects a key of a - ConfigMap. properties: key: - description: The key to select. type: string name: default: "" - description: 'Name of the referent. - This field is effectively - required, but due to backwards - compatibility is allowed to - be empty. Instances of this - type with an empty value here - are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether - the ConfigMap or its key must - be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of - the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, status.podIPs.' properties: apiVersion: - description: Version of the - schema the FieldPath is written - in terms of, defaults to "v1". type: string fieldPath: - description: Path of the field - to select in the specified - API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource - of the container: only resources - limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, - requests.cpu, requests.memory - and requests.ephemeral-storage) - are currently supported.' properties: containerName: - description: 'Container name: - required for volumes, optional - for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output - format of the exposed resources, - defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource - to select' type: string required: - resource type: object x-kubernetes-map-type: atomic secretKeyRef: - description: Selects a key of a - secret in the pod's namespace properties: key: - description: The key of the - secret to select from. Must - be a valid secret key. type: string name: default: "" - description: 'Name of the referent. - This field is effectively - required, but due to backwards - compatibility is allowed to - be empty. Instances of this - type with an empty value here - are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether - the Secret or its key must - be defined type: boolean required: - key @@ -341,81 +167,31 @@ spec: type: object type: array envFrom: - description: List of sources to populate environment - variables in the container. The keys defined - within a source must be a C_IDENTIFIER. - All invalid keys will be reported as an - event when the container is starting. When - a key exists in multiple sources, the value - associated with the last source will take - precedence. Values defined by an Env with - a duplicate key will take precedence. Cannot - be updated. items: - description: EnvFromSource represents the - source of a set of ConfigMaps properties: configMapRef: - description: The ConfigMap to select - from properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the - ConfigMap must be defined type: boolean type: object x-kubernetes-map-type: atomic prefix: - description: An optional identifier - to prepend to each key in the ConfigMap. - Must be a C_IDENTIFIER. type: string secretRef: - description: The Secret to select from properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the - Secret must be defined type: boolean type: object x-kubernetes-map-type: atomic type: object type: array ionice: - description: 'Settings to configure `ionice` - to throttle the load on disk. More info: - http://kennystechtalk.blogspot.com/2015/04/throttling-cpu-usage-with-linux-cgroups.html - More info: https://oakbytes.wordpress.com/2012/06/06/linux-scheduler-cfs-and-nice/' properties: class: format: int32 @@ -425,72 +201,27 @@ spec: type: integer type: object lifecycle: - description: Actions that the management system - should take in response to container lifecycle - events. Cannot be updated. properties: postStart: - description: 'PostStart is called immediately - after a container is created. If the - handler fails, the container is terminated - and restarted according to its restart - policy. Other management of the container - blocks until the hook completes. More - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: Exec specifies the action - to take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the - command is root ('/') in the - container's filesystem. The - command is simply exec'd, it - is not run inside a shell, so - traditional shell instructions - ('|', etc) won't work. To use - a shell, you need to explicitly - call out to that shell. Exit - status of 0 is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the - http request to perform. properties: host: - description: Host name to connect - to, defaults to the pod IP. - You probably want to set "Host" - in httpHeaders instead. type: string httpHeaders: - description: Custom headers to - set in the request. HTTP allows - repeated headers. items: - description: HTTPHeader describes - a custom header to be used - in HTTP probes properties: name: - description: The header - field name. This will - be canonicalized upon - output, so case-variant - names will be understood - as the same header. type: string value: - description: The header - field value type: string required: - name @@ -499,138 +230,58 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on - the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for - connecting to the host. Defaults - to HTTP. type: string required: - port type: object sleep: - description: Sleep represents the - duration that the container should - sleep before being terminated. properties: seconds: - description: Seconds is the number - of seconds to sleep. format: int64 type: integer required: - seconds type: object tcpSocket: - description: Deprecated. TCPSocket - is NOT supported as a LifecycleHandler - and kept for the backward compatibility. - There are no validation of this - field and lifecycle hooks will fail - in runtime when tcp handler is specified. properties: host: - description: 'Optional: Host name - to connect to, defaults to the - pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: - description: 'PreStop is called immediately - before a container is terminated due - to an API request or management event - such as liveness/startup probe failure, - preemption, resource contention, etc. - The handler is not called if the container - crashes or exits. The Pod''s termination - grace period countdown begins before - the PreStop hook is executed. Regardless - of the outcome of the handler, the container - will eventually terminate within the - Pod''s termination grace period (unless - delayed by finalizers). Other management - of the container blocks until the hook - completes or until the termination grace - period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: Exec specifies the action - to take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the - command is root ('/') in the - container's filesystem. The - command is simply exec'd, it - is not run inside a shell, so - traditional shell instructions - ('|', etc) won't work. To use - a shell, you need to explicitly - call out to that shell. Exit - status of 0 is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the - http request to perform. properties: host: - description: Host name to connect - to, defaults to the pod IP. - You probably want to set "Host" - in httpHeaders instead. type: string httpHeaders: - description: Custom headers to - set in the request. HTTP allows - repeated headers. items: - description: HTTPHeader describes - a custom header to be used - in HTTP probes properties: name: - description: The header - field name. This will - be canonicalized upon - output, so case-variant - names will be understood - as the same header. type: string value: - description: The header - field value type: string required: - name @@ -639,62 +290,33 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on - the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for - connecting to the host. Defaults - to HTTP. type: string required: - port type: object sleep: - description: Sleep represents the - duration that the container should - sleep before being terminated. properties: seconds: - description: Seconds is the number - of seconds to sleep. format: int64 type: integer required: - seconds type: object tcpSocket: - description: Deprecated. TCPSocket - is NOT supported as a LifecycleHandler - and kept for the backward compatibility. - There are no validation of this - field and lifecycle hooks will fail - in runtime when tcp handler is specified. properties: host: - description: 'Optional: Host name - to connect to, defaults to the - pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -702,88 +324,38 @@ spec: type: object type: object livenessProbe: - description: 'Periodic probe of container - liveness. Container will be restarted if - the probe fails. Cannot be updated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action - to take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it - is not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to - explicitly call out to that shell. - Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults to - 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action - involving a GRPC port. properties: port: - description: Port number of the gRPC - service. Number must be in the range - 1 to 65535. format: int32 type: integer service: - description: "Service is the name - of the service to place in the gRPC - HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the - default behavior is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http - request to perform. properties: host: - description: Host name to connect - to, defaults to the pod IP. You - probably want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers to set - in the request. HTTP allows repeated - headers. items: - description: HTTPHeader describes - a custom header to be used in - HTTP probes properties: name: - description: The header field - name. This will be canonicalized - upon output, so case-variant - names will be understood as - the same header. type: string value: - description: The header field - value type: string required: - name @@ -792,190 +364,84 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the - HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the - port to access on the container. - Number must be in the range 1 to - 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after - the container has started before liveness - probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to - perform the probe. Default to 10 seconds. - Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to 1. - Must be 1 for liveness and startup. - Minimum value is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action - involving a TCP port. properties: host: - description: 'Optional: Host name - to connect to, defaults to the pod - IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the - port to access on the container. - Number must be in the range 1 to - 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds - the pod needs to terminate gracefully - upon probe failure. The grace period - is the duration in seconds after the - processes running in the pod are sent - a termination signal and the time when - the processes are forcibly halted with - a kill signal. Set this value longer - than the expected cleanup time for your - process. If this value is nil, the pod's - terminationGracePeriodSeconds will be - used. Otherwise, this value overrides - the value provided by the pod spec. - Value must be non-negative integer. - The value zero indicates stop immediately - via the kill signal (no opportunity - to shut down). This is a beta field - and requires enabling ProbeTerminationGracePeriod - feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after - which the probe times out. Defaults - to 1 second. Minimum value is 1. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object nice: - description: 'Settings to configure `nice` - to throttle the load on cpu. More info: - http://kennystechtalk.blogspot.com/2015/04/throttling-cpu-usage-with-linux-cgroups.html - More info: https://oakbytes.wordpress.com/2012/06/06/linux-scheduler-cfs-and-nice/' properties: adjustment: format: int32 type: integer type: object readinessProbe: - description: 'Periodic probe of container - service readiness. Container will be removed - from service endpoints if the probe fails. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action - to take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it - is not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to - explicitly call out to that shell. - Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults to - 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action - involving a GRPC port. properties: port: - description: Port number of the gRPC - service. Number must be in the range - 1 to 65535. format: int32 type: integer service: - description: "Service is the name - of the service to place in the gRPC - HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the - default behavior is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http - request to perform. properties: host: - description: Host name to connect - to, defaults to the pod IP. You - probably want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers to set - in the request. HTTP allows repeated - headers. items: - description: HTTPHeader describes - a custom header to be used in - HTTP probes properties: name: - description: The header field - name. This will be canonicalized - upon output, so case-variant - names will be understood as - the same header. type: string value: - description: The header field - value type: string required: - name @@ -984,120 +450,51 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the - HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the - port to access on the container. - Number must be in the range 1 to - 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after - the container has started before liveness - probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to - perform the probe. Default to 10 seconds. - Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to 1. - Must be 1 for liveness and startup. - Minimum value is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action - involving a TCP port. properties: host: - description: 'Optional: Host name - to connect to, defaults to the pod - IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the - port to access on the container. - Number must be in the range 1 to - 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds - the pod needs to terminate gracefully - upon probe failure. The grace period - is the duration in seconds after the - processes running in the pod are sent - a termination signal and the time when - the processes are forcibly halted with - a kill signal. Set this value longer - than the expected cleanup time for your - process. If this value is nil, the pod's - terminationGracePeriodSeconds will be - used. Otherwise, this value overrides - the value provided by the pod spec. - Value must be non-negative integer. - The value zero indicates stop immediately - via the kill signal (no opportunity - to shut down). This is a beta field - and requires enabling ProbeTerminationGracePeriod - feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after - which the probe times out. Defaults - to 1 second. Minimum value is 1. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object resources: - description: 'Compute Resources required by - container. Cannot be updated. More info: - https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' properties: claims: - description: "Claims lists the names of - resources, defined in spec.resourceClaims, - that are used by this container. \n - This is an alpha field and requires - enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. - It can only be set for containers." items: - description: ResourceClaim references - one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the - name of one entry in pod.spec.resourceClaims - of the Pod where this field is - used. It makes that resource available - inside a container. type: string required: - name @@ -1113,9 +510,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum - amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -1124,248 +518,77 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum - amount of compute resources required. - If Requests is omitted for a container, - it defaults to Limits if that is explicitly - specified, otherwise to an implementation-defined - value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: - description: 'Security options the pod should - run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation - controls whether a process can gain - more privileges than its parent process. - This bool directly controls if the no_new_privs - flag will be set on the container process. - AllowPrivilegeEscalation is true always - when the container is: 1) run as Privileged - 2) has CAP_SYS_ADMIN Note that this - field cannot be set when spec.os.name - is windows.' type: boolean appArmorProfile: - description: appArmorProfile is the AppArmor - options to use by this container. If - set, this profile overrides the pod's - appArmorProfile. Note that this field - cannot be set when spec.os.name is windows. properties: localhostProfile: - description: localhostProfile indicates - a profile loaded on the node that - should be used. The profile must - be preconfigured on the node to - work. Must match the loaded name - of the profile. Must be set if and - only if type is "Localhost". type: string type: - description: 'type indicates which - kind of AppArmor profile will be - applied. Valid options are: Localhost - - a profile pre-loaded on the node. - RuntimeDefault - the container runtime''s - default profile. Unconfined - no - AppArmor enforcement.' type: string required: - type type: object capabilities: - description: The capabilities to add/drop - when running containers. Defaults to - the default set of capabilities granted - by the container runtime. Note that - this field cannot be set when spec.os.name - is windows. properties: add: - description: Added capabilities items: - description: Capability represent - POSIX capabilities type type: string type: array x-kubernetes-list-type: atomic drop: - description: Removed capabilities items: - description: Capability represent - POSIX capabilities type type: string type: array x-kubernetes-list-type: atomic type: object privileged: - description: Run container in privileged - mode. Processes in privileged containers - are essentially equivalent to root on - the host. Defaults to false. Note that - this field cannot be set when spec.os.name - is windows. type: boolean procMount: - description: procMount denotes the type - of proc mount to use for the containers. - The default is DefaultProcMount which - uses the container runtime defaults - for readonly paths and masked paths. - This requires the ProcMountType feature - flag to be enabled. Note that this field - cannot be set when spec.os.name is windows. type: string readOnlyRootFilesystem: - description: Whether this container has - a read-only root filesystem. Default - is false. Note that this field cannot - be set when spec.os.name is windows. type: boolean runAsGroup: - description: The GID to run the entrypoint - of the container process. Uses runtime - default if unset. May also be set in - PodSecurityContext. If set in both - SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this field - cannot be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: - description: Indicates that the container - must run as a non-root user. If true, - the Kubelet will validate the image - at runtime to ensure that it does not - run as UID 0 (root) and fail to start - the container if it does. If unset or - false, no such validation will be performed. - May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint - of the container process. Defaults to - user specified in image metadata if - unspecified. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this field - cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be - applied to the container. If unspecified, - the container runtime will allocate - a random SELinux context for each container. May - also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this field - cannot be set when spec.os.name is windows. properties: level: - description: Level is SELinux level - label that applies to the container. type: string role: - description: Role is a SELinux role - label that applies to the container. type: string type: - description: Type is a SELinux type - label that applies to the container. type: string user: - description: User is a SELinux user - label that applies to the container. type: string type: object seccompProfile: - description: The seccomp options to use - by this container. If seccomp options - are provided at both the pod & container - level, the container options override - the pod options. Note that this field - cannot be set when spec.os.name is windows. properties: localhostProfile: - description: localhostProfile indicates - a profile defined in a file on the - node should be used. The profile - must be preconfigured on the node - to work. Must be a descending path, - relative to the kubelet's configured - seccomp profile location. Must be - set if type is "Localhost". Must - NOT be set for any other type. type: string type: - description: "type indicates which - kind of seccomp profile will be - applied. Valid options are: \n Localhost - - a profile defined in a file on - the node should be used. RuntimeDefault - - the container runtime default - profile should be used. Unconfined - - no profile should be applied." type: string required: - type type: object windowsOptions: - description: The Windows specific settings - applied to all containers. If unspecified, - the options from the PodSecurityContext - will be used. If set in both SecurityContext - and PodSecurityContext, the value specified - in SecurityContext takes precedence. - Note that this field cannot be set when - spec.os.name is linux. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is - where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA - credential spec named by the GMSACredentialSpecName - field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName - is the name of the GMSA credential - spec to use. type: string hostProcess: - description: HostProcess determines - if a container should be run as - a 'Host Process' container. All - of a Pod's containers must have - the same effective HostProcess value - (it is not allowed to have a mix - of HostProcess containers and non-HostProcess - containers). In addition, if HostProcess - is true then HostNetwork must also - be set to true. type: boolean runAsUserName: - description: The UserName in Windows - to run the entrypoint of the container - process. Defaults to the user specified - in image metadata if unspecified. - May also be set in PodSecurityContext. - If set in both SecurityContext and - PodSecurityContext, the value specified - in SecurityContext takes precedence. type: string type: object type: object @@ -1373,91 +596,22 @@ spec: pod: properties: affinity: - description: If specified, the pod's scheduling - constraints properties: nodeAffinity: - description: Describes node affinity scheduling - rules for the pod. properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer - to schedule pods to nodes that satisfy - the affinity expressions specified - by this field, but it may choose - a node that violates one or more - of the expressions. The node that - is most preferred is the one with - the greatest sum of weights, i.e. - for each node that meets all of - the scheduling requirements (resource - request, requiredDuringScheduling - affinity expressions, etc.), compute - a sum by iterating through the elements - of this field and adding "weight" - to the sum if the node matches the - corresponding matchExpressions; - the node(s) with the highest sum - are the most preferred. items: - description: An empty preferred - scheduling term matches all objects - with implicit weight 0 (i.e. it's - a no-op). A null preferred scheduling - term matches no objects (i.e. - is also a no-op). properties: preference: - description: A node selector - term, associated with the - corresponding weight. properties: matchExpressions: - description: A list of node - selector requirements - by node's labels. items: - description: A node selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key - and values. properties: key: - description: The label - key that the selector - applies to. type: string operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, Exists, - DoesNotExist. Gt, - and Lt. type: string values: - description: An array - of string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. If - the operator is - Gt or Lt, the values - array must have - a single element, - which will be interpreted - as an integer. This - array is replaced - during a strategic - merge patch. items: type: string type: array @@ -1469,51 +623,13 @@ spec: type: array x-kubernetes-list-type: atomic matchFields: - description: A list of node - selector requirements - by node's fields. items: - description: A node selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key - and values. properties: key: - description: The label - key that the selector - applies to. type: string operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, Exists, - DoesNotExist. Gt, - and Lt. type: string values: - description: An array - of string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. If - the operator is - Gt or Lt, the values - array must have - a single element, - which will be interpreted - as an integer. This - array is replaced - during a strategic - merge patch. items: type: string type: array @@ -1527,10 +643,6 @@ spec: type: object x-kubernetes-map-type: atomic weight: - description: Weight associated - with matching the corresponding - nodeSelectorTerm, in the range - 1-100. format: int32 type: integer required: @@ -1540,75 +652,18 @@ spec: type: array x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements - specified by this field are not - met at scheduling time, the pod - will not be scheduled onto the node. - If the affinity requirements specified - by this field cease to be met at - some point during pod execution - (e.g. due to an update), the system - may or may not try to eventually - evict the pod from its node. properties: nodeSelectorTerms: - description: Required. A list - of node selector terms. The - terms are ORed. items: - description: A null or empty - node selector term matches - no objects. The requirements - of them are ANDed. The TopologySelectorTerm - type implements a subset of - the NodeSelectorTerm. properties: matchExpressions: - description: A list of node - selector requirements - by node's labels. items: - description: A node selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key - and values. properties: key: - description: The label - key that the selector - applies to. type: string operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, Exists, - DoesNotExist. Gt, - and Lt. type: string values: - description: An array - of string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. If - the operator is - Gt or Lt, the values - array must have - a single element, - which will be interpreted - as an integer. This - array is replaced - during a strategic - merge patch. items: type: string type: array @@ -1620,51 +675,13 @@ spec: type: array x-kubernetes-list-type: atomic matchFields: - description: A list of node - selector requirements - by node's fields. items: - description: A node selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key - and values. properties: key: - description: The label - key that the selector - applies to. type: string operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, Exists, - DoesNotExist. Gt, - and Lt. type: string values: - description: An array - of string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. If - the operator is - Gt or Lt, the values - array must have - a single element, - which will be interpreted - as an integer. This - array is replaced - during a strategic - merge patch. items: type: string type: array @@ -1685,97 +702,22 @@ spec: x-kubernetes-map-type: atomic type: object podAffinity: - description: Describes pod affinity scheduling - rules (e.g. co-locate this pod in the - same node, zone, etc. as some other - pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer - to schedule pods to nodes that satisfy - the affinity expressions specified - by this field, but it may choose - a node that violates one or more - of the expressions. The node that - is most preferred is the one with - the greatest sum of weights, i.e. - for each node that meets all of - the scheduling requirements (resource - request, requiredDuringScheduling - affinity expressions, etc.), compute - a sum by iterating through the elements - of this field and adding "weight" - to the sum if the node has pods - which matches the corresponding - podAffinityTerm; the node(s) with - the highest sum are the most preferred. items: - description: The weights of all - of the matched WeightedPodAffinityTerm - fields are added per-node to find - the most preferred node(s) properties: podAffinityTerm: - description: Required. A pod - affinity term, associated - with the corresponding weight. properties: labelSelector: - description: A label query - over a set of resources, - in this case pods. If - it's null, this PodAffinityTerm - matches with no Pods. properties: matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements are - ANDed. items: - description: A label - selector requirement - is a selector that - contains values, - a key, and an operator - that relates the - key and values. properties: key: - description: key - is the label - key that the - selector applies - to. type: string operator: - description: operator - represents a - key's relationship - to a set of - values. Valid - operators are - In, NotIn, Exists - and DoesNotExist. type: string values: - description: values - is an array - of string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or - DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic - merge patch. items: type: string type: array @@ -1789,151 +731,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels - map is equivalent - to an element of matchExpressions, - whose key field is - "key", the operator - is "In", and the values - array contains only - "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys - is a set of pod label - keys to select which pods - will be taken into consideration. - The keys are used to lookup - values from the incoming - pod labels, those key-value - labels are merged with - `labelSelector` as `key - in (value)` to select - the group of existing - pods which pods will be - taken into consideration - for the incoming pod's - pod (anti) affinity. Keys - that don't exist in the - incoming pod labels will - be ignored. The default - value is empty. The same - key is forbidden to exist - in both matchLabelKeys - and labelSelector. Also, - matchLabelKeys cannot - be set when labelSelector - isn't set. This is an - alpha field and requires - enabling MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys - is a set of pod label - keys to select which pods - will be taken into consideration. - The keys are used to lookup - values from the incoming - pod labels, those key-value - labels are merged with - `labelSelector` as `key - notin (value)` to select - the group of existing - pods which pods will be - taken into consideration - for the incoming pod's - pod (anti) affinity. Keys - that don't exist in the - incoming pod labels will - be ignored. The default - value is empty. The same - key is forbidden to exist - in both mismatchLabelKeys - and labelSelector. Also, - mismatchLabelKeys cannot - be set when labelSelector - isn't set. This is an - alpha field and requires - enabling MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query - over the set of namespaces - that the term applies - to. The term is applied - to the union of the namespaces - selected by this field - and the ones listed in - the namespaces field. - null selector and null - or empty namespaces list - means "this pod's namespace". - An empty selector ({}) - matches all namespaces. properties: matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements are - ANDed. items: - description: A label - selector requirement - is a selector that - contains values, - a key, and an operator - that relates the - key and values. properties: key: - description: key - is the label - key that the - selector applies - to. type: string operator: - description: operator - represents a - key's relationship - to a set of - values. Valid - operators are - In, NotIn, Exists - and DoesNotExist. type: string values: - description: values - is an array - of string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or - DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic - merge patch. items: type: string type: array @@ -1947,61 +767,20 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels - map is equivalent - to an element of matchExpressions, - whose key field is - "key", the operator - is "In", and the values - array contains only - "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces - specifies a static list - of namespace names that - the term applies to. The - term is applied to the - union of the namespaces - listed in this field and - the ones selected by namespaceSelector. - null or empty namespaces - list and null namespaceSelector - means "this pod's namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: - description: This pod should - be co-located (affinity) - or not co-located (anti-affinity) - with the pods matching - the labelSelector in the - specified namespaces, - where co-located is defined - as running on a node whose - value of the label with - key topologyKey matches - that of any node on which - any of the selected pods - is running. Empty topologyKey - is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated - with matching the corresponding - podAffinityTerm, in the range - 1-100. format: int32 type: integer required: @@ -2011,81 +790,18 @@ spec: type: array x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements - specified by this field are not - met at scheduling time, the pod - will not be scheduled onto the node. - If the affinity requirements specified - by this field cease to be met at - some point during pod execution - (e.g. due to a pod label update), - the system may or may not try to - eventually evict the pod from its - node. When there are multiple elements, - the lists of nodes corresponding - to each podAffinityTerm are intersected, - i.e. all terms must be satisfied. items: - description: Defines a set of pods - (namely those matching the labelSelector - relative to the given namespace(s)) - that this pod should be co-located - (affinity) or not co-located (anti-affinity) - with, where co-located is defined - as running on a node whose value - of the label with key - matches that of any node on which - a pod of the set of pods is running properties: labelSelector: - description: A label query over - a set of resources, in this - case pods. If it's null, this - PodAffinityTerm matches with - no Pods. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key - and values. properties: key: - description: key is - the label key that - the selector applies - to. type: string operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values - is an array of string - values. If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. This - array is replaced - during a strategic - merge patch. items: type: string type: array @@ -2099,136 +815,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an element - of matchExpressions, whose - key field is "key", the - operator is "In", and - the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys - is a set of pod label keys - to select which pods will - be taken into consideration. - The keys are used to lookup - values from the incoming pod - labels, those key-value labels - are merged with `labelSelector` - as `key in (value)` to select - the group of existing pods - which pods will be taken into - consideration for the incoming - pod's pod (anti) affinity. - Keys that don't exist in the - incoming pod labels will be - ignored. The default value - is empty. The same key is - forbidden to exist in both - matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot - be set when labelSelector - isn't set. This is an alpha - field and requires enabling - MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys - is a set of pod label keys - to select which pods will - be taken into consideration. - The keys are used to lookup - values from the incoming pod - labels, those key-value labels - are merged with `labelSelector` - as `key notin (value)` to - select the group of existing - pods which pods will be taken - into consideration for the - incoming pod's pod (anti) - affinity. Keys that don't - exist in the incoming pod - labels will be ignored. The - default value is empty. The - same key is forbidden to exist - in both mismatchLabelKeys - and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector - isn't set. This is an alpha - field and requires enabling - MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over - the set of namespaces that - the term applies to. The term - is applied to the union of - the namespaces selected by - this field and the ones listed - in the namespaces field. null - selector and null or empty - namespaces list means "this - pod's namespace". An empty - selector ({}) matches all - namespaces. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key - and values. properties: key: - description: key is - the label key that - the selector applies - to. type: string operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values - is an array of string - values. If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. This - array is replaced - during a strategic - merge patch. items: type: string type: array @@ -2242,49 +851,15 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an element - of matchExpressions, whose - key field is "key", the - operator is "In", and - the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies - a static list of namespace - names that the term applies - to. The term is applied to - the union of the namespaces - listed in this field and the - ones selected by namespaceSelector. - null or empty namespaces list - and null namespaceSelector - means "this pod's namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: - description: This pod should - be co-located (affinity) or - not co-located (anti-affinity) - with the pods matching the - labelSelector in the specified - namespaces, where co-located - is defined as running on a - node whose value of the label - with key topologyKey matches - that of any node on which - any of the selected pods is - running. Empty topologyKey - is not allowed. type: string required: - topologyKey @@ -2293,97 +868,22 @@ spec: x-kubernetes-list-type: atomic type: object podAntiAffinity: - description: Describes pod anti-affinity - scheduling rules (e.g. avoid putting - this pod in the same node, zone, etc. - as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer - to schedule pods to nodes that satisfy - the anti-affinity expressions specified - by this field, but it may choose - a node that violates one or more - of the expressions. The node that - is most preferred is the one with - the greatest sum of weights, i.e. - for each node that meets all of - the scheduling requirements (resource - request, requiredDuringScheduling - anti-affinity expressions, etc.), - compute a sum by iterating through - the elements of this field and adding - "weight" to the sum if the node - has pods which matches the corresponding - podAffinityTerm; the node(s) with - the highest sum are the most preferred. items: - description: The weights of all - of the matched WeightedPodAffinityTerm - fields are added per-node to find - the most preferred node(s) properties: podAffinityTerm: - description: Required. A pod - affinity term, associated - with the corresponding weight. properties: labelSelector: - description: A label query - over a set of resources, - in this case pods. If - it's null, this PodAffinityTerm - matches with no Pods. properties: matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements are - ANDed. items: - description: A label - selector requirement - is a selector that - contains values, - a key, and an operator - that relates the - key and values. properties: key: - description: key - is the label - key that the - selector applies - to. type: string operator: - description: operator - represents a - key's relationship - to a set of - values. Valid - operators are - In, NotIn, Exists - and DoesNotExist. type: string values: - description: values - is an array - of string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or - DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic - merge patch. items: type: string type: array @@ -2397,151 +897,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels - map is equivalent - to an element of matchExpressions, - whose key field is - "key", the operator - is "In", and the values - array contains only - "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys - is a set of pod label - keys to select which pods - will be taken into consideration. - The keys are used to lookup - values from the incoming - pod labels, those key-value - labels are merged with - `labelSelector` as `key - in (value)` to select - the group of existing - pods which pods will be - taken into consideration - for the incoming pod's - pod (anti) affinity. Keys - that don't exist in the - incoming pod labels will - be ignored. The default - value is empty. The same - key is forbidden to exist - in both matchLabelKeys - and labelSelector. Also, - matchLabelKeys cannot - be set when labelSelector - isn't set. This is an - alpha field and requires - enabling MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys - is a set of pod label - keys to select which pods - will be taken into consideration. - The keys are used to lookup - values from the incoming - pod labels, those key-value - labels are merged with - `labelSelector` as `key - notin (value)` to select - the group of existing - pods which pods will be - taken into consideration - for the incoming pod's - pod (anti) affinity. Keys - that don't exist in the - incoming pod labels will - be ignored. The default - value is empty. The same - key is forbidden to exist - in both mismatchLabelKeys - and labelSelector. Also, - mismatchLabelKeys cannot - be set when labelSelector - isn't set. This is an - alpha field and requires - enabling MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query - over the set of namespaces - that the term applies - to. The term is applied - to the union of the namespaces - selected by this field - and the ones listed in - the namespaces field. - null selector and null - or empty namespaces list - means "this pod's namespace". - An empty selector ({}) - matches all namespaces. properties: matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements are - ANDed. items: - description: A label - selector requirement - is a selector that - contains values, - a key, and an operator - that relates the - key and values. properties: key: - description: key - is the label - key that the - selector applies - to. type: string operator: - description: operator - represents a - key's relationship - to a set of - values. Valid - operators are - In, NotIn, Exists - and DoesNotExist. type: string values: - description: values - is an array - of string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or - DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic - merge patch. items: type: string type: array @@ -2555,61 +933,20 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels - map is equivalent - to an element of matchExpressions, - whose key field is - "key", the operator - is "In", and the values - array contains only - "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces - specifies a static list - of namespace names that - the term applies to. The - term is applied to the - union of the namespaces - listed in this field and - the ones selected by namespaceSelector. - null or empty namespaces - list and null namespaceSelector - means "this pod's namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: - description: This pod should - be co-located (affinity) - or not co-located (anti-affinity) - with the pods matching - the labelSelector in the - specified namespaces, - where co-located is defined - as running on a node whose - value of the label with - key topologyKey matches - that of any node on which - any of the selected pods - is running. Empty topologyKey - is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated - with matching the corresponding - podAffinityTerm, in the range - 1-100. format: int32 type: integer required: @@ -2619,81 +956,18 @@ spec: type: array x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity - requirements specified by this field - are not met at scheduling time, - the pod will not be scheduled onto - the node. If the anti-affinity requirements - specified by this field cease to - be met at some point during pod - execution (e.g. due to a pod label - update), the system may or may not - try to eventually evict the pod - from its node. When there are multiple - elements, the lists of nodes corresponding - to each podAffinityTerm are intersected, - i.e. all terms must be satisfied. items: - description: Defines a set of pods - (namely those matching the labelSelector - relative to the given namespace(s)) - that this pod should be co-located - (affinity) or not co-located (anti-affinity) - with, where co-located is defined - as running on a node whose value - of the label with key - matches that of any node on which - a pod of the set of pods is running properties: labelSelector: - description: A label query over - a set of resources, in this - case pods. If it's null, this - PodAffinityTerm matches with - no Pods. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key - and values. properties: key: - description: key is - the label key that - the selector applies - to. type: string operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values - is an array of string - values. If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. This - array is replaced - during a strategic - merge patch. items: type: string type: array @@ -2707,136 +981,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an element - of matchExpressions, whose - key field is "key", the - operator is "In", and - the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys - is a set of pod label keys - to select which pods will - be taken into consideration. - The keys are used to lookup - values from the incoming pod - labels, those key-value labels - are merged with `labelSelector` - as `key in (value)` to select - the group of existing pods - which pods will be taken into - consideration for the incoming - pod's pod (anti) affinity. - Keys that don't exist in the - incoming pod labels will be - ignored. The default value - is empty. The same key is - forbidden to exist in both - matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot - be set when labelSelector - isn't set. This is an alpha - field and requires enabling - MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys - is a set of pod label keys - to select which pods will - be taken into consideration. - The keys are used to lookup - values from the incoming pod - labels, those key-value labels - are merged with `labelSelector` - as `key notin (value)` to - select the group of existing - pods which pods will be taken - into consideration for the - incoming pod's pod (anti) - affinity. Keys that don't - exist in the incoming pod - labels will be ignored. The - default value is empty. The - same key is forbidden to exist - in both mismatchLabelKeys - and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector - isn't set. This is an alpha - field and requires enabling - MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over - the set of namespaces that - the term applies to. The term - is applied to the union of - the namespaces selected by - this field and the ones listed - in the namespaces field. null - selector and null or empty - namespaces list means "this - pod's namespace". An empty - selector ({}) matches all - namespaces. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key - and values. properties: key: - description: key is - the label key that - the selector applies - to. type: string operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values - is an array of string - values. If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. This - array is replaced - during a strategic - merge patch. items: type: string type: array @@ -2850,49 +1017,15 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an element - of matchExpressions, whose - key field is "key", the - operator is "In", and - the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies - a static list of namespace - names that the term applies - to. The term is applied to - the union of the namespaces - listed in this field and the - ones selected by namespaceSelector. - null or empty namespaces list - and null namespaceSelector - means "this pod's namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: - description: This pod should - be co-located (affinity) or - not co-located (anti-affinity) - with the pods matching the - labelSelector in the specified - namespaces, where co-located - is defined as running on a - node whose value of the label - with key topologyKey matches - that of any node on which - any of the selected pods is - running. Empty topologyKey - is not allowed. type: string required: - topologyKey @@ -2902,332 +1035,106 @@ spec: type: object type: object automountServiceAccountToken: - description: AutomountServiceAccountToken - indicates whether a service account token - should be automatically mounted. type: boolean enableServiceLinks: - description: 'EnableServiceLinks indicates - whether information about services should - be injected into pod''s environment variables, - matching the syntax of Docker links. Optional: - Defaults to true.' type: boolean imagePullSecrets: - description: 'ImagePullSecrets is an optional - list of references to secrets in the same - namespace to use for pulling any of the - images used by this PodRuntimeSettings. - If specified, these secrets will be passed - to individual puller implementations for - them to use. For example, in the case of - docker, only DockerConfig type secrets are - honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' items: - description: LocalObjectReference contains - enough information to let you locate the - referenced object inside the same namespace. properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value here - are almost certainly wrong. TODO: - Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic type: array nodeName: - description: NodeName is a request to schedule - this pod onto a specific node. If it is - non-empty, the scheduler simply schedules - this pod onto that node, assuming that it - fits resource requirements. type: string nodeSelector: additionalProperties: type: string - description: 'NodeSelector is a selector which - must be true for the pod to fit on a node. - Selector which must match a node''s labels - for the pod to be scheduled on that node. - More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' type: object podAnnotations: additionalProperties: type: string - description: PodAnnotations are the annotations - that will be attached with the respective - Pod type: object podLabels: additionalProperties: type: string - description: PodLabels are the labels that - will be attached with the respective Pod type: object priority: - description: The priority value. Various system - components use this field to find the priority - of the pod. When Priority Admission Controller - is enabled, it prevents users from setting - this field. The admission controller populates - this field from PriorityClassName. The higher - the value, the higher the priority. format: int32 type: integer priorityClassName: - description: If specified, indicates the pod's - priority. "system-node-critical" and "system-cluster-critical" - are two special keywords which indicate - the highest priorities with the former being - the highest priority. Any other name must - be defined by creating a PriorityClass object - with that name. If not specified, the pod - priority will be default or zero if there - is no default. type: string readinessGates: - description: 'If specified, all readiness - gates will be evaluated for pod readiness. - A pod is ready when all its containers are - ready AND all conditions specified in the - readiness gates have status equal to "True" - More info: https://git.k8s.io/enhancements/keps/sig-network/0007-pod-ready%2B%2B.md' items: - description: PodReadinessGate contains the - reference to a pod condition properties: conditionType: - description: ConditionType refers to - a condition in the pod's condition - list with matching type. type: string required: - conditionType type: object type: array runtimeClassName: - description: 'RuntimeClassName refers to a - RuntimeClass object in the node.k8s.io group, - which should be used to run this pod. If - no RuntimeClass resource matches the named - class, the pod will not be run. If unset - or empty, the "legacy" RuntimeClass will - be used, which is an implicit class with - an empty definition that uses the default - runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md - This is an alpha feature and may change - in the future.' type: string schedulerName: - description: If specified, the pod will be - dispatched by specified scheduler. If not - specified, the pod will be dispatched by - default scheduler. type: string securityContext: - description: 'Security options the pod should - run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: appArmorProfile: - description: appArmorProfile is the AppArmor - options to use by the containers in - this pod. Note that this field cannot - be set when spec.os.name is windows. properties: localhostProfile: - description: localhostProfile indicates - a profile loaded on the node that - should be used. The profile must - be preconfigured on the node to - work. Must match the loaded name - of the profile. Must be set if and - only if type is "Localhost". type: string type: - description: 'type indicates which - kind of AppArmor profile will be - applied. Valid options are: Localhost - - a profile pre-loaded on the node. - RuntimeDefault - the container runtime''s - default profile. Unconfined - no - AppArmor enforcement.' type: string required: - type type: object fsGroup: - description: "A special supplemental group - that applies to all containers in a - pod. Some volume types allow the Kubelet - to change the ownership of that volume - to be owned by the pod: \n 1. The owning - GID will be the FSGroup 2. The setgid - bit is set (new files created in the - volume will be owned by FSGroup) 3. - The permission bits are OR'd with rw-rw---- - \n If unset, the Kubelet will not modify - the ownership and permissions of any - volume. Note that this field cannot - be set when spec.os.name is windows." format: int64 type: integer fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines - behavior of changing ownership and permission - of the volume before being exposed inside - Pod. This field will only apply to volume - types which support fsGroup based ownership(and - permissions). It will have no effect - on ephemeral volume types such as: secret, - configmaps and emptydir. Valid values - are "OnRootMismatch" and "Always". If - not specified, "Always" is used. Note - that this field cannot be set when spec.os.name - is windows.' type: string runAsGroup: - description: The GID to run the entrypoint - of the container process. Uses runtime - default if unset. May also be set in - SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified - in SecurityContext takes precedence - for that container. Note that this field - cannot be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: - description: Indicates that the container - must run as a non-root user. If true, - the Kubelet will validate the image - at runtime to ensure that it does not - run as UID 0 (root) and fail to start - the container if it does. If unset or - false, no such validation will be performed. - May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint - of the container process. Defaults to - user specified in image metadata if - unspecified. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence for that container. - Note that this field cannot be set when - spec.os.name is windows. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be - applied to all containers. If unspecified, - the container runtime will allocate - a random SELinux context for each container. May - also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence for that container. - Note that this field cannot be set when - spec.os.name is windows. properties: level: - description: Level is SELinux level - label that applies to the container. type: string role: - description: Role is a SELinux role - label that applies to the container. type: string type: - description: Type is a SELinux type - label that applies to the container. type: string user: - description: User is a SELinux user - label that applies to the container. type: string type: object seccompProfile: - description: The seccomp options to use - by the containers in this pod. Note - that this field cannot be set when spec.os.name - is windows. properties: localhostProfile: - description: localhostProfile indicates - a profile defined in a file on the - node should be used. The profile - must be preconfigured on the node - to work. Must be a descending path, - relative to the kubelet's configured - seccomp profile location. Must be - set if type is "Localhost". Must - NOT be set for any other type. type: string type: - description: "type indicates which - kind of seccomp profile will be - applied. Valid options are: \n Localhost - - a profile defined in a file on - the node should be used. RuntimeDefault - - the container runtime default - profile should be used. Unconfined - - no profile should be applied." type: string required: - type type: object supplementalGroups: - description: A list of groups applied - to the first process run in each container, - in addition to the container's primary - GID, the fsGroup (if specified), and - group memberships defined in the container - image for the uid of the container process. - If unspecified, no additional groups - are added to any container. Note that - group memberships defined in the container - image for the uid of the container process - are still effective, even if they are - not included in this list. Note that - this field cannot be set when spec.os.name - is windows. items: format: int64 type: integer type: array x-kubernetes-list-type: atomic sysctls: - description: Sysctls hold a list of namespaced - sysctls used for the pod. Pods with - unsupported sysctls (by the container - runtime) might fail to launch. Note - that this field cannot be set when spec.os.name - is windows. items: - description: Sysctl defines a kernel - parameter to be set properties: name: - description: Name of a property - to set type: string value: - description: Value of a property - to set type: string required: - name @@ -3236,168 +1143,52 @@ spec: type: array x-kubernetes-list-type: atomic windowsOptions: - description: The Windows specific settings - applied to all containers. If unspecified, - the options within a container's SecurityContext - will be used. If set in both SecurityContext - and PodSecurityContext, the value specified - in SecurityContext takes precedence. - Note that this field cannot be set when - spec.os.name is linux. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is - where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA - credential spec named by the GMSACredentialSpecName - field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName - is the name of the GMSA credential - spec to use. type: string hostProcess: - description: HostProcess determines - if a container should be run as - a 'Host Process' container. All - of a Pod's containers must have - the same effective HostProcess value - (it is not allowed to have a mix - of HostProcess containers and non-HostProcess - containers). In addition, if HostProcess - is true then HostNetwork must also - be set to true. type: boolean runAsUserName: - description: The UserName in Windows - to run the entrypoint of the container - process. Defaults to the user specified - in image metadata if unspecified. - May also be set in PodSecurityContext. - If set in both SecurityContext and - PodSecurityContext, the value specified - in SecurityContext takes precedence. type: string type: object type: object serviceAccountAnnotations: additionalProperties: type: string - description: ServiceAccountAnnotations are - the annotations that will be attached with - the respective ServiceAccount type: object serviceAccountName: - description: 'ServiceAccountName is the name - of the ServiceAccount to use to run this - pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' type: string tolerations: - description: If specified, the pod's tolerations. items: - description: The pod this Toleration is - attached to tolerates any taint that matches - the triple using the - matching operator . properties: effect: - description: Effect indicates the taint - effect to match. Empty means match - all taint effects. When specified, - allowed values are NoSchedule, PreferNoSchedule - and NoExecute. type: string key: - description: Key is the taint key that - the toleration applies to. Empty means - match all taint keys. If the key is - empty, operator must be Exists; this - combination means to match all values - and all keys. type: string operator: - description: Operator represents a key's - relationship to the value. Valid operators - are Exists and Equal. Defaults to - Equal. Exists is equivalent to wildcard - for value, so that a pod can tolerate - all taints of a particular category. type: string tolerationSeconds: - description: TolerationSeconds represents - the period of time the toleration - (which must be of effect NoExecute, - otherwise this field is ignored) tolerates - the taint. By default, it is not set, - which means tolerate the taint forever - (do not evict). Zero and negative - values will be treated as 0 (evict - immediately) by the system. format: int64 type: integer value: - description: Value is the taint value - the toleration matches to. If the - operator is Exists, the value should - be empty, otherwise just a regular - string. type: string type: object type: array topologySpreadConstraints: - description: TopologySpreadConstraints describes - how a group of pods ought to spread across - topology domains. Scheduler will schedule - pods in a way which abides by the constraints. - All topologySpreadConstraints are ANDed. items: - description: TopologySpreadConstraint specifies - how to spread matching pods among the - given topology. properties: labelSelector: - description: LabelSelector is used to - find matching pods. Pods that match - this label selector are counted to - determine the number of pods in their - corresponding topology domain. properties: matchExpressions: - description: matchExpressions is - a list of label selector requirements. - The requirements are ANDed. items: - description: A label selector - requirement is a selector that - contains values, a key, and - an operator that relates the - key and values. properties: key: - description: key is the label - key that the selector applies - to. type: string operator: - description: operator represents - a key's relationship to - a set of values. Valid operators - are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an - array of string values. - If the operator is In or - NotIn, the values array - must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be - empty. This array is replaced - during a strategic merge - patch. items: type: string type: array @@ -3411,183 +1202,27 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map - of {key,value} pairs. A single - {key,value} in the matchLabels - map is equivalent to an element - of matchExpressions, whose key - field is "key", the operator is - "In", and the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: "MatchLabelKeys is a set - of pod label keys to select the pods - over which spreading will be calculated. - The keys are used to lookup values - from the incoming pod labels, those - key-value labels are ANDed with labelSelector - to select the group of existing pods - over which spreading will be calculated - for the incoming pod. The same key - is forbidden to exist in both MatchLabelKeys - and LabelSelector. MatchLabelKeys - cannot be set when LabelSelector isn't - set. Keys that don't exist in the - incoming pod labels will be ignored. - A null or empty list means only match - against labelSelector. \n This is - a beta field and requires the MatchLabelKeysInPodTopologySpread - feature gate to be enabled (enabled - by default)." items: type: string type: array x-kubernetes-list-type: atomic maxSkew: - description: 'MaxSkew describes the - degree to which pods may be unevenly - distributed. When `whenUnsatisfiable=DoNotSchedule`, - it is the maximum permitted difference - between the number of matching pods - in the target topology and the global - minimum. The global minimum is the - minimum number of matching pods in - an eligible domain or zero if the - number of eligible domains is less - than MinDomains. For example, in a - 3-zone cluster, MaxSkew is set to - 1, and pods with the same labelSelector - spread as 2/2/1: In this case, the - global minimum is 1. | zone1 | zone2 - | zone3 | | P P | P P | P | - - if MaxSkew is 1, incoming pod can - only be scheduled to zone3 to become - 2/2/2; scheduling it onto zone1(zone2) - would make the ActualSkew(3-1) on - zone1(zone2) violate MaxSkew(1). - - if MaxSkew is 2, incoming pod can - be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, - it is used to give higher precedence - to topologies that satisfy it. It''s - a required field. Default value is - 1 and 0 is not allowed.' format: int32 type: integer minDomains: - description: "MinDomains indicates a - minimum number of eligible domains. - When the number of eligible domains - with matching topology keys is less - than minDomains, Pod Topology Spread - treats \"global minimum\" as 0, and - then the calculation of Skew is performed. - And when the number of eligible domains - with matching topology keys equals - or greater than minDomains, this value - has no effect on scheduling. As a - result, when the number of eligible - domains is less than minDomains, scheduler - won't schedule more than maxSkew Pods - to those domains. If value is nil, - the constraint behaves as if MinDomains - is equal to 1. Valid values are integers - greater than 0. When value is not - nil, WhenUnsatisfiable must be DoNotSchedule. - \n For example, in a 3-zone cluster, - MaxSkew is set to 2, MinDomains is - set to 5 and pods with the same labelSelector - spread as 2/2/2: | zone1 | zone2 | - zone3 | | P P | P P | P P | - The number of domains is less than - 5(MinDomains), so \"global minimum\" - is treated as 0. In this situation, - new pod with the same labelSelector - cannot be scheduled, because computed - skew will be 3(3 - 0) if new Pod is - scheduled to any of the three zones, - it will violate MaxSkew." format: int32 type: integer nodeAffinityPolicy: - description: "NodeAffinityPolicy indicates - how we will treat Pod's nodeAffinity/nodeSelector - when calculating pod topology spread - skew. Options are: - Honor: only nodes - matching nodeAffinity/nodeSelector - are included in the calculations. - - Ignore: nodeAffinity/nodeSelector - are ignored. All nodes are included - in the calculations. \n If this value - is nil, the behavior is equivalent - to the Honor policy. This is a beta-level - feature default enabled by the NodeInclusionPolicyInPodTopologySpread - feature flag." type: string nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates - how we will treat node taints when - calculating pod topology spread skew. - Options are: - Honor: nodes without - taints, along with tainted nodes for - which the incoming pod has a toleration, - are included. - Ignore: node taints - are ignored. All nodes are included. - \n If this value is nil, the behavior - is equivalent to the Ignore policy. - This is a beta-level feature default - enabled by the NodeInclusionPolicyInPodTopologySpread - feature flag." type: string topologyKey: - description: TopologyKey is the key - of node labels. Nodes that have a - label with this key and identical - values are considered to be in the - same topology. We consider each as a "bucket", and try to put - balanced number of pods into each - bucket. We define a domain as a particular - instance of a topology. Also, we define - an eligible domain as a domain whose - nodes meet the requirements of nodeAffinityPolicy - and nodeTaintsPolicy. e.g. If TopologyKey - is "kubernetes.io/hostname", each - Node is a domain of that topology. - And, if TopologyKey is "topology.kubernetes.io/zone", - each zone is a domain of that topology. - It's a required field. type: string whenUnsatisfiable: - description: 'WhenUnsatisfiable indicates - how to deal with a pod if it doesn''t - satisfy the spread constraint. - DoNotSchedule - (default) tells the scheduler not - to schedule it. - ScheduleAnyway tells - the scheduler to schedule the pod - in any location, but giving higher - precedence to topologies that would - help reduce the skew. A constraint - is considered "Unsatisfiable" for - an incoming pod if and only if every - possible node assignment for that - pod would violate "MaxSkew" on some - topology. For example, in a 3-zone - cluster, MaxSkew is set to 1, and - pods with the same labelSelector spread - as 3/1/1: | zone1 | zone2 | zone3 - | | P P P | P | P | If WhenUnsatisfiable - is set to DoNotSchedule, incoming - pod can only be scheduled to zone2(zone3) - to become 3/2/1(3/1/2) as ActualSkew(2-1) - on zone2(zone3) satisfies MaxSkew(1). - In other words, the cluster can still - be imbalanced, but scheduler won''t - make it *more* imbalanced. It''s a - required field.' type: string required: - maxSkew @@ -3602,143 +1237,63 @@ spec: type: object type: object timeout: - description: Timeout specifies a duration in seconds - that KubeStash should wait for the hook execution - to be completed. If the hook execution does not - finish within this time period, KubeStash will consider - this hook execution as failure. Then, it will be - re-tried according to MaxRetry policy. type: string variables: - description: Variables specifies a list of variables - and their sources that will be used to resolve the - HookTemplate. items: - description: EnvVar represents an environment variable - present in a Container. properties: name: - description: Name of the environment variable. - Must be a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) - are expanded using the previously defined - environment variables in the container and - any service environment variables. If a variable - cannot be resolved, the reference in the input - string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the - $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, - regardless of whether the variable exists - or not. Defaults to "".' type: string valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. properties: configMapKeyRef: - description: Selects a key of a ConfigMap. properties: key: - description: The key to select. type: string name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value here - are almost certainly wrong. TODO: - Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the ConfigMap - or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of the pod: - supports metadata.name, metadata.namespace, - `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, status.podIPs.' properties: apiVersion: - description: Version of the schema the - FieldPath is written in terms of, - defaults to "v1". type: string fieldPath: - description: Path of the field to select - in the specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource of the - container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, - requests.cpu, requests.memory and requests.ephemeral-storage) - are currently supported.' properties: containerName: - description: 'Container name: required - for volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output format - of the exposed resources, defaults - to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to - select' type: string required: - resource type: object x-kubernetes-map-type: atomic secretKeyRef: - description: Selects a key of a secret in - the pod's namespace properties: key: - description: The key of the secret to - select from. Must be a valid secret - key. type: string name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value here - are almost certainly wrong. TODO: - Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the Secret - or its key must be defined type: boolean required: - key @@ -3750,69 +1305,21 @@ spec: type: object type: array volumeMounts: - description: VolumeMounts specifies the mount for - the volumes specified in `Volumes` section Use this - field only for `Function` type hook executor. items: - description: VolumeMount describes a mounting of - a Volume within a container. properties: mountPath: - description: Path within the container at which - the volume should be mounted. Must not contain - ':'. type: string mountPropagation: - description: mountPropagation determines how - mounts are propagated from the host to container - and the other way around. When not set, MountPropagationNone - is used. This field is beta in 1.10. When - RecursiveReadOnly is set to IfPossible or - to Enabled, MountPropagation must be None - or unspecified (which defaults to None). type: string name: - description: This must match the Name of a Volume. type: string readOnly: - description: Mounted read-only if true, read-write - otherwise (false or unspecified). Defaults - to false. type: boolean recursiveReadOnly: - description: "RecursiveReadOnly specifies whether - read-only mounts should be handled recursively. - \n If ReadOnly is false, this field has no - meaning and must be unspecified. \n If ReadOnly - is true, and this field is set to Disabled, - the mount is not made recursively read-only. - \ If this field is set to IfPossible, the - mount is made recursively read-only, if it - is supported by the container runtime. If - this field is set to Enabled, the mount is - made recursively read-only if it is supported - by the container runtime, otherwise the pod - will not be started and an error will be generated - to indicate the reason. \n If this field is - set to IfPossible or Enabled, MountPropagation - must be set to None (or be unspecified, which - defaults to None). \n If this field is not - specified, it is treated as an equivalent - of Disabled." type: string subPath: - description: Path within the volume from which - the container's volume should be mounted. - Defaults to "" (volume's root). type: string subPathExpr: - description: Expanded path within the volume - from which the container's volume should be - mounted. Behaves similarly to SubPath but - environment variable references $(VAR_NAME) - are expanded using the container's environment. - Defaults to "" (volume's root). SubPathExpr - and SubPath are mutually exclusive. type: string required: - mountPath @@ -3820,284 +1327,109 @@ spec: type: object type: array volumes: - description: Volumes indicates the list of volumes - of targeted application that should be mounted on - the hook executor. Use this field only for `Function` - type hook executor. items: - description: Volume represents a named volume in - a pod that may be accessed by any container in - the pod. properties: awsElasticBlockStore: - description: 'awsElasticBlockStore represents - an AWS Disk resource that is attached to a - kubelet''s host machine and then exposed to - the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' properties: fsType: - description: 'fsType is the filesystem type - of the volume that you want to mount. - Tip: Ensure that the filesystem type is - supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the - filesystem from compromising the machine' type: string partition: - description: 'partition is the partition - in the volume that you want to mount. - If omitted, the default is to mount by - volume name. Examples: For volume /dev/sda1, - you specify the partition as "1". Similarly, - the volume partition for /dev/sda is "0" - (or you can leave the property empty).' format: int32 type: integer readOnly: - description: 'readOnly value true will force - the readOnly setting in VolumeMounts. - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: boolean volumeID: - description: 'volumeID is unique ID of the - persistent disk resource in AWS (Amazon - EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: string required: - volumeID type: object azureDisk: - description: azureDisk represents an Azure Data - Disk mount on the host and bind mount to the - pod. properties: cachingMode: - description: 'cachingMode is the Host Caching - mode: None, Read Only, Read Write.' type: string diskName: - description: diskName is the Name of the - data disk in the blob storage type: string diskURI: - description: diskURI is the URI of data - disk in the blob storage type: string fsType: - description: fsType is Filesystem type to - mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to - be "ext4" if unspecified. type: string kind: - description: 'kind expected values are Shared: - multiple blob disks per storage account Dedicated: - single blob disk per storage account Managed: - azure managed data disk (only in managed - availability set). defaults to shared' type: string readOnly: - description: readOnly Defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. type: boolean required: - diskName - diskURI type: object azureFile: - description: azureFile represents an Azure File - Service mount on the host and bind mount to - the pod. properties: readOnly: - description: readOnly defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. type: boolean secretName: - description: secretName is the name of - secret that contains Azure Storage Account - Name and Key type: string shareName: - description: shareName is the azure share - Name type: string required: - secretName - shareName type: object cephfs: - description: cephFS represents a Ceph FS mount - on the host that shares a pod's lifetime properties: monitors: - description: 'monitors is Required: Monitors - is a collection of Ceph monitors More - info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' items: type: string type: array x-kubernetes-list-type: atomic path: - description: 'path is Optional: Used as - the mounted root, rather than the full - Ceph tree, default is /' type: string readOnly: - description: 'readOnly is Optional: Defaults - to false (read/write). ReadOnly here will - force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: boolean secretFile: - description: 'secretFile is Optional: SecretFile - is the path to key ring for User, default - is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string secretRef: - description: 'secretRef is Optional: SecretRef - is reference to the authentication secret - for User, default is empty. More info: - https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value here - are almost certainly wrong. TODO: - Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is optional: User is - the rados user name, default is admin - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string required: - monitors type: object cinder: - description: 'cinder represents a cinder volume - attached and mounted on kubelets host machine. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' properties: fsType: - description: 'fsType is the filesystem type - to mount. Must be a filesystem type supported - by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred - to be "ext4" if unspecified. More info: - https://examples.k8s.io/mysql-cinder-pd/README.md' type: string readOnly: - description: 'readOnly defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: boolean secretRef: - description: 'secretRef is optional: points - to a secret object containing parameters - used to connect to OpenStack.' properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value here - are almost certainly wrong. TODO: - Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic volumeID: - description: 'volumeID used to identify - the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string required: - volumeID type: object configMap: - description: configMap represents a configMap - that should populate this volume properties: defaultMode: - description: 'defaultMode is optional: mode - bits used to set permissions on created - files by default. Must be an octal value - between 0000 and 0777 or a decimal value - between 0 and 511. YAML accepts both octal - and decimal values, JSON requires decimal - values for mode bits. Defaults to 0644. - Directories within the path are not affected - by this setting. This might be in conflict - with other options that affect the file - mode, like fsGroup, and the result can - be other mode bits set.' format: int32 type: integer items: - description: items if unspecified, each - key-value pair in the Data field of the - referenced ConfigMap will be projected - into the volume as a file whose name is - the key and content is the value. If specified, - the listed keys will be projected into - the specified paths, and unlisted keys - will not be present. If a key is specified - which is not present in the ConfigMap, - the volume setup will error unless it - is marked optional. Paths must be relative - and may not contain the '..' path or start - with '..'. items: - description: Maps a string key to a path - within a volume. properties: key: - description: key is the key to project. type: string mode: - description: 'mode is Optional: mode - bits used to set permissions on - this file. Must be an octal value - between 0000 and 0777 or a decimal - value between 0 and 511. YAML accepts - both octal and decimal values, JSON - requires decimal values for mode - bits. If not specified, the volume - defaultMode will be used. This might - be in conflict with other options - that affect the file mode, like - fsGroup, and the result can be other - mode bits set.' format: int32 type: integer path: - description: path is the relative - path of the file to map the key - to. May not be an absolute path. - May not contain the path element - '..'. May not start with the string - '..'. type: string required: - key @@ -4107,181 +1439,67 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of the referent. This - field is effectively required, but due - to backwards compatibility is allowed - to be empty. Instances of this type with - an empty value here are almost certainly - wrong. TODO: Add other useful fields. - apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional specify whether the - ConfigMap or its keys must be defined type: boolean type: object x-kubernetes-map-type: atomic csi: - description: csi (Container Storage Interface) - represents ephemeral storage that is handled - by certain external CSI drivers (Beta feature). properties: driver: - description: driver is the name of the CSI - driver that handles this volume. Consult - with your admin for the correct name as - registered in the cluster. type: string fsType: - description: fsType to mount. Ex. "ext4", - "xfs", "ntfs". If not provided, the empty - value is passed to the associated CSI - driver which will determine the default - filesystem to apply. type: string nodePublishSecretRef: - description: nodePublishSecretRef is a reference - to the secret object containing sensitive - information to pass to the CSI driver - to complete the CSI NodePublishVolume - and NodeUnpublishVolume calls. This field - is optional, and may be empty if no secret - is required. If the secret object contains - more than one secret, all secret references - are passed. properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value here - are almost certainly wrong. TODO: - Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic readOnly: - description: readOnly specifies a read-only - configuration for the volume. Defaults - to false (read/write). type: boolean volumeAttributes: additionalProperties: type: string - description: volumeAttributes stores driver-specific - properties that are passed to the CSI - driver. Consult your driver's documentation - for supported values. type: object required: - driver type: object downwardAPI: - description: downwardAPI represents downward - API about the pod that should populate this - volume properties: defaultMode: - description: 'Optional: mode bits to use - on created files by default. Must be a - Optional: mode bits used to set permissions - on created files by default. Must be an - octal value between 0000 and 0777 or a - decimal value between 0 and 511. YAML - accepts both octal and decimal values, - JSON requires decimal values for mode - bits. Defaults to 0644. Directories within - the path are not affected by this setting. - This might be in conflict with other options - that affect the file mode, like fsGroup, - and the result can be other mode bits - set.' format: int32 type: integer items: - description: Items is a list of downward - API volume file items: - description: DownwardAPIVolumeFile represents - information to create the file containing - the pod field properties: fieldRef: - description: 'Required: Selects a - field of the pod: only annotations, - labels, name, namespace and uid - are supported.' properties: apiVersion: - description: Version of the schema - the FieldPath is written in - terms of, defaults to "v1". type: string fieldPath: - description: Path of the field - to select in the specified API - version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: mode bits - used to set permissions on this - file, must be an octal value between - 0000 and 0777 or a decimal value - between 0 and 511. YAML accepts - both octal and decimal values, JSON - requires decimal values for mode - bits. If not specified, the volume - defaultMode will be used. This might - be in conflict with other options - that affect the file mode, like - fsGroup, and the result can be other - mode bits set.' format: int32 type: integer path: - description: 'Required: Path is the - relative path name of the file to - be created. Must not be absolute - or contain the ''..'' path. Must - be utf-8 encoded. The first item - of the relative path must not start - with ''..''' type: string resourceFieldRef: - description: 'Selects a resource of - the container: only resources limits - and requests (limits.cpu, limits.memory, - requests.cpu and requests.memory) - are currently supported.' properties: containerName: - description: 'Container name: - required for volumes, optional - for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output - format of the exposed resources, - defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource - to select' type: string required: - resource @@ -4294,229 +1512,50 @@ spec: x-kubernetes-list-type: atomic type: object emptyDir: - description: 'emptyDir represents a temporary - directory that shares a pod''s lifetime. More - info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' properties: medium: - description: 'medium represents what type - of storage medium should back this directory. - The default is "" which means to use the - node''s default medium. Must be an empty - string (default) or Memory. More info: - https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: anyOf: - type: integer - type: string - description: 'sizeLimit is the total amount - of local storage required for this EmptyDir - volume. The size limit is also applicable - for memory medium. The maximum usage on - memory medium EmptyDir would be the minimum - value between the SizeLimit specified - here and the sum of memory limits of all - containers in a pod. The default is nil - which means that the limit is undefined. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object ephemeral: - description: "ephemeral represents a volume - that is handled by a cluster storage driver. - The volume's lifecycle is tied to the pod - that defines it - it will be created before - the pod starts, and deleted when the pod is - removed. \n Use this if: a) the volume is - only needed while the pod runs, b) features - of normal volumes like restoring from snapshot - or capacity tracking are needed, c) the storage - driver is specified through a storage class, - and d) the storage driver supports dynamic - volume provisioning through a PersistentVolumeClaim - (see EphemeralVolumeSource for more information - on the connection between this volume type - and PersistentVolumeClaim). \n Use PersistentVolumeClaim - or one of the vendor-specific APIs for volumes - that persist for longer than the lifecycle - of an individual pod. \n Use CSI for light-weight - local ephemeral volumes if the CSI driver - is meant to be used that way - see the documentation - of the driver for more information. \n A pod - can use both types of ephemeral volumes and - persistent volumes at the same time." properties: volumeClaimTemplate: - description: "Will be used to create a stand-alone - PVC to provision the volume. The pod in - which this EphemeralVolumeSource is embedded - will be the owner of the PVC, i.e. the - PVC will be deleted together with the - pod. The name of the PVC will be `-` where `` - is the name from the `PodSpec.Volumes` - array entry. Pod validation will reject - the pod if the concatenated name is not - valid for a PVC (for example, too long). - \n An existing PVC with that name that - is not owned by the pod will *not* be - used for the pod to avoid using an unrelated - volume by mistake. Starting the pod is - then blocked until the unrelated PVC is - removed. If such a pre-created PVC is - meant to be used by the pod, the PVC has - to updated with an owner reference to - the pod once the pod exists. Normally - this should not be necessary, but it may - be useful when manually reconstructing - a broken cluster. \n This field is read-only - and no changes will be made by Kubernetes - to the PVC after it has been created. - \n Required, must not be nil." properties: metadata: - description: May contain labels and - annotations that will be copied into - the PVC when creating it. No other - fields are allowed and will be rejected - during validation. properties: annotations: additionalProperties: type: string - description: 'Annotations is an - unstructured key value map stored - with a resource that may be set - by external tools to store and - retrieve arbitrary metadata. They - are not queryable and should be - preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations' type: object generateName: - description: "GenerateName is an - optional prefix, used by the server, - to generate a unique name ONLY - IF the Name field has not been - provided. If this field is used, - the name returned to the client - will be different than the name - passed. This value will also be - combined with a unique suffix. - The provided value has the same - validation rules as the Name field, - and may be truncated by the length - of the suffix required to make - the value unique on the server. - \n If this field is specified - and the generated name exists, - the server will NOT return a 409 - - instead, it will either return - 201 Created or 500 with Reason - ServerTimeout indicating a unique - name could not be found in the - time allotted, and the client - should retry (optionally after - the time indicated in the Retry-After - header). \n Applied only if Name - is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" type: string labels: additionalProperties: type: string - description: 'Map of string keys - and values that can be used to - organize and categorize (scope - and select) objects. May match - selectors of replication controllers - and services. More info: http://kubernetes.io/docs/user-guide/labels' type: object name: - description: 'Name must be unique - within a namespace. Is required - when creating resources, although - some resources may allow a client - to request the generation of an - appropriate name automatically. - Name is primarily intended for - creation idempotence and configuration - definition. Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' type: string namespace: - description: "Namespace defines - the space within each name must - be unique. An empty namespace - is equivalent to the \"default\" - namespace, but \"default\" is - the canonical representation. - Not all objects are required to - be scoped to a namespace - the - value of this field for those - objects will be empty. \n Must - be a DNS_LABEL. Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/namespaces" type: string ownerReferences: - description: List of objects depended - by this object. If ALL objects - in the list have been deleted, - this object will be garbage collected. - If this object is managed by a - controller, then an entry in this - list will point to this controller, - with the controller field set - to true. There cannot be more - than one managing controller. items: - description: OwnerReference contains - enough information to let you - identify an owning object. An - owning object must be in the - same namespace as the dependent, - or be cluster-scoped, so there - is no namespace field. properties: apiVersion: - description: API version of - the referent. type: string blockOwnerDeletion: - description: If true, AND - if the owner has the "foregroundDeletion" - finalizer, then the owner - cannot be deleted from the - key-value store until this - reference is removed. See - https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion - for how the garbage collector - interacts with this field - and enforces the foreground - deletion. Defaults to false. - To set this field, a user - needs "delete" permission - of the owner, otherwise - 422 (Unprocessable Entity) - will be returned. type: boolean controller: - description: If true, this - reference points to the - managing controller. type: boolean kind: - description: 'Kind of the - referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: - description: 'UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -4528,57 +1567,19 @@ spec: type: array type: object spec: - description: The specification for the - PersistentVolumeClaim. The entire - content is copied unchanged into the - PVC that gets created from this template. - The same fields as in a PersistentVolumeClaim - are also valid here. properties: accessModes: - description: 'accessModes contains - the desired access modes the volume - should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array x-kubernetes-list-type: atomic dataSource: - description: 'dataSource field can - be used to specify either: * An - existing VolumeSnapshot object - (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an external - controller can support the specified - data source, it will create a - new volume based on the contents - of the specified data source. - When the AnyVolumeDataSource feature - gate is enabled, dataSource contents - will be copied to dataSourceRef, - and dataSourceRef contents will - be copied to dataSource when dataSourceRef.namespace - is not specified. If the namespace - is specified, then dataSourceRef - will not be copied to dataSource.' properties: apiGroup: - description: APIGroup is the - group for the resource being - referenced. If APIGroup is - not specified, the specified - Kind must be in the core API - group. For any other third-party - types, APIGroup is required. type: string kind: - description: Kind is the type - of resource being referenced type: string name: - description: Name is the name - of resource being referenced type: string required: - kind @@ -4586,98 +1587,20 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef specifies - the object from which to populate - the volume with data, if a non-empty - volume is desired. This may be - any object from a non-empty API - group (non core object) or a PersistentVolumeClaim - object. When this field is specified, - volume binding will only succeed - if the type of the specified object - matches some installed volume - populator or dynamic provisioner. - This field will replace the functionality - of the dataSource field and as - such if both fields are non-empty, - they must have the same value. - For backwards compatibility, when - namespace isn''t specified in - dataSourceRef, both fields (dataSource - and dataSourceRef) will be set - to the same value automatically - if one of them is empty and the - other is non-empty. When namespace - is specified in dataSourceRef, - dataSource isn''t set to the same - value and must be empty. There - are three important differences - between dataSource and dataSourceRef: - * While dataSource only allows - two specific types of objects, - dataSourceRef allows any non-core - object, as well as PersistentVolumeClaim - objects. * While dataSource ignores - disallowed values (dropping them), - dataSourceRef preserves all values, - and generates an error if a disallowed - value is specified. * While dataSource - only allows local objects, dataSourceRef - allows objects in any namespaces. - (Beta) Using this field requires - the AnyVolumeDataSource feature - gate to be enabled. (Alpha) Using - the namespace field of dataSourceRef - requires the CrossNamespaceVolumeDataSource - feature gate to be enabled.' properties: apiGroup: - description: APIGroup is the - group for the resource being - referenced. If APIGroup is - not specified, the specified - Kind must be in the core API - group. For any other third-party - types, APIGroup is required. type: string kind: - description: Kind is the type - of resource being referenced type: string name: - description: Name is the name - of resource being referenced type: string namespace: - description: Namespace is the - namespace of resource being - referenced Note that when - a namespace is specified, - a gateway.networking.k8s.io/ReferenceGrant - object is required in the - referent namespace to allow - that namespace's owner to - accept the reference. See - the ReferenceGrant documentation - for details. (Alpha) This - field requires the CrossNamespaceVolumeDataSource - feature gate to be enabled. type: string required: - kind - name type: object resources: - description: 'resources represents - the minimum resources the volume - should have. If RecoverVolumeExpansionFailure - feature is enabled users are allowed - to specify resource requirements - that are lower than previous value - but must still be higher than - capacity recorded in the status - field of the claim. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: @@ -4686,10 +1609,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes - the maximum amount of compute - resources allowed. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -4698,59 +1617,18 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes - the minimum amount of compute - resources required. If Requests - is omitted for a container, - it defaults to Limits if that - is explicitly specified, otherwise - to an implementation-defined - value. Requests cannot exceed - Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: - description: selector is a label - query over volumes to consider - for binding. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, a - key, and an operator that - relates the key and values. properties: key: - description: key is the - label key that the selector - applies to. type: string operator: - description: operator - represents a key's relationship - to a set of values. - Valid operators are - In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is - an array of string values. - If the operator is In - or NotIn, the values - array must be non-empty. - If the operator is Exists - or DoesNotExist, the - values array must be - empty. This array is - replaced during a strategic - merge patch. items: type: string type: array @@ -4764,64 +1642,16 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in the - matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName is - the name of the StorageClass required - by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeAttributesClassName: - description: 'volumeAttributesClassName - may be used to set the VolumeAttributesClass - used by this claim. If specified, - the CSI driver will create or - update the volume with the attributes - defined in the corresponding VolumeAttributesClass. - This has a different purpose than - storageClassName, it can be changed - after the claim is created. An - empty string value means that - no VolumeAttributesClass will - be applied to the claim but it''s - not allowed to reset this field - to empty string once it is set. - If unspecified and the PersistentVolumeClaim - is unbound, the default VolumeAttributesClass - will be set by the persistentvolume - controller if it exists. If the - resource referred to by volumeAttributesClass - does not exist, this PersistentVolumeClaim - will be set to a Pending state, - as reflected by the modifyVolumeStatus - field, until such as a resource - exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires - the VolumeAttributesClass feature - gate to be enabled.' type: string volumeMode: - description: volumeMode defines - what type of volume is required - by the claim. Value of Filesystem - is implied when not included in - claim spec. type: string volumeName: - description: volumeName is the binding - reference to the PersistentVolume - backing this claim. type: string type: object required: @@ -4829,94 +1659,41 @@ spec: type: object type: object fc: - description: fc represents a Fibre Channel resource - that is attached to a kubelet's host machine - and then exposed to the pod. properties: fsType: - description: 'fsType is the filesystem type - to mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to - be "ext4" if unspecified. TODO: how do - we prevent errors in the filesystem from - compromising the machine' type: string lun: - description: 'lun is Optional: FC target - lun number' format: int32 type: integer readOnly: - description: 'readOnly is Optional: Defaults - to false (read/write). ReadOnly here will - force the ReadOnly setting in VolumeMounts.' type: boolean targetWWNs: - description: 'targetWWNs is Optional: FC - target worldwide names (WWNs)' items: type: string type: array x-kubernetes-list-type: atomic wwids: - description: 'wwids Optional: FC volume - world wide identifiers (wwids) Either - wwids or combination of targetWWNs and - lun must be set, but not both simultaneously.' items: type: string type: array x-kubernetes-list-type: atomic type: object flexVolume: - description: flexVolume represents a generic - volume resource that is provisioned/attached - using an exec based plugin. properties: driver: - description: driver is the name of the driver - to use for this volume. type: string fsType: - description: fsType is the filesystem type - to mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". The default filesystem - depends on FlexVolume script. type: string options: additionalProperties: type: string - description: 'options is Optional: this - field holds extra command options if any.' type: object readOnly: - description: 'readOnly is Optional: defaults - to false (read/write). ReadOnly here will - force the ReadOnly setting in VolumeMounts.' type: boolean secretRef: - description: 'secretRef is Optional: secretRef - is reference to the secret object containing - sensitive information to pass to the plugin - scripts. This may be empty if no secret - object is specified. If the secret object - contains more than one secret, all secrets - are passed to the plugin scripts.' properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value here - are almost certainly wrong. TODO: - Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic @@ -4924,197 +1701,79 @@ spec: - driver type: object flocker: - description: flocker represents a Flocker volume - attached to a kubelet's host machine. This - depends on the Flocker control service being - running properties: datasetName: - description: datasetName is Name of the - dataset stored as metadata -> name on - the dataset for Flocker should be considered - as deprecated type: string datasetUUID: - description: datasetUUID is the UUID of - the dataset. This is unique identifier - of a Flocker dataset type: string type: object gcePersistentDisk: - description: 'gcePersistentDisk represents a - GCE Disk resource that is attached to a kubelet''s - host machine and then exposed to the pod. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' properties: fsType: - description: 'fsType is filesystem type - of the volume that you want to mount. - Tip: Ensure that the filesystem type is - supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the - filesystem from compromising the machine' type: string partition: - description: 'partition is the partition - in the volume that you want to mount. - If omitted, the default is to mount by - volume name. Examples: For volume /dev/sda1, - you specify the partition as "1". Similarly, - the volume partition for /dev/sda is "0" - (or you can leave the property empty). - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' format: int32 type: integer pdName: - description: 'pdName is unique name of the - PD resource in GCE. Used to identify the - disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: string readOnly: - description: 'readOnly here will force the - ReadOnly setting in VolumeMounts. Defaults - to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: boolean required: - pdName type: object glusterfs: - description: 'glusterfs represents a Glusterfs - mount on the host that shares a pod''s lifetime. - More info: https://examples.k8s.io/volumes/glusterfs/README.md' properties: endpoints: - description: 'endpoints is the endpoint - name that details Glusterfs topology. - More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string path: - description: 'path is the Glusterfs volume - path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string readOnly: - description: 'readOnly here will force the - Glusterfs volume to be mounted with read-only - permissions. Defaults to false. More info: - https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: boolean required: - endpoints - path type: object hostPath: - description: 'hostPath represents a pre-existing - file or directory on the host machine that - is directly exposed to the container. This - is generally used for system agents or other - privileged things that are allowed to see - the host machine. Most containers will NOT - need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict who - can use host directory mounts and who can/can - not mount host directories as read/write.' properties: path: - description: 'path of the directory on the - host. If the path is a symlink, it will - follow the link to the real path. More - info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string type: - description: 'type for HostPath Volume Defaults - to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string required: - path type: object iscsi: - description: 'iscsi represents an ISCSI Disk - resource that is attached to a kubelet''s - host machine and then exposed to the pod. - More info: https://examples.k8s.io/volumes/iscsi/README.md' properties: chapAuthDiscovery: - description: chapAuthDiscovery defines whether - support iSCSI Discovery CHAP authentication type: boolean chapAuthSession: - description: chapAuthSession defines whether - support iSCSI Session CHAP authentication type: boolean fsType: - description: 'fsType is the filesystem type - of the volume that you want to mount. - Tip: Ensure that the filesystem type is - supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the - filesystem from compromising the machine' type: string initiatorName: - description: initiatorName is the custom - iSCSI Initiator Name. If initiatorName - is specified with iscsiInterface simultaneously, - new iSCSI interface : will be created for the connection. type: string iqn: - description: iqn is the target iSCSI Qualified - Name. type: string iscsiInterface: - description: iscsiInterface is the interface - Name that uses an iSCSI transport. Defaults - to 'default' (tcp). type: string lun: - description: lun represents iSCSI Target - Lun number. format: int32 type: integer portals: - description: portals is the iSCSI Target - Portal List. The portal is either an IP - or ip_addr:port if the port is other than - default (typically TCP ports 860 and 3260). items: type: string type: array x-kubernetes-list-type: atomic readOnly: - description: readOnly here will force the - ReadOnly setting in VolumeMounts. Defaults - to false. type: boolean secretRef: - description: secretRef is the CHAP Secret - for iSCSI target and initiator authentication properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value here - are almost certainly wrong. TODO: - Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic targetPortal: - description: targetPortal is iSCSI Target - Portal. The Portal is either an IP or - ip_addr:port if the port is other than - default (typically TCP ports 860 and 3260). type: string required: - iqn @@ -5122,194 +1781,68 @@ spec: - targetPortal type: object name: - description: 'name of the volume. Must be a - DNS_LABEL and unique within the pod. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string nfs: - description: 'nfs represents an NFS mount on - the host that shares a pod''s lifetime More - info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' properties: path: - description: 'path that is exported by the - NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string readOnly: - description: 'readOnly here will force the - NFS export to be mounted with read-only - permissions. Defaults to false. More info: - https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: boolean server: - description: 'server is the hostname or - IP address of the NFS server. More info: - https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string required: - path - server type: object persistentVolumeClaim: - description: 'persistentVolumeClaimVolumeSource - represents a reference to a PersistentVolumeClaim - in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: claimName: - description: 'claimName is the name of a - PersistentVolumeClaim in the same namespace - as the pod using this volume. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' type: string readOnly: - description: readOnly Will force the ReadOnly - setting in VolumeMounts. Default false. type: boolean required: - claimName type: object photonPersistentDisk: - description: photonPersistentDisk represents - a PhotonController persistent disk attached - and mounted on kubelets host machine properties: fsType: - description: fsType is the filesystem type - to mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to - be "ext4" if unspecified. type: string pdID: - description: pdID is the ID that identifies - Photon Controller persistent disk type: string required: - pdID type: object portworxVolume: - description: portworxVolume represents a portworx - volume attached and mounted on kubelets host - machine properties: fsType: - description: fSType represents the filesystem - type to mount Must be a filesystem type - supported by the host operating system. - Ex. "ext4", "xfs". Implicitly inferred - to be "ext4" if unspecified. type: string readOnly: - description: readOnly defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. type: boolean volumeID: - description: volumeID uniquely identifies - a Portworx volume type: string required: - volumeID type: object projected: - description: projected items for all in one - resources secrets, configmaps, and downward - API properties: defaultMode: - description: defaultMode are the mode bits - used to set permissions on created files - by default. Must be an octal value between - 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and - decimal values, JSON requires decimal - values for mode bits. Directories within - the path are not affected by this setting. - This might be in conflict with other options - that affect the file mode, like fsGroup, - and the result can be other mode bits - set. format: int32 type: integer sources: - description: sources is the list of volume - projections items: - description: Projection that may be projected - along with other supported volume types properties: clusterTrustBundle: - description: "ClusterTrustBundle allows - a pod to access the `.spec.trustBundle` - field of ClusterTrustBundle objects - in an auto-updating file. \n Alpha, - gated by the ClusterTrustBundleProjection - feature gate. \n ClusterTrustBundle - objects can either be selected by - name, or by the combination of signer - name and a label selector. \n Kubelet - performs aggressive normalization - of the PEM contents written into - the pod filesystem. Esoteric PEM - features such as inter-block comments - and block headers are stripped. - \ Certificates are deduplicated. - The ordering of certificates within - the file is arbitrary, and Kubelet - may change the order over time." properties: labelSelector: - description: Select all ClusterTrustBundles - that match this label selector. Only - has effect if signerName is - set. Mutually-exclusive with - name. If unset, interpreted - as "match nothing". If set - but empty, interpreted as "match - everything". properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key and - values. properties: key: - description: key is - the label key that - the selector applies - to. type: string operator: - description: operator - represents a key's - relationship to a - set of values. Valid - operators are In, - NotIn, Exists and - DoesNotExist. type: string values: - description: values - is an array of string - values. If the operator - is In or NotIn, the - values array must - be non-empty. If the - operator is Exists - or DoesNotExist, the - values array must - be empty. This array - is replaced during - a strategic merge - patch. items: type: string type: array @@ -5323,110 +1856,31 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in - the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic name: - description: Select a single ClusterTrustBundle - by object name. Mutually-exclusive - with signerName and labelSelector. type: string optional: - description: If true, don't block - pod startup if the referenced - ClusterTrustBundle(s) aren't - available. If using name, then - the named ClusterTrustBundle - is allowed not to exist. If - using signerName, then the combination - of signerName and labelSelector - is allowed to match zero ClusterTrustBundles. type: boolean path: - description: Relative path from - the volume root to write the - bundle. type: string signerName: - description: Select all ClusterTrustBundles - that match this signer name. - Mutually-exclusive with name. The - contents of all selected ClusterTrustBundles - will be unified and deduplicated. type: string required: - path type: object configMap: - description: configMap information - about the configMap data to project properties: items: - description: items if unspecified, - each key-value pair in the Data - field of the referenced ConfigMap - will be projected into the volume - as a file whose name is the - key and content is the value. - If specified, the listed keys - will be projected into the specified - paths, and unlisted keys will - not be present. If a key is - specified which is not present - in the ConfigMap, the volume - setup will error unless it is - marked optional. Paths must - be relative and may not contain - the '..' path or start with - '..'. items: - description: Maps a string key - to a path within a volume. properties: key: - description: key is the - key to project. type: string mode: - description: 'mode is Optional: - mode bits used to set - permissions on this file. - Must be an octal value - between 0000 and 0777 - or a decimal value between - 0 and 511. YAML accepts - both octal and decimal - values, JSON requires - decimal values for mode - bits. If not specified, - the volume defaultMode - will be used. This might - be in conflict with other - options that affect the - file mode, like fsGroup, - and the result can be - other mode bits set.' format: int32 type: integer path: - description: path is the - relative path of the file - to map the key to. May - not be an absolute path. - May not contain the path - element '..'. May not - start with the string - '..'. type: string required: - key @@ -5436,124 +1890,42 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional specify - whether the ConfigMap or its - keys must be defined type: boolean type: object x-kubernetes-map-type: atomic downwardAPI: - description: downwardAPI information - about the downwardAPI data to project properties: items: - description: Items is a list of - DownwardAPIVolume file items: - description: DownwardAPIVolumeFile - represents information to - create the file containing - the pod field properties: fieldRef: - description: 'Required: - Selects a field of the - pod: only annotations, - labels, name, namespace - and uid are supported.' properties: apiVersion: - description: Version - of the schema the - FieldPath is written - in terms of, defaults - to "v1". type: string fieldPath: - description: Path of - the field to select - in the specified API - version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: - mode bits used to set - permissions on this file, - must be an octal value - between 0000 and 0777 - or a decimal value between - 0 and 511. YAML accepts - both octal and decimal - values, JSON requires - decimal values for mode - bits. If not specified, - the volume defaultMode - will be used. This might - be in conflict with other - options that affect the - file mode, like fsGroup, - and the result can be - other mode bits set.' format: int32 type: integer path: - description: 'Required: - Path is the relative - path name of the file - to be created. Must not - be absolute or contain - the ''..'' path. Must - be utf-8 encoded. The - first item of the relative - path must not start with - ''..''' type: string resourceFieldRef: - description: 'Selects a - resource of the container: - only resources limits - and requests (limits.cpu, - limits.memory, requests.cpu - and requests.memory) are - currently supported.' properties: containerName: - description: 'Container - name: required for - volumes, optional - for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies - the output format - of the exposed resources, - defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: - resource to select' type: string required: - resource @@ -5566,64 +1938,16 @@ spec: x-kubernetes-list-type: atomic type: object secret: - description: secret information about - the secret data to project properties: items: - description: items if unspecified, - each key-value pair in the Data - field of the referenced Secret - will be projected into the volume - as a file whose name is the - key and content is the value. - If specified, the listed keys - will be projected into the specified - paths, and unlisted keys will - not be present. If a key is - specified which is not present - in the Secret, the volume setup - will error unless it is marked - optional. Paths must be relative - and may not contain the '..' - path or start with '..'. items: - description: Maps a string key - to a path within a volume. properties: key: - description: key is the - key to project. type: string mode: - description: 'mode is Optional: - mode bits used to set - permissions on this file. - Must be an octal value - between 0000 and 0777 - or a decimal value between - 0 and 511. YAML accepts - both octal and decimal - values, JSON requires - decimal values for mode - bits. If not specified, - the volume defaultMode - will be used. This might - be in conflict with other - options that affect the - file mode, like fsGroup, - and the result can be - other mode bits set.' format: int32 type: integer path: - description: path is the - relative path of the file - to map the key to. May - not be an absolute path. - May not contain the path - element '..'. May not - start with the string - '..'. type: string required: - key @@ -5633,63 +1957,19 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional field specify - whether the Secret or its key - must be defined type: boolean type: object x-kubernetes-map-type: atomic serviceAccountToken: - description: serviceAccountToken is - information about the serviceAccountToken - data to project properties: audience: - description: audience is the intended - audience of the token. A recipient - of a token must identify itself - with an identifier specified - in the audience of the token, - and otherwise should reject - the token. The audience defaults - to the identifier of the apiserver. type: string expirationSeconds: - description: expirationSeconds - is the requested duration of - validity of the service account - token. As the token approaches - expiration, the kubelet volume - plugin will proactively rotate - the service account token. The - kubelet will start trying to - rotate the token if the token - is older than 80 percent of - its time to live or if the token - is older than 24 hours.Defaults - to 1 hour and must be at least - 10 minutes. format: int64 type: integer path: - description: path is the path - relative to the mount point - of the file to project the token - into. type: string required: - path @@ -5699,183 +1979,79 @@ spec: x-kubernetes-list-type: atomic type: object quobyte: - description: quobyte represents a Quobyte mount - on the host that shares a pod's lifetime properties: group: - description: group to map volume access - to Default is no group type: string readOnly: - description: readOnly here will force the - Quobyte volume to be mounted with read-only - permissions. Defaults to false. type: boolean registry: - description: registry represents a single - or multiple Quobyte Registry services - specified as a string as host:port pair - (multiple entries are separated with commas) - which acts as the central registry for - volumes type: string tenant: - description: tenant owning the given Quobyte - volume in the Backend Used with dynamically - provisioned Quobyte volumes, value is - set by the plugin type: string user: - description: user to map volume access to - Defaults to serivceaccount user type: string volume: - description: volume is a string that references - an already created Quobyte volume by name. type: string required: - registry - volume type: object rbd: - description: 'rbd represents a Rados Block Device - mount on the host that shares a pod''s lifetime. - More info: https://examples.k8s.io/volumes/rbd/README.md' properties: fsType: - description: 'fsType is the filesystem type - of the volume that you want to mount. - Tip: Ensure that the filesystem type is - supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the - filesystem from compromising the machine' type: string image: - description: 'image is the rados image name. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string keyring: - description: 'keyring is the path to key - ring for RBDUser. Default is /etc/ceph/keyring. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string monitors: - description: 'monitors is a collection of - Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' items: type: string type: array x-kubernetes-list-type: atomic pool: - description: 'pool is the rados pool name. - Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string readOnly: - description: 'readOnly here will force the - ReadOnly setting in VolumeMounts. Defaults - to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: boolean secretRef: - description: 'secretRef is name of the authentication - secret for RBDUser. If provided overrides - keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value here - are almost certainly wrong. TODO: - Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is the rados user name. - Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string required: - image - monitors type: object scaleIO: - description: scaleIO represents a ScaleIO persistent - volume attached and mounted on Kubernetes - nodes. properties: fsType: - description: fsType is the filesystem type - to mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Default is "xfs". type: string gateway: - description: gateway is the host address - of the ScaleIO API Gateway. type: string protectionDomain: - description: protectionDomain is the name - of the ScaleIO Protection Domain for the - configured storage. type: string readOnly: - description: readOnly Defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: secretRef references to the - secret for ScaleIO user and other sensitive - information. If this is not provided, - Login operation will fail. properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value here - are almost certainly wrong. TODO: - Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic sslEnabled: - description: sslEnabled Flag enable/disable - SSL communication with Gateway, default - false type: boolean storageMode: - description: storageMode indicates whether - the storage for a volume should be ThickProvisioned - or ThinProvisioned. Default is ThinProvisioned. type: string storagePool: - description: storagePool is the ScaleIO - Storage Pool associated with the protection - domain. type: string system: - description: system is the name of the storage - system as configured in ScaleIO. type: string volumeName: - description: volumeName is the name of a - volume already created in the ScaleIO - system that is associated with this volume - source. type: string required: - gateway @@ -5883,68 +2059,19 @@ spec: - system type: object secret: - description: 'secret represents a secret that - should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' properties: defaultMode: - description: 'defaultMode is Optional: mode - bits used to set permissions on created - files by default. Must be an octal value - between 0000 and 0777 or a decimal value - between 0 and 511. YAML accepts both octal - and decimal values, JSON requires decimal - values for mode bits. Defaults to 0644. - Directories within the path are not affected - by this setting. This might be in conflict - with other options that affect the file - mode, like fsGroup, and the result can - be other mode bits set.' format: int32 type: integer items: - description: items If unspecified, each - key-value pair in the Data field of the - referenced Secret will be projected into - the volume as a file whose name is the - key and content is the value. If specified, - the listed keys will be projected into - the specified paths, and unlisted keys - will not be present. If a key is specified - which is not present in the Secret, the - volume setup will error unless it is marked - optional. Paths must be relative and may - not contain the '..' path or start with - '..'. items: - description: Maps a string key to a path - within a volume. properties: key: - description: key is the key to project. type: string mode: - description: 'mode is Optional: mode - bits used to set permissions on - this file. Must be an octal value - between 0000 and 0777 or a decimal - value between 0 and 511. YAML accepts - both octal and decimal values, JSON - requires decimal values for mode - bits. If not specified, the volume - defaultMode will be used. This might - be in conflict with other options - that affect the file mode, like - fsGroup, and the result can be other - mode bits set.' format: int32 type: integer path: - description: path is the relative - path of the file to map the key - to. May not be an absolute path. - May not contain the path element - '..'. May not start with the string - '..'. type: string required: - key @@ -5953,97 +2080,37 @@ spec: type: array x-kubernetes-list-type: atomic optional: - description: optional field specify whether - the Secret or its keys must be defined type: boolean secretName: - description: 'secretName is the name of - the secret in the pod''s namespace to - use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' type: string type: object storageos: - description: storageOS represents a StorageOS - volume attached and mounted on Kubernetes - nodes. properties: fsType: - description: fsType is the filesystem type - to mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to - be "ext4" if unspecified. type: string readOnly: - description: readOnly defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: secretRef specifies the secret - to use for obtaining the StorageOS API - credentials. If not specified, default - values will be attempted. properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value here - are almost certainly wrong. TODO: - Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic volumeName: - description: volumeName is the human-readable - name of the StorageOS volume. Volume - names are only unique within a namespace. type: string volumeNamespace: - description: volumeNamespace specifies the - scope of the volume within StorageOS. If - no namespace is specified then the Pod's - namespace will be used. This allows the - Kubernetes name scoping to be mirrored - within StorageOS for tighter integration. - Set VolumeName to any name to override - the default behaviour. Set to "default" - if you are not using namespaces within - StorageOS. Namespaces that do not pre-exist - within StorageOS will be created. type: string type: object vsphereVolume: - description: vsphereVolume represents a vSphere - volume attached and mounted on kubelets host - machine properties: fsType: - description: fsType is filesystem type to - mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to - be "ext4" if unspecified. type: string storagePolicyID: - description: storagePolicyID is the storage - Policy Based Management (SPBM) profile - ID associated with the StoragePolicyName. type: string storagePolicyName: - description: storagePolicyName is the storage - Policy Based Management (SPBM) profile - name. type: string volumePath: - description: volumePath is the path that - identifies vSphere volume vmdk type: string required: - volumePath @@ -6055,215 +2122,93 @@ spec: type: object type: array preBackup: - description: PreBackup specifies a list of hooks that will - be executed before backup items: - description: HookInfo specifies the information about - the backup/restore hooks properties: executionPolicy: default: Always - description: 'ExecutionPolicy specifies when to execute - the hook. Valid values are: - "Always": KubeStash - will execute this hook no matter the backup/restore - failed. This is the default execution policy. - - "OnSuccess": KubeStash will execute this hook only - if the backup/restore has succeeded. - "OnFailure": - KubeStash will execute this hook only if the backup/restore - has failed.' enum: - Always - OnSuccess - OnFailure type: string hookTemplate: - description: HookTemplate points to a HookTemplate - CR that will be used to execute the hook. You can - refer to a HookTemplate from other namespaces as - long as your current namespace is allowed by the - `usagePolicy` in the respective HookTemplate. properties: name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string required: - name type: object maxRetry: - description: MaxRetry specifies how many times KubeStash - should retry the hook execution in case of failure. - The default value of this field is 0 which means - no retry. format: int32 minimum: 0 type: integer name: - description: Name specifies a name for the hook type: string params: - description: Params specifies parameters for the hook. - You must provide the parameter in the HookTemplates - desired structure. type: object x-kubernetes-preserve-unknown-fields: true runtimeSettings: - description: RuntimeSettings specifies runtime configurations - for the hook executor Job. Use this field only for - `Function` type hook executor. properties: container: properties: env: - description: List of environment variables - to set in the container. Cannot be updated. items: - description: EnvVar represents an environment - variable present in a Container. properties: name: - description: Name of the environment - variable. Must be a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) - are expanded using the previously - defined environment variables in the - container and any service environment - variables. If a variable cannot be - resolved, the reference in the input - string will be unchanged. Double $$ - are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: - i.e. "$$(VAR_NAME)" will produce the - string literal "$(VAR_NAME)". Escaped - references will never be expanded, - regardless of whether the variable - exists or not. Defaults to "".' type: string valueFrom: - description: Source for the environment - variable's value. Cannot be used if - value is not empty. properties: configMapKeyRef: - description: Selects a key of a - ConfigMap. properties: key: - description: The key to select. type: string name: default: "" - description: 'Name of the referent. - This field is effectively - required, but due to backwards - compatibility is allowed to - be empty. Instances of this - type with an empty value here - are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether - the ConfigMap or its key must - be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of - the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, status.podIPs.' properties: apiVersion: - description: Version of the - schema the FieldPath is written - in terms of, defaults to "v1". type: string fieldPath: - description: Path of the field - to select in the specified - API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource - of the container: only resources - limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, - requests.cpu, requests.memory - and requests.ephemeral-storage) - are currently supported.' properties: containerName: - description: 'Container name: - required for volumes, optional - for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output - format of the exposed resources, - defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource - to select' type: string required: - resource type: object x-kubernetes-map-type: atomic secretKeyRef: - description: Selects a key of a - secret in the pod's namespace properties: key: - description: The key of the - secret to select from. Must - be a valid secret key. type: string name: default: "" - description: 'Name of the referent. - This field is effectively - required, but due to backwards - compatibility is allowed to - be empty. Instances of this - type with an empty value here - are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether - the Secret or its key must - be defined type: boolean required: - key @@ -6275,81 +2220,31 @@ spec: type: object type: array envFrom: - description: List of sources to populate environment - variables in the container. The keys defined - within a source must be a C_IDENTIFIER. - All invalid keys will be reported as an - event when the container is starting. When - a key exists in multiple sources, the value - associated with the last source will take - precedence. Values defined by an Env with - a duplicate key will take precedence. Cannot - be updated. items: - description: EnvFromSource represents the - source of a set of ConfigMaps properties: configMapRef: - description: The ConfigMap to select - from properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the - ConfigMap must be defined type: boolean type: object x-kubernetes-map-type: atomic prefix: - description: An optional identifier - to prepend to each key in the ConfigMap. - Must be a C_IDENTIFIER. type: string secretRef: - description: The Secret to select from properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the - Secret must be defined type: boolean type: object x-kubernetes-map-type: atomic type: object type: array ionice: - description: 'Settings to configure `ionice` - to throttle the load on disk. More info: - http://kennystechtalk.blogspot.com/2015/04/throttling-cpu-usage-with-linux-cgroups.html - More info: https://oakbytes.wordpress.com/2012/06/06/linux-scheduler-cfs-and-nice/' properties: class: format: int32 @@ -6359,72 +2254,27 @@ spec: type: integer type: object lifecycle: - description: Actions that the management system - should take in response to container lifecycle - events. Cannot be updated. properties: postStart: - description: 'PostStart is called immediately - after a container is created. If the - handler fails, the container is terminated - and restarted according to its restart - policy. Other management of the container - blocks until the hook completes. More - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: Exec specifies the action - to take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the - command is root ('/') in the - container's filesystem. The - command is simply exec'd, it - is not run inside a shell, so - traditional shell instructions - ('|', etc) won't work. To use - a shell, you need to explicitly - call out to that shell. Exit - status of 0 is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the - http request to perform. properties: host: - description: Host name to connect - to, defaults to the pod IP. - You probably want to set "Host" - in httpHeaders instead. type: string httpHeaders: - description: Custom headers to - set in the request. HTTP allows - repeated headers. items: - description: HTTPHeader describes - a custom header to be used - in HTTP probes properties: name: - description: The header - field name. This will - be canonicalized upon - output, so case-variant - names will be understood - as the same header. type: string value: - description: The header - field value type: string required: - name @@ -6433,138 +2283,58 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on - the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for - connecting to the host. Defaults - to HTTP. type: string required: - port type: object sleep: - description: Sleep represents the - duration that the container should - sleep before being terminated. properties: seconds: - description: Seconds is the number - of seconds to sleep. format: int64 type: integer required: - seconds type: object tcpSocket: - description: Deprecated. TCPSocket - is NOT supported as a LifecycleHandler - and kept for the backward compatibility. - There are no validation of this - field and lifecycle hooks will fail - in runtime when tcp handler is specified. properties: host: - description: 'Optional: Host name - to connect to, defaults to the - pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: - description: 'PreStop is called immediately - before a container is terminated due - to an API request or management event - such as liveness/startup probe failure, - preemption, resource contention, etc. - The handler is not called if the container - crashes or exits. The Pod''s termination - grace period countdown begins before - the PreStop hook is executed. Regardless - of the outcome of the handler, the container - will eventually terminate within the - Pod''s termination grace period (unless - delayed by finalizers). Other management - of the container blocks until the hook - completes or until the termination grace - period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: Exec specifies the action - to take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the - command is root ('/') in the - container's filesystem. The - command is simply exec'd, it - is not run inside a shell, so - traditional shell instructions - ('|', etc) won't work. To use - a shell, you need to explicitly - call out to that shell. Exit - status of 0 is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the - http request to perform. properties: host: - description: Host name to connect - to, defaults to the pod IP. - You probably want to set "Host" - in httpHeaders instead. type: string httpHeaders: - description: Custom headers to - set in the request. HTTP allows - repeated headers. items: - description: HTTPHeader describes - a custom header to be used - in HTTP probes properties: name: - description: The header - field name. This will - be canonicalized upon - output, so case-variant - names will be understood - as the same header. type: string value: - description: The header - field value type: string required: - name @@ -6573,62 +2343,33 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on - the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for - connecting to the host. Defaults - to HTTP. type: string required: - port type: object sleep: - description: Sleep represents the - duration that the container should - sleep before being terminated. properties: seconds: - description: Seconds is the number - of seconds to sleep. format: int64 type: integer required: - seconds type: object tcpSocket: - description: Deprecated. TCPSocket - is NOT supported as a LifecycleHandler - and kept for the backward compatibility. - There are no validation of this - field and lifecycle hooks will fail - in runtime when tcp handler is specified. properties: host: - description: 'Optional: Host name - to connect to, defaults to the - pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -6636,88 +2377,38 @@ spec: type: object type: object livenessProbe: - description: 'Periodic probe of container - liveness. Container will be restarted if - the probe fails. Cannot be updated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action - to take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it - is not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to - explicitly call out to that shell. - Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults to - 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action - involving a GRPC port. properties: port: - description: Port number of the gRPC - service. Number must be in the range - 1 to 65535. format: int32 type: integer service: - description: "Service is the name - of the service to place in the gRPC - HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the - default behavior is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http - request to perform. properties: host: - description: Host name to connect - to, defaults to the pod IP. You - probably want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers to set - in the request. HTTP allows repeated - headers. items: - description: HTTPHeader describes - a custom header to be used in - HTTP probes properties: name: - description: The header field - name. This will be canonicalized - upon output, so case-variant - names will be understood as - the same header. type: string value: - description: The header field - value type: string required: - name @@ -6726,190 +2417,84 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the - HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the - port to access on the container. - Number must be in the range 1 to - 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after - the container has started before liveness - probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to - perform the probe. Default to 10 seconds. - Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to 1. - Must be 1 for liveness and startup. - Minimum value is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action - involving a TCP port. properties: host: - description: 'Optional: Host name - to connect to, defaults to the pod - IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the - port to access on the container. - Number must be in the range 1 to - 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds - the pod needs to terminate gracefully - upon probe failure. The grace period - is the duration in seconds after the - processes running in the pod are sent - a termination signal and the time when - the processes are forcibly halted with - a kill signal. Set this value longer - than the expected cleanup time for your - process. If this value is nil, the pod's - terminationGracePeriodSeconds will be - used. Otherwise, this value overrides - the value provided by the pod spec. - Value must be non-negative integer. - The value zero indicates stop immediately - via the kill signal (no opportunity - to shut down). This is a beta field - and requires enabling ProbeTerminationGracePeriod - feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after - which the probe times out. Defaults - to 1 second. Minimum value is 1. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object nice: - description: 'Settings to configure `nice` - to throttle the load on cpu. More info: - http://kennystechtalk.blogspot.com/2015/04/throttling-cpu-usage-with-linux-cgroups.html - More info: https://oakbytes.wordpress.com/2012/06/06/linux-scheduler-cfs-and-nice/' properties: adjustment: format: int32 type: integer type: object readinessProbe: - description: 'Periodic probe of container - service readiness. Container will be removed - from service endpoints if the probe fails. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action - to take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it - is not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to - explicitly call out to that shell. - Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults to - 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action - involving a GRPC port. properties: port: - description: Port number of the gRPC - service. Number must be in the range - 1 to 65535. format: int32 type: integer service: - description: "Service is the name - of the service to place in the gRPC - HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the - default behavior is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http - request to perform. properties: host: - description: Host name to connect - to, defaults to the pod IP. You - probably want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers to set - in the request. HTTP allows repeated - headers. items: - description: HTTPHeader describes - a custom header to be used in - HTTP probes properties: name: - description: The header field - name. This will be canonicalized - upon output, so case-variant - names will be understood as - the same header. type: string value: - description: The header field - value type: string required: - name @@ -6918,120 +2503,51 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the - HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the - port to access on the container. - Number must be in the range 1 to - 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after - the container has started before liveness - probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to - perform the probe. Default to 10 seconds. - Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to 1. - Must be 1 for liveness and startup. - Minimum value is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action - involving a TCP port. properties: host: - description: 'Optional: Host name - to connect to, defaults to the pod - IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the - port to access on the container. - Number must be in the range 1 to - 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds - the pod needs to terminate gracefully - upon probe failure. The grace period - is the duration in seconds after the - processes running in the pod are sent - a termination signal and the time when - the processes are forcibly halted with - a kill signal. Set this value longer - than the expected cleanup time for your - process. If this value is nil, the pod's - terminationGracePeriodSeconds will be - used. Otherwise, this value overrides - the value provided by the pod spec. - Value must be non-negative integer. - The value zero indicates stop immediately - via the kill signal (no opportunity - to shut down). This is a beta field - and requires enabling ProbeTerminationGracePeriod - feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after - which the probe times out. Defaults - to 1 second. Minimum value is 1. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object resources: - description: 'Compute Resources required by - container. Cannot be updated. More info: - https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' properties: claims: - description: "Claims lists the names of - resources, defined in spec.resourceClaims, - that are used by this container. \n - This is an alpha field and requires - enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. - It can only be set for containers." items: - description: ResourceClaim references - one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the - name of one entry in pod.spec.resourceClaims - of the Pod where this field is - used. It makes that resource available - inside a container. type: string required: - name @@ -7047,9 +2563,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum - amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -7058,248 +2571,77 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum - amount of compute resources required. - If Requests is omitted for a container, - it defaults to Limits if that is explicitly - specified, otherwise to an implementation-defined - value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: - description: 'Security options the pod should - run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation - controls whether a process can gain - more privileges than its parent process. - This bool directly controls if the no_new_privs - flag will be set on the container process. - AllowPrivilegeEscalation is true always - when the container is: 1) run as Privileged - 2) has CAP_SYS_ADMIN Note that this - field cannot be set when spec.os.name - is windows.' type: boolean appArmorProfile: - description: appArmorProfile is the AppArmor - options to use by this container. If - set, this profile overrides the pod's - appArmorProfile. Note that this field - cannot be set when spec.os.name is windows. properties: localhostProfile: - description: localhostProfile indicates - a profile loaded on the node that - should be used. The profile must - be preconfigured on the node to - work. Must match the loaded name - of the profile. Must be set if and - only if type is "Localhost". type: string type: - description: 'type indicates which - kind of AppArmor profile will be - applied. Valid options are: Localhost - - a profile pre-loaded on the node. - RuntimeDefault - the container runtime''s - default profile. Unconfined - no - AppArmor enforcement.' type: string required: - type type: object capabilities: - description: The capabilities to add/drop - when running containers. Defaults to - the default set of capabilities granted - by the container runtime. Note that - this field cannot be set when spec.os.name - is windows. properties: add: - description: Added capabilities items: - description: Capability represent - POSIX capabilities type type: string type: array x-kubernetes-list-type: atomic drop: - description: Removed capabilities items: - description: Capability represent - POSIX capabilities type type: string type: array x-kubernetes-list-type: atomic type: object privileged: - description: Run container in privileged - mode. Processes in privileged containers - are essentially equivalent to root on - the host. Defaults to false. Note that - this field cannot be set when spec.os.name - is windows. type: boolean procMount: - description: procMount denotes the type - of proc mount to use for the containers. - The default is DefaultProcMount which - uses the container runtime defaults - for readonly paths and masked paths. - This requires the ProcMountType feature - flag to be enabled. Note that this field - cannot be set when spec.os.name is windows. type: string readOnlyRootFilesystem: - description: Whether this container has - a read-only root filesystem. Default - is false. Note that this field cannot - be set when spec.os.name is windows. type: boolean runAsGroup: - description: The GID to run the entrypoint - of the container process. Uses runtime - default if unset. May also be set in - PodSecurityContext. If set in both - SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this field - cannot be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: - description: Indicates that the container - must run as a non-root user. If true, - the Kubelet will validate the image - at runtime to ensure that it does not - run as UID 0 (root) and fail to start - the container if it does. If unset or - false, no such validation will be performed. - May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint - of the container process. Defaults to - user specified in image metadata if - unspecified. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this field - cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be - applied to the container. If unspecified, - the container runtime will allocate - a random SELinux context for each container. May - also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this field - cannot be set when spec.os.name is windows. properties: level: - description: Level is SELinux level - label that applies to the container. type: string role: - description: Role is a SELinux role - label that applies to the container. type: string type: - description: Type is a SELinux type - label that applies to the container. type: string user: - description: User is a SELinux user - label that applies to the container. type: string type: object seccompProfile: - description: The seccomp options to use - by this container. If seccomp options - are provided at both the pod & container - level, the container options override - the pod options. Note that this field - cannot be set when spec.os.name is windows. properties: localhostProfile: - description: localhostProfile indicates - a profile defined in a file on the - node should be used. The profile - must be preconfigured on the node - to work. Must be a descending path, - relative to the kubelet's configured - seccomp profile location. Must be - set if type is "Localhost". Must - NOT be set for any other type. type: string type: - description: "type indicates which - kind of seccomp profile will be - applied. Valid options are: \n Localhost - - a profile defined in a file on - the node should be used. RuntimeDefault - - the container runtime default - profile should be used. Unconfined - - no profile should be applied." type: string required: - type type: object windowsOptions: - description: The Windows specific settings - applied to all containers. If unspecified, - the options from the PodSecurityContext - will be used. If set in both SecurityContext - and PodSecurityContext, the value specified - in SecurityContext takes precedence. - Note that this field cannot be set when - spec.os.name is linux. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is - where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA - credential spec named by the GMSACredentialSpecName - field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName - is the name of the GMSA credential - spec to use. type: string hostProcess: - description: HostProcess determines - if a container should be run as - a 'Host Process' container. All - of a Pod's containers must have - the same effective HostProcess value - (it is not allowed to have a mix - of HostProcess containers and non-HostProcess - containers). In addition, if HostProcess - is true then HostNetwork must also - be set to true. type: boolean runAsUserName: - description: The UserName in Windows - to run the entrypoint of the container - process. Defaults to the user specified - in image metadata if unspecified. - May also be set in PodSecurityContext. - If set in both SecurityContext and - PodSecurityContext, the value specified - in SecurityContext takes precedence. type: string type: object type: object @@ -7307,91 +2649,22 @@ spec: pod: properties: affinity: - description: If specified, the pod's scheduling - constraints properties: nodeAffinity: - description: Describes node affinity scheduling - rules for the pod. properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer - to schedule pods to nodes that satisfy - the affinity expressions specified - by this field, but it may choose - a node that violates one or more - of the expressions. The node that - is most preferred is the one with - the greatest sum of weights, i.e. - for each node that meets all of - the scheduling requirements (resource - request, requiredDuringScheduling - affinity expressions, etc.), compute - a sum by iterating through the elements - of this field and adding "weight" - to the sum if the node matches the - corresponding matchExpressions; - the node(s) with the highest sum - are the most preferred. items: - description: An empty preferred - scheduling term matches all objects - with implicit weight 0 (i.e. it's - a no-op). A null preferred scheduling - term matches no objects (i.e. - is also a no-op). properties: preference: - description: A node selector - term, associated with the - corresponding weight. properties: matchExpressions: - description: A list of node - selector requirements - by node's labels. items: - description: A node selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key - and values. properties: key: - description: The label - key that the selector - applies to. type: string operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, Exists, - DoesNotExist. Gt, - and Lt. type: string values: - description: An array - of string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. If - the operator is - Gt or Lt, the values - array must have - a single element, - which will be interpreted - as an integer. This - array is replaced - during a strategic - merge patch. items: type: string type: array @@ -7403,51 +2676,13 @@ spec: type: array x-kubernetes-list-type: atomic matchFields: - description: A list of node - selector requirements - by node's fields. items: - description: A node selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key - and values. properties: key: - description: The label - key that the selector - applies to. type: string operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, Exists, - DoesNotExist. Gt, - and Lt. type: string values: - description: An array - of string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. If - the operator is - Gt or Lt, the values - array must have - a single element, - which will be interpreted - as an integer. This - array is replaced - during a strategic - merge patch. items: type: string type: array @@ -7461,10 +2696,6 @@ spec: type: object x-kubernetes-map-type: atomic weight: - description: Weight associated - with matching the corresponding - nodeSelectorTerm, in the range - 1-100. format: int32 type: integer required: @@ -7474,75 +2705,18 @@ spec: type: array x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements - specified by this field are not - met at scheduling time, the pod - will not be scheduled onto the node. - If the affinity requirements specified - by this field cease to be met at - some point during pod execution - (e.g. due to an update), the system - may or may not try to eventually - evict the pod from its node. properties: nodeSelectorTerms: - description: Required. A list - of node selector terms. The - terms are ORed. items: - description: A null or empty - node selector term matches - no objects. The requirements - of them are ANDed. The TopologySelectorTerm - type implements a subset of - the NodeSelectorTerm. properties: matchExpressions: - description: A list of node - selector requirements - by node's labels. items: - description: A node selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key - and values. properties: key: - description: The label - key that the selector - applies to. type: string operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, Exists, - DoesNotExist. Gt, - and Lt. type: string values: - description: An array - of string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. If - the operator is - Gt or Lt, the values - array must have - a single element, - which will be interpreted - as an integer. This - array is replaced - during a strategic - merge patch. items: type: string type: array @@ -7554,51 +2728,13 @@ spec: type: array x-kubernetes-list-type: atomic matchFields: - description: A list of node - selector requirements - by node's fields. items: - description: A node selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key - and values. properties: key: - description: The label - key that the selector - applies to. type: string operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, Exists, - DoesNotExist. Gt, - and Lt. type: string values: - description: An array - of string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. If - the operator is - Gt or Lt, the values - array must have - a single element, - which will be interpreted - as an integer. This - array is replaced - during a strategic - merge patch. items: type: string type: array @@ -7619,97 +2755,22 @@ spec: x-kubernetes-map-type: atomic type: object podAffinity: - description: Describes pod affinity scheduling - rules (e.g. co-locate this pod in the - same node, zone, etc. as some other - pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer - to schedule pods to nodes that satisfy - the affinity expressions specified - by this field, but it may choose - a node that violates one or more - of the expressions. The node that - is most preferred is the one with - the greatest sum of weights, i.e. - for each node that meets all of - the scheduling requirements (resource - request, requiredDuringScheduling - affinity expressions, etc.), compute - a sum by iterating through the elements - of this field and adding "weight" - to the sum if the node has pods - which matches the corresponding - podAffinityTerm; the node(s) with - the highest sum are the most preferred. items: - description: The weights of all - of the matched WeightedPodAffinityTerm - fields are added per-node to find - the most preferred node(s) properties: podAffinityTerm: - description: Required. A pod - affinity term, associated - with the corresponding weight. properties: labelSelector: - description: A label query - over a set of resources, - in this case pods. If - it's null, this PodAffinityTerm - matches with no Pods. properties: matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements are - ANDed. items: - description: A label - selector requirement - is a selector that - contains values, - a key, and an operator - that relates the - key and values. properties: key: - description: key - is the label - key that the - selector applies - to. type: string operator: - description: operator - represents a - key's relationship - to a set of - values. Valid - operators are - In, NotIn, Exists - and DoesNotExist. type: string values: - description: values - is an array - of string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or - DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic - merge patch. items: type: string type: array @@ -7723,151 +2784,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels - map is equivalent - to an element of matchExpressions, - whose key field is - "key", the operator - is "In", and the values - array contains only - "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys - is a set of pod label - keys to select which pods - will be taken into consideration. - The keys are used to lookup - values from the incoming - pod labels, those key-value - labels are merged with - `labelSelector` as `key - in (value)` to select - the group of existing - pods which pods will be - taken into consideration - for the incoming pod's - pod (anti) affinity. Keys - that don't exist in the - incoming pod labels will - be ignored. The default - value is empty. The same - key is forbidden to exist - in both matchLabelKeys - and labelSelector. Also, - matchLabelKeys cannot - be set when labelSelector - isn't set. This is an - alpha field and requires - enabling MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys - is a set of pod label - keys to select which pods - will be taken into consideration. - The keys are used to lookup - values from the incoming - pod labels, those key-value - labels are merged with - `labelSelector` as `key - notin (value)` to select - the group of existing - pods which pods will be - taken into consideration - for the incoming pod's - pod (anti) affinity. Keys - that don't exist in the - incoming pod labels will - be ignored. The default - value is empty. The same - key is forbidden to exist - in both mismatchLabelKeys - and labelSelector. Also, - mismatchLabelKeys cannot - be set when labelSelector - isn't set. This is an - alpha field and requires - enabling MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query - over the set of namespaces - that the term applies - to. The term is applied - to the union of the namespaces - selected by this field - and the ones listed in - the namespaces field. - null selector and null - or empty namespaces list - means "this pod's namespace". - An empty selector ({}) - matches all namespaces. properties: matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements are - ANDed. items: - description: A label - selector requirement - is a selector that - contains values, - a key, and an operator - that relates the - key and values. properties: key: - description: key - is the label - key that the - selector applies - to. type: string operator: - description: operator - represents a - key's relationship - to a set of - values. Valid - operators are - In, NotIn, Exists - and DoesNotExist. type: string values: - description: values - is an array - of string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or - DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic - merge patch. items: type: string type: array @@ -7881,61 +2820,20 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels - map is equivalent - to an element of matchExpressions, - whose key field is - "key", the operator - is "In", and the values - array contains only - "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces - specifies a static list - of namespace names that - the term applies to. The - term is applied to the - union of the namespaces - listed in this field and - the ones selected by namespaceSelector. - null or empty namespaces - list and null namespaceSelector - means "this pod's namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: - description: This pod should - be co-located (affinity) - or not co-located (anti-affinity) - with the pods matching - the labelSelector in the - specified namespaces, - where co-located is defined - as running on a node whose - value of the label with - key topologyKey matches - that of any node on which - any of the selected pods - is running. Empty topologyKey - is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated - with matching the corresponding - podAffinityTerm, in the range - 1-100. format: int32 type: integer required: @@ -7945,81 +2843,18 @@ spec: type: array x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements - specified by this field are not - met at scheduling time, the pod - will not be scheduled onto the node. - If the affinity requirements specified - by this field cease to be met at - some point during pod execution - (e.g. due to a pod label update), - the system may or may not try to - eventually evict the pod from its - node. When there are multiple elements, - the lists of nodes corresponding - to each podAffinityTerm are intersected, - i.e. all terms must be satisfied. items: - description: Defines a set of pods - (namely those matching the labelSelector - relative to the given namespace(s)) - that this pod should be co-located - (affinity) or not co-located (anti-affinity) - with, where co-located is defined - as running on a node whose value - of the label with key - matches that of any node on which - a pod of the set of pods is running properties: labelSelector: - description: A label query over - a set of resources, in this - case pods. If it's null, this - PodAffinityTerm matches with - no Pods. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key - and values. properties: key: - description: key is - the label key that - the selector applies - to. type: string operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values - is an array of string - values. If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. This - array is replaced - during a strategic - merge patch. items: type: string type: array @@ -8033,136 +2868,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an element - of matchExpressions, whose - key field is "key", the - operator is "In", and - the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys - is a set of pod label keys - to select which pods will - be taken into consideration. - The keys are used to lookup - values from the incoming pod - labels, those key-value labels - are merged with `labelSelector` - as `key in (value)` to select - the group of existing pods - which pods will be taken into - consideration for the incoming - pod's pod (anti) affinity. - Keys that don't exist in the - incoming pod labels will be - ignored. The default value - is empty. The same key is - forbidden to exist in both - matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot - be set when labelSelector - isn't set. This is an alpha - field and requires enabling - MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys - is a set of pod label keys - to select which pods will - be taken into consideration. - The keys are used to lookup - values from the incoming pod - labels, those key-value labels - are merged with `labelSelector` - as `key notin (value)` to - select the group of existing - pods which pods will be taken - into consideration for the - incoming pod's pod (anti) - affinity. Keys that don't - exist in the incoming pod - labels will be ignored. The - default value is empty. The - same key is forbidden to exist - in both mismatchLabelKeys - and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector - isn't set. This is an alpha - field and requires enabling - MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over - the set of namespaces that - the term applies to. The term - is applied to the union of - the namespaces selected by - this field and the ones listed - in the namespaces field. null - selector and null or empty - namespaces list means "this - pod's namespace". An empty - selector ({}) matches all - namespaces. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key - and values. properties: key: - description: key is - the label key that - the selector applies - to. type: string operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values - is an array of string - values. If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. This - array is replaced - during a strategic - merge patch. items: type: string type: array @@ -8176,49 +2904,15 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an element - of matchExpressions, whose - key field is "key", the - operator is "In", and - the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies - a static list of namespace - names that the term applies - to. The term is applied to - the union of the namespaces - listed in this field and the - ones selected by namespaceSelector. - null or empty namespaces list - and null namespaceSelector - means "this pod's namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: - description: This pod should - be co-located (affinity) or - not co-located (anti-affinity) - with the pods matching the - labelSelector in the specified - namespaces, where co-located - is defined as running on a - node whose value of the label - with key topologyKey matches - that of any node on which - any of the selected pods is - running. Empty topologyKey - is not allowed. type: string required: - topologyKey @@ -8227,97 +2921,22 @@ spec: x-kubernetes-list-type: atomic type: object podAntiAffinity: - description: Describes pod anti-affinity - scheduling rules (e.g. avoid putting - this pod in the same node, zone, etc. - as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer - to schedule pods to nodes that satisfy - the anti-affinity expressions specified - by this field, but it may choose - a node that violates one or more - of the expressions. The node that - is most preferred is the one with - the greatest sum of weights, i.e. - for each node that meets all of - the scheduling requirements (resource - request, requiredDuringScheduling - anti-affinity expressions, etc.), - compute a sum by iterating through - the elements of this field and adding - "weight" to the sum if the node - has pods which matches the corresponding - podAffinityTerm; the node(s) with - the highest sum are the most preferred. items: - description: The weights of all - of the matched WeightedPodAffinityTerm - fields are added per-node to find - the most preferred node(s) properties: podAffinityTerm: - description: Required. A pod - affinity term, associated - with the corresponding weight. properties: labelSelector: - description: A label query - over a set of resources, - in this case pods. If - it's null, this PodAffinityTerm - matches with no Pods. properties: matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements are - ANDed. items: - description: A label - selector requirement - is a selector that - contains values, - a key, and an operator - that relates the - key and values. properties: key: - description: key - is the label - key that the - selector applies - to. type: string operator: - description: operator - represents a - key's relationship - to a set of - values. Valid - operators are - In, NotIn, Exists - and DoesNotExist. type: string values: - description: values - is an array - of string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or - DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic - merge patch. items: type: string type: array @@ -8331,151 +2950,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels - map is equivalent - to an element of matchExpressions, - whose key field is - "key", the operator - is "In", and the values - array contains only - "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys - is a set of pod label - keys to select which pods - will be taken into consideration. - The keys are used to lookup - values from the incoming - pod labels, those key-value - labels are merged with - `labelSelector` as `key - in (value)` to select - the group of existing - pods which pods will be - taken into consideration - for the incoming pod's - pod (anti) affinity. Keys - that don't exist in the - incoming pod labels will - be ignored. The default - value is empty. The same - key is forbidden to exist - in both matchLabelKeys - and labelSelector. Also, - matchLabelKeys cannot - be set when labelSelector - isn't set. This is an - alpha field and requires - enabling MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys - is a set of pod label - keys to select which pods - will be taken into consideration. - The keys are used to lookup - values from the incoming - pod labels, those key-value - labels are merged with - `labelSelector` as `key - notin (value)` to select - the group of existing - pods which pods will be - taken into consideration - for the incoming pod's - pod (anti) affinity. Keys - that don't exist in the - incoming pod labels will - be ignored. The default - value is empty. The same - key is forbidden to exist - in both mismatchLabelKeys - and labelSelector. Also, - mismatchLabelKeys cannot - be set when labelSelector - isn't set. This is an - alpha field and requires - enabling MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query - over the set of namespaces - that the term applies - to. The term is applied - to the union of the namespaces - selected by this field - and the ones listed in - the namespaces field. - null selector and null - or empty namespaces list - means "this pod's namespace". - An empty selector ({}) - matches all namespaces. properties: matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements are - ANDed. items: - description: A label - selector requirement - is a selector that - contains values, - a key, and an operator - that relates the - key and values. properties: key: - description: key - is the label - key that the - selector applies - to. type: string operator: - description: operator - represents a - key's relationship - to a set of - values. Valid - operators are - In, NotIn, Exists - and DoesNotExist. type: string values: - description: values - is an array - of string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or - DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic - merge patch. items: type: string type: array @@ -8489,61 +2986,20 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels - map is equivalent - to an element of matchExpressions, - whose key field is - "key", the operator - is "In", and the values - array contains only - "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces - specifies a static list - of namespace names that - the term applies to. The - term is applied to the - union of the namespaces - listed in this field and - the ones selected by namespaceSelector. - null or empty namespaces - list and null namespaceSelector - means "this pod's namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: - description: This pod should - be co-located (affinity) - or not co-located (anti-affinity) - with the pods matching - the labelSelector in the - specified namespaces, - where co-located is defined - as running on a node whose - value of the label with - key topologyKey matches - that of any node on which - any of the selected pods - is running. Empty topologyKey - is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated - with matching the corresponding - podAffinityTerm, in the range - 1-100. format: int32 type: integer required: @@ -8553,81 +3009,18 @@ spec: type: array x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity - requirements specified by this field - are not met at scheduling time, - the pod will not be scheduled onto - the node. If the anti-affinity requirements - specified by this field cease to - be met at some point during pod - execution (e.g. due to a pod label - update), the system may or may not - try to eventually evict the pod - from its node. When there are multiple - elements, the lists of nodes corresponding - to each podAffinityTerm are intersected, - i.e. all terms must be satisfied. items: - description: Defines a set of pods - (namely those matching the labelSelector - relative to the given namespace(s)) - that this pod should be co-located - (affinity) or not co-located (anti-affinity) - with, where co-located is defined - as running on a node whose value - of the label with key - matches that of any node on which - a pod of the set of pods is running properties: labelSelector: - description: A label query over - a set of resources, in this - case pods. If it's null, this - PodAffinityTerm matches with - no Pods. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key - and values. properties: key: - description: key is - the label key that - the selector applies - to. type: string operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values - is an array of string - values. If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. This - array is replaced - during a strategic - merge patch. items: type: string type: array @@ -8641,136 +3034,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an element - of matchExpressions, whose - key field is "key", the - operator is "In", and - the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys - is a set of pod label keys - to select which pods will - be taken into consideration. - The keys are used to lookup - values from the incoming pod - labels, those key-value labels - are merged with `labelSelector` - as `key in (value)` to select - the group of existing pods - which pods will be taken into - consideration for the incoming - pod's pod (anti) affinity. - Keys that don't exist in the - incoming pod labels will be - ignored. The default value - is empty. The same key is - forbidden to exist in both - matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot - be set when labelSelector - isn't set. This is an alpha - field and requires enabling - MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys - is a set of pod label keys - to select which pods will - be taken into consideration. - The keys are used to lookup - values from the incoming pod - labels, those key-value labels - are merged with `labelSelector` - as `key notin (value)` to - select the group of existing - pods which pods will be taken - into consideration for the - incoming pod's pod (anti) - affinity. Keys that don't - exist in the incoming pod - labels will be ignored. The - default value is empty. The - same key is forbidden to exist - in both mismatchLabelKeys - and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector - isn't set. This is an alpha - field and requires enabling - MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over - the set of namespaces that - the term applies to. The term - is applied to the union of - the namespaces selected by - this field and the ones listed - in the namespaces field. null - selector and null or empty - namespaces list means "this - pod's namespace". An empty - selector ({}) matches all - namespaces. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key - and values. properties: key: - description: key is - the label key that - the selector applies - to. type: string operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values - is an array of string - values. If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. This - array is replaced - during a strategic - merge patch. items: type: string type: array @@ -8784,49 +3070,15 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an element - of matchExpressions, whose - key field is "key", the - operator is "In", and - the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies - a static list of namespace - names that the term applies - to. The term is applied to - the union of the namespaces - listed in this field and the - ones selected by namespaceSelector. - null or empty namespaces list - and null namespaceSelector - means "this pod's namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: - description: This pod should - be co-located (affinity) or - not co-located (anti-affinity) - with the pods matching the - labelSelector in the specified - namespaces, where co-located - is defined as running on a - node whose value of the label - with key topologyKey matches - that of any node on which - any of the selected pods is - running. Empty topologyKey - is not allowed. type: string required: - topologyKey @@ -8836,332 +3088,106 @@ spec: type: object type: object automountServiceAccountToken: - description: AutomountServiceAccountToken - indicates whether a service account token - should be automatically mounted. type: boolean enableServiceLinks: - description: 'EnableServiceLinks indicates - whether information about services should - be injected into pod''s environment variables, - matching the syntax of Docker links. Optional: - Defaults to true.' type: boolean imagePullSecrets: - description: 'ImagePullSecrets is an optional - list of references to secrets in the same - namespace to use for pulling any of the - images used by this PodRuntimeSettings. - If specified, these secrets will be passed - to individual puller implementations for - them to use. For example, in the case of - docker, only DockerConfig type secrets are - honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' items: - description: LocalObjectReference contains - enough information to let you locate the - referenced object inside the same namespace. properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value here - are almost certainly wrong. TODO: - Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic type: array nodeName: - description: NodeName is a request to schedule - this pod onto a specific node. If it is - non-empty, the scheduler simply schedules - this pod onto that node, assuming that it - fits resource requirements. type: string nodeSelector: additionalProperties: type: string - description: 'NodeSelector is a selector which - must be true for the pod to fit on a node. - Selector which must match a node''s labels - for the pod to be scheduled on that node. - More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' type: object podAnnotations: additionalProperties: type: string - description: PodAnnotations are the annotations - that will be attached with the respective - Pod type: object podLabels: additionalProperties: type: string - description: PodLabels are the labels that - will be attached with the respective Pod type: object priority: - description: The priority value. Various system - components use this field to find the priority - of the pod. When Priority Admission Controller - is enabled, it prevents users from setting - this field. The admission controller populates - this field from PriorityClassName. The higher - the value, the higher the priority. format: int32 type: integer priorityClassName: - description: If specified, indicates the pod's - priority. "system-node-critical" and "system-cluster-critical" - are two special keywords which indicate - the highest priorities with the former being - the highest priority. Any other name must - be defined by creating a PriorityClass object - with that name. If not specified, the pod - priority will be default or zero if there - is no default. type: string readinessGates: - description: 'If specified, all readiness - gates will be evaluated for pod readiness. - A pod is ready when all its containers are - ready AND all conditions specified in the - readiness gates have status equal to "True" - More info: https://git.k8s.io/enhancements/keps/sig-network/0007-pod-ready%2B%2B.md' items: - description: PodReadinessGate contains the - reference to a pod condition properties: conditionType: - description: ConditionType refers to - a condition in the pod's condition - list with matching type. type: string required: - conditionType type: object type: array runtimeClassName: - description: 'RuntimeClassName refers to a - RuntimeClass object in the node.k8s.io group, - which should be used to run this pod. If - no RuntimeClass resource matches the named - class, the pod will not be run. If unset - or empty, the "legacy" RuntimeClass will - be used, which is an implicit class with - an empty definition that uses the default - runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md - This is an alpha feature and may change - in the future.' type: string schedulerName: - description: If specified, the pod will be - dispatched by specified scheduler. If not - specified, the pod will be dispatched by - default scheduler. type: string securityContext: - description: 'Security options the pod should - run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: appArmorProfile: - description: appArmorProfile is the AppArmor - options to use by the containers in - this pod. Note that this field cannot - be set when spec.os.name is windows. properties: localhostProfile: - description: localhostProfile indicates - a profile loaded on the node that - should be used. The profile must - be preconfigured on the node to - work. Must match the loaded name - of the profile. Must be set if and - only if type is "Localhost". type: string type: - description: 'type indicates which - kind of AppArmor profile will be - applied. Valid options are: Localhost - - a profile pre-loaded on the node. - RuntimeDefault - the container runtime''s - default profile. Unconfined - no - AppArmor enforcement.' type: string required: - type type: object fsGroup: - description: "A special supplemental group - that applies to all containers in a - pod. Some volume types allow the Kubelet - to change the ownership of that volume - to be owned by the pod: \n 1. The owning - GID will be the FSGroup 2. The setgid - bit is set (new files created in the - volume will be owned by FSGroup) 3. - The permission bits are OR'd with rw-rw---- - \n If unset, the Kubelet will not modify - the ownership and permissions of any - volume. Note that this field cannot - be set when spec.os.name is windows." format: int64 type: integer fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines - behavior of changing ownership and permission - of the volume before being exposed inside - Pod. This field will only apply to volume - types which support fsGroup based ownership(and - permissions). It will have no effect - on ephemeral volume types such as: secret, - configmaps and emptydir. Valid values - are "OnRootMismatch" and "Always". If - not specified, "Always" is used. Note - that this field cannot be set when spec.os.name - is windows.' type: string runAsGroup: - description: The GID to run the entrypoint - of the container process. Uses runtime - default if unset. May also be set in - SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified - in SecurityContext takes precedence - for that container. Note that this field - cannot be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: - description: Indicates that the container - must run as a non-root user. If true, - the Kubelet will validate the image - at runtime to ensure that it does not - run as UID 0 (root) and fail to start - the container if it does. If unset or - false, no such validation will be performed. - May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint - of the container process. Defaults to - user specified in image metadata if - unspecified. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence for that container. - Note that this field cannot be set when - spec.os.name is windows. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be - applied to all containers. If unspecified, - the container runtime will allocate - a random SELinux context for each container. May - also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence for that container. - Note that this field cannot be set when - spec.os.name is windows. properties: level: - description: Level is SELinux level - label that applies to the container. type: string role: - description: Role is a SELinux role - label that applies to the container. type: string type: - description: Type is a SELinux type - label that applies to the container. type: string user: - description: User is a SELinux user - label that applies to the container. type: string type: object seccompProfile: - description: The seccomp options to use - by the containers in this pod. Note - that this field cannot be set when spec.os.name - is windows. properties: localhostProfile: - description: localhostProfile indicates - a profile defined in a file on the - node should be used. The profile - must be preconfigured on the node - to work. Must be a descending path, - relative to the kubelet's configured - seccomp profile location. Must be - set if type is "Localhost". Must - NOT be set for any other type. type: string type: - description: "type indicates which - kind of seccomp profile will be - applied. Valid options are: \n Localhost - - a profile defined in a file on - the node should be used. RuntimeDefault - - the container runtime default - profile should be used. Unconfined - - no profile should be applied." type: string required: - type type: object supplementalGroups: - description: A list of groups applied - to the first process run in each container, - in addition to the container's primary - GID, the fsGroup (if specified), and - group memberships defined in the container - image for the uid of the container process. - If unspecified, no additional groups - are added to any container. Note that - group memberships defined in the container - image for the uid of the container process - are still effective, even if they are - not included in this list. Note that - this field cannot be set when spec.os.name - is windows. items: format: int64 type: integer type: array x-kubernetes-list-type: atomic sysctls: - description: Sysctls hold a list of namespaced - sysctls used for the pod. Pods with - unsupported sysctls (by the container - runtime) might fail to launch. Note - that this field cannot be set when spec.os.name - is windows. items: - description: Sysctl defines a kernel - parameter to be set properties: name: - description: Name of a property - to set type: string value: - description: Value of a property - to set type: string required: - name @@ -9170,168 +3196,52 @@ spec: type: array x-kubernetes-list-type: atomic windowsOptions: - description: The Windows specific settings - applied to all containers. If unspecified, - the options within a container's SecurityContext - will be used. If set in both SecurityContext - and PodSecurityContext, the value specified - in SecurityContext takes precedence. - Note that this field cannot be set when - spec.os.name is linux. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is - where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA - credential spec named by the GMSACredentialSpecName - field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName - is the name of the GMSA credential - spec to use. type: string hostProcess: - description: HostProcess determines - if a container should be run as - a 'Host Process' container. All - of a Pod's containers must have - the same effective HostProcess value - (it is not allowed to have a mix - of HostProcess containers and non-HostProcess - containers). In addition, if HostProcess - is true then HostNetwork must also - be set to true. type: boolean runAsUserName: - description: The UserName in Windows - to run the entrypoint of the container - process. Defaults to the user specified - in image metadata if unspecified. - May also be set in PodSecurityContext. - If set in both SecurityContext and - PodSecurityContext, the value specified - in SecurityContext takes precedence. type: string type: object type: object serviceAccountAnnotations: additionalProperties: type: string - description: ServiceAccountAnnotations are - the annotations that will be attached with - the respective ServiceAccount type: object serviceAccountName: - description: 'ServiceAccountName is the name - of the ServiceAccount to use to run this - pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' type: string tolerations: - description: If specified, the pod's tolerations. items: - description: The pod this Toleration is - attached to tolerates any taint that matches - the triple using the - matching operator . properties: effect: - description: Effect indicates the taint - effect to match. Empty means match - all taint effects. When specified, - allowed values are NoSchedule, PreferNoSchedule - and NoExecute. type: string key: - description: Key is the taint key that - the toleration applies to. Empty means - match all taint keys. If the key is - empty, operator must be Exists; this - combination means to match all values - and all keys. type: string operator: - description: Operator represents a key's - relationship to the value. Valid operators - are Exists and Equal. Defaults to - Equal. Exists is equivalent to wildcard - for value, so that a pod can tolerate - all taints of a particular category. type: string tolerationSeconds: - description: TolerationSeconds represents - the period of time the toleration - (which must be of effect NoExecute, - otherwise this field is ignored) tolerates - the taint. By default, it is not set, - which means tolerate the taint forever - (do not evict). Zero and negative - values will be treated as 0 (evict - immediately) by the system. format: int64 type: integer value: - description: Value is the taint value - the toleration matches to. If the - operator is Exists, the value should - be empty, otherwise just a regular - string. type: string type: object type: array topologySpreadConstraints: - description: TopologySpreadConstraints describes - how a group of pods ought to spread across - topology domains. Scheduler will schedule - pods in a way which abides by the constraints. - All topologySpreadConstraints are ANDed. items: - description: TopologySpreadConstraint specifies - how to spread matching pods among the - given topology. properties: labelSelector: - description: LabelSelector is used to - find matching pods. Pods that match - this label selector are counted to - determine the number of pods in their - corresponding topology domain. properties: matchExpressions: - description: matchExpressions is - a list of label selector requirements. - The requirements are ANDed. items: - description: A label selector - requirement is a selector that - contains values, a key, and - an operator that relates the - key and values. properties: key: - description: key is the label - key that the selector applies - to. type: string operator: - description: operator represents - a key's relationship to - a set of values. Valid operators - are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an - array of string values. - If the operator is In or - NotIn, the values array - must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be - empty. This array is replaced - during a strategic merge - patch. items: type: string type: array @@ -9345,183 +3255,27 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map - of {key,value} pairs. A single - {key,value} in the matchLabels - map is equivalent to an element - of matchExpressions, whose key - field is "key", the operator is - "In", and the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: "MatchLabelKeys is a set - of pod label keys to select the pods - over which spreading will be calculated. - The keys are used to lookup values - from the incoming pod labels, those - key-value labels are ANDed with labelSelector - to select the group of existing pods - over which spreading will be calculated - for the incoming pod. The same key - is forbidden to exist in both MatchLabelKeys - and LabelSelector. MatchLabelKeys - cannot be set when LabelSelector isn't - set. Keys that don't exist in the - incoming pod labels will be ignored. - A null or empty list means only match - against labelSelector. \n This is - a beta field and requires the MatchLabelKeysInPodTopologySpread - feature gate to be enabled (enabled - by default)." items: type: string type: array x-kubernetes-list-type: atomic maxSkew: - description: 'MaxSkew describes the - degree to which pods may be unevenly - distributed. When `whenUnsatisfiable=DoNotSchedule`, - it is the maximum permitted difference - between the number of matching pods - in the target topology and the global - minimum. The global minimum is the - minimum number of matching pods in - an eligible domain or zero if the - number of eligible domains is less - than MinDomains. For example, in a - 3-zone cluster, MaxSkew is set to - 1, and pods with the same labelSelector - spread as 2/2/1: In this case, the - global minimum is 1. | zone1 | zone2 - | zone3 | | P P | P P | P | - - if MaxSkew is 1, incoming pod can - only be scheduled to zone3 to become - 2/2/2; scheduling it onto zone1(zone2) - would make the ActualSkew(3-1) on - zone1(zone2) violate MaxSkew(1). - - if MaxSkew is 2, incoming pod can - be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, - it is used to give higher precedence - to topologies that satisfy it. It''s - a required field. Default value is - 1 and 0 is not allowed.' format: int32 type: integer minDomains: - description: "MinDomains indicates a - minimum number of eligible domains. - When the number of eligible domains - with matching topology keys is less - than minDomains, Pod Topology Spread - treats \"global minimum\" as 0, and - then the calculation of Skew is performed. - And when the number of eligible domains - with matching topology keys equals - or greater than minDomains, this value - has no effect on scheduling. As a - result, when the number of eligible - domains is less than minDomains, scheduler - won't schedule more than maxSkew Pods - to those domains. If value is nil, - the constraint behaves as if MinDomains - is equal to 1. Valid values are integers - greater than 0. When value is not - nil, WhenUnsatisfiable must be DoNotSchedule. - \n For example, in a 3-zone cluster, - MaxSkew is set to 2, MinDomains is - set to 5 and pods with the same labelSelector - spread as 2/2/2: | zone1 | zone2 | - zone3 | | P P | P P | P P | - The number of domains is less than - 5(MinDomains), so \"global minimum\" - is treated as 0. In this situation, - new pod with the same labelSelector - cannot be scheduled, because computed - skew will be 3(3 - 0) if new Pod is - scheduled to any of the three zones, - it will violate MaxSkew." format: int32 type: integer nodeAffinityPolicy: - description: "NodeAffinityPolicy indicates - how we will treat Pod's nodeAffinity/nodeSelector - when calculating pod topology spread - skew. Options are: - Honor: only nodes - matching nodeAffinity/nodeSelector - are included in the calculations. - - Ignore: nodeAffinity/nodeSelector - are ignored. All nodes are included - in the calculations. \n If this value - is nil, the behavior is equivalent - to the Honor policy. This is a beta-level - feature default enabled by the NodeInclusionPolicyInPodTopologySpread - feature flag." type: string nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates - how we will treat node taints when - calculating pod topology spread skew. - Options are: - Honor: nodes without - taints, along with tainted nodes for - which the incoming pod has a toleration, - are included. - Ignore: node taints - are ignored. All nodes are included. - \n If this value is nil, the behavior - is equivalent to the Ignore policy. - This is a beta-level feature default - enabled by the NodeInclusionPolicyInPodTopologySpread - feature flag." type: string topologyKey: - description: TopologyKey is the key - of node labels. Nodes that have a - label with this key and identical - values are considered to be in the - same topology. We consider each as a "bucket", and try to put - balanced number of pods into each - bucket. We define a domain as a particular - instance of a topology. Also, we define - an eligible domain as a domain whose - nodes meet the requirements of nodeAffinityPolicy - and nodeTaintsPolicy. e.g. If TopologyKey - is "kubernetes.io/hostname", each - Node is a domain of that topology. - And, if TopologyKey is "topology.kubernetes.io/zone", - each zone is a domain of that topology. - It's a required field. type: string whenUnsatisfiable: - description: 'WhenUnsatisfiable indicates - how to deal with a pod if it doesn''t - satisfy the spread constraint. - DoNotSchedule - (default) tells the scheduler not - to schedule it. - ScheduleAnyway tells - the scheduler to schedule the pod - in any location, but giving higher - precedence to topologies that would - help reduce the skew. A constraint - is considered "Unsatisfiable" for - an incoming pod if and only if every - possible node assignment for that - pod would violate "MaxSkew" on some - topology. For example, in a 3-zone - cluster, MaxSkew is set to 1, and - pods with the same labelSelector spread - as 3/1/1: | zone1 | zone2 | zone3 - | | P P P | P | P | If WhenUnsatisfiable - is set to DoNotSchedule, incoming - pod can only be scheduled to zone2(zone3) - to become 3/2/1(3/1/2) as ActualSkew(2-1) - on zone2(zone3) satisfies MaxSkew(1). - In other words, the cluster can still - be imbalanced, but scheduler won''t - make it *more* imbalanced. It''s a - required field.' type: string required: - maxSkew @@ -9536,143 +3290,63 @@ spec: type: object type: object timeout: - description: Timeout specifies a duration in seconds - that KubeStash should wait for the hook execution - to be completed. If the hook execution does not - finish within this time period, KubeStash will consider - this hook execution as failure. Then, it will be - re-tried according to MaxRetry policy. type: string variables: - description: Variables specifies a list of variables - and their sources that will be used to resolve the - HookTemplate. items: - description: EnvVar represents an environment variable - present in a Container. properties: name: - description: Name of the environment variable. - Must be a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) - are expanded using the previously defined - environment variables in the container and - any service environment variables. If a variable - cannot be resolved, the reference in the input - string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the - $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, - regardless of whether the variable exists - or not. Defaults to "".' type: string valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. properties: configMapKeyRef: - description: Selects a key of a ConfigMap. properties: key: - description: The key to select. type: string name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value here - are almost certainly wrong. TODO: - Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the ConfigMap - or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of the pod: - supports metadata.name, metadata.namespace, - `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, status.podIPs.' properties: apiVersion: - description: Version of the schema the - FieldPath is written in terms of, - defaults to "v1". type: string fieldPath: - description: Path of the field to select - in the specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource of the - container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, - requests.cpu, requests.memory and requests.ephemeral-storage) - are currently supported.' properties: containerName: - description: 'Container name: required - for volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output format - of the exposed resources, defaults - to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to - select' type: string required: - resource type: object x-kubernetes-map-type: atomic secretKeyRef: - description: Selects a key of a secret in - the pod's namespace properties: key: - description: The key of the secret to - select from. Must be a valid secret - key. type: string name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value here - are almost certainly wrong. TODO: - Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the Secret - or its key must be defined type: boolean required: - key @@ -9684,69 +3358,21 @@ spec: type: object type: array volumeMounts: - description: VolumeMounts specifies the mount for - the volumes specified in `Volumes` section Use this - field only for `Function` type hook executor. items: - description: VolumeMount describes a mounting of - a Volume within a container. properties: mountPath: - description: Path within the container at which - the volume should be mounted. Must not contain - ':'. type: string mountPropagation: - description: mountPropagation determines how - mounts are propagated from the host to container - and the other way around. When not set, MountPropagationNone - is used. This field is beta in 1.10. When - RecursiveReadOnly is set to IfPossible or - to Enabled, MountPropagation must be None - or unspecified (which defaults to None). type: string name: - description: This must match the Name of a Volume. type: string readOnly: - description: Mounted read-only if true, read-write - otherwise (false or unspecified). Defaults - to false. type: boolean recursiveReadOnly: - description: "RecursiveReadOnly specifies whether - read-only mounts should be handled recursively. - \n If ReadOnly is false, this field has no - meaning and must be unspecified. \n If ReadOnly - is true, and this field is set to Disabled, - the mount is not made recursively read-only. - \ If this field is set to IfPossible, the - mount is made recursively read-only, if it - is supported by the container runtime. If - this field is set to Enabled, the mount is - made recursively read-only if it is supported - by the container runtime, otherwise the pod - will not be started and an error will be generated - to indicate the reason. \n If this field is - set to IfPossible or Enabled, MountPropagation - must be set to None (or be unspecified, which - defaults to None). \n If this field is not - specified, it is treated as an equivalent - of Disabled." type: string subPath: - description: Path within the volume from which - the container's volume should be mounted. - Defaults to "" (volume's root). type: string subPathExpr: - description: Expanded path within the volume - from which the container's volume should be - mounted. Behaves similarly to SubPath but - environment variable references $(VAR_NAME) - are expanded using the container's environment. - Defaults to "" (volume's root). SubPathExpr - and SubPath are mutually exclusive. type: string required: - mountPath @@ -9754,284 +3380,109 @@ spec: type: object type: array volumes: - description: Volumes indicates the list of volumes - of targeted application that should be mounted on - the hook executor. Use this field only for `Function` - type hook executor. items: - description: Volume represents a named volume in - a pod that may be accessed by any container in - the pod. properties: awsElasticBlockStore: - description: 'awsElasticBlockStore represents - an AWS Disk resource that is attached to a - kubelet''s host machine and then exposed to - the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' properties: fsType: - description: 'fsType is the filesystem type - of the volume that you want to mount. - Tip: Ensure that the filesystem type is - supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the - filesystem from compromising the machine' type: string partition: - description: 'partition is the partition - in the volume that you want to mount. - If omitted, the default is to mount by - volume name. Examples: For volume /dev/sda1, - you specify the partition as "1". Similarly, - the volume partition for /dev/sda is "0" - (or you can leave the property empty).' format: int32 type: integer readOnly: - description: 'readOnly value true will force - the readOnly setting in VolumeMounts. - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: boolean volumeID: - description: 'volumeID is unique ID of the - persistent disk resource in AWS (Amazon - EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: string required: - volumeID type: object azureDisk: - description: azureDisk represents an Azure Data - Disk mount on the host and bind mount to the - pod. properties: cachingMode: - description: 'cachingMode is the Host Caching - mode: None, Read Only, Read Write.' type: string diskName: - description: diskName is the Name of the - data disk in the blob storage type: string diskURI: - description: diskURI is the URI of data - disk in the blob storage type: string fsType: - description: fsType is Filesystem type to - mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to - be "ext4" if unspecified. type: string kind: - description: 'kind expected values are Shared: - multiple blob disks per storage account Dedicated: - single blob disk per storage account Managed: - azure managed data disk (only in managed - availability set). defaults to shared' type: string readOnly: - description: readOnly Defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. type: boolean required: - diskName - diskURI type: object azureFile: - description: azureFile represents an Azure File - Service mount on the host and bind mount to - the pod. properties: readOnly: - description: readOnly defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. type: boolean secretName: - description: secretName is the name of - secret that contains Azure Storage Account - Name and Key type: string shareName: - description: shareName is the azure share - Name type: string required: - secretName - shareName type: object cephfs: - description: cephFS represents a Ceph FS mount - on the host that shares a pod's lifetime properties: monitors: - description: 'monitors is Required: Monitors - is a collection of Ceph monitors More - info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' items: type: string type: array x-kubernetes-list-type: atomic path: - description: 'path is Optional: Used as - the mounted root, rather than the full - Ceph tree, default is /' type: string readOnly: - description: 'readOnly is Optional: Defaults - to false (read/write). ReadOnly here will - force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: boolean secretFile: - description: 'secretFile is Optional: SecretFile - is the path to key ring for User, default - is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string secretRef: - description: 'secretRef is Optional: SecretRef - is reference to the authentication secret - for User, default is empty. More info: - https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value here - are almost certainly wrong. TODO: - Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is optional: User is - the rados user name, default is admin - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string required: - monitors type: object cinder: - description: 'cinder represents a cinder volume - attached and mounted on kubelets host machine. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' properties: fsType: - description: 'fsType is the filesystem type - to mount. Must be a filesystem type supported - by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred - to be "ext4" if unspecified. More info: - https://examples.k8s.io/mysql-cinder-pd/README.md' type: string readOnly: - description: 'readOnly defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: boolean secretRef: - description: 'secretRef is optional: points - to a secret object containing parameters - used to connect to OpenStack.' properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value here - are almost certainly wrong. TODO: - Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic volumeID: - description: 'volumeID used to identify - the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string required: - volumeID type: object configMap: - description: configMap represents a configMap - that should populate this volume properties: defaultMode: - description: 'defaultMode is optional: mode - bits used to set permissions on created - files by default. Must be an octal value - between 0000 and 0777 or a decimal value - between 0 and 511. YAML accepts both octal - and decimal values, JSON requires decimal - values for mode bits. Defaults to 0644. - Directories within the path are not affected - by this setting. This might be in conflict - with other options that affect the file - mode, like fsGroup, and the result can - be other mode bits set.' format: int32 type: integer items: - description: items if unspecified, each - key-value pair in the Data field of the - referenced ConfigMap will be projected - into the volume as a file whose name is - the key and content is the value. If specified, - the listed keys will be projected into - the specified paths, and unlisted keys - will not be present. If a key is specified - which is not present in the ConfigMap, - the volume setup will error unless it - is marked optional. Paths must be relative - and may not contain the '..' path or start - with '..'. items: - description: Maps a string key to a path - within a volume. properties: key: - description: key is the key to project. type: string mode: - description: 'mode is Optional: mode - bits used to set permissions on - this file. Must be an octal value - between 0000 and 0777 or a decimal - value between 0 and 511. YAML accepts - both octal and decimal values, JSON - requires decimal values for mode - bits. If not specified, the volume - defaultMode will be used. This might - be in conflict with other options - that affect the file mode, like - fsGroup, and the result can be other - mode bits set.' format: int32 type: integer path: - description: path is the relative - path of the file to map the key - to. May not be an absolute path. - May not contain the path element - '..'. May not start with the string - '..'. type: string required: - key @@ -10041,181 +3492,67 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of the referent. This - field is effectively required, but due - to backwards compatibility is allowed - to be empty. Instances of this type with - an empty value here are almost certainly - wrong. TODO: Add other useful fields. - apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional specify whether the - ConfigMap or its keys must be defined type: boolean type: object x-kubernetes-map-type: atomic csi: - description: csi (Container Storage Interface) - represents ephemeral storage that is handled - by certain external CSI drivers (Beta feature). properties: driver: - description: driver is the name of the CSI - driver that handles this volume. Consult - with your admin for the correct name as - registered in the cluster. type: string fsType: - description: fsType to mount. Ex. "ext4", - "xfs", "ntfs". If not provided, the empty - value is passed to the associated CSI - driver which will determine the default - filesystem to apply. type: string nodePublishSecretRef: - description: nodePublishSecretRef is a reference - to the secret object containing sensitive - information to pass to the CSI driver - to complete the CSI NodePublishVolume - and NodeUnpublishVolume calls. This field - is optional, and may be empty if no secret - is required. If the secret object contains - more than one secret, all secret references - are passed. properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value here - are almost certainly wrong. TODO: - Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic readOnly: - description: readOnly specifies a read-only - configuration for the volume. Defaults - to false (read/write). type: boolean volumeAttributes: additionalProperties: type: string - description: volumeAttributes stores driver-specific - properties that are passed to the CSI - driver. Consult your driver's documentation - for supported values. type: object required: - driver type: object downwardAPI: - description: downwardAPI represents downward - API about the pod that should populate this - volume properties: defaultMode: - description: 'Optional: mode bits to use - on created files by default. Must be a - Optional: mode bits used to set permissions - on created files by default. Must be an - octal value between 0000 and 0777 or a - decimal value between 0 and 511. YAML - accepts both octal and decimal values, - JSON requires decimal values for mode - bits. Defaults to 0644. Directories within - the path are not affected by this setting. - This might be in conflict with other options - that affect the file mode, like fsGroup, - and the result can be other mode bits - set.' format: int32 type: integer items: - description: Items is a list of downward - API volume file items: - description: DownwardAPIVolumeFile represents - information to create the file containing - the pod field properties: fieldRef: - description: 'Required: Selects a - field of the pod: only annotations, - labels, name, namespace and uid - are supported.' properties: apiVersion: - description: Version of the schema - the FieldPath is written in - terms of, defaults to "v1". type: string fieldPath: - description: Path of the field - to select in the specified API - version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: mode bits - used to set permissions on this - file, must be an octal value between - 0000 and 0777 or a decimal value - between 0 and 511. YAML accepts - both octal and decimal values, JSON - requires decimal values for mode - bits. If not specified, the volume - defaultMode will be used. This might - be in conflict with other options - that affect the file mode, like - fsGroup, and the result can be other - mode bits set.' format: int32 type: integer path: - description: 'Required: Path is the - relative path name of the file to - be created. Must not be absolute - or contain the ''..'' path. Must - be utf-8 encoded. The first item - of the relative path must not start - with ''..''' type: string resourceFieldRef: - description: 'Selects a resource of - the container: only resources limits - and requests (limits.cpu, limits.memory, - requests.cpu and requests.memory) - are currently supported.' properties: containerName: - description: 'Container name: - required for volumes, optional - for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output - format of the exposed resources, - defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource - to select' type: string required: - resource @@ -10228,229 +3565,50 @@ spec: x-kubernetes-list-type: atomic type: object emptyDir: - description: 'emptyDir represents a temporary - directory that shares a pod''s lifetime. More - info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' properties: medium: - description: 'medium represents what type - of storage medium should back this directory. - The default is "" which means to use the - node''s default medium. Must be an empty - string (default) or Memory. More info: - https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: anyOf: - type: integer - type: string - description: 'sizeLimit is the total amount - of local storage required for this EmptyDir - volume. The size limit is also applicable - for memory medium. The maximum usage on - memory medium EmptyDir would be the minimum - value between the SizeLimit specified - here and the sum of memory limits of all - containers in a pod. The default is nil - which means that the limit is undefined. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object ephemeral: - description: "ephemeral represents a volume - that is handled by a cluster storage driver. - The volume's lifecycle is tied to the pod - that defines it - it will be created before - the pod starts, and deleted when the pod is - removed. \n Use this if: a) the volume is - only needed while the pod runs, b) features - of normal volumes like restoring from snapshot - or capacity tracking are needed, c) the storage - driver is specified through a storage class, - and d) the storage driver supports dynamic - volume provisioning through a PersistentVolumeClaim - (see EphemeralVolumeSource for more information - on the connection between this volume type - and PersistentVolumeClaim). \n Use PersistentVolumeClaim - or one of the vendor-specific APIs for volumes - that persist for longer than the lifecycle - of an individual pod. \n Use CSI for light-weight - local ephemeral volumes if the CSI driver - is meant to be used that way - see the documentation - of the driver for more information. \n A pod - can use both types of ephemeral volumes and - persistent volumes at the same time." properties: volumeClaimTemplate: - description: "Will be used to create a stand-alone - PVC to provision the volume. The pod in - which this EphemeralVolumeSource is embedded - will be the owner of the PVC, i.e. the - PVC will be deleted together with the - pod. The name of the PVC will be `-` where `` - is the name from the `PodSpec.Volumes` - array entry. Pod validation will reject - the pod if the concatenated name is not - valid for a PVC (for example, too long). - \n An existing PVC with that name that - is not owned by the pod will *not* be - used for the pod to avoid using an unrelated - volume by mistake. Starting the pod is - then blocked until the unrelated PVC is - removed. If such a pre-created PVC is - meant to be used by the pod, the PVC has - to updated with an owner reference to - the pod once the pod exists. Normally - this should not be necessary, but it may - be useful when manually reconstructing - a broken cluster. \n This field is read-only - and no changes will be made by Kubernetes - to the PVC after it has been created. - \n Required, must not be nil." properties: metadata: - description: May contain labels and - annotations that will be copied into - the PVC when creating it. No other - fields are allowed and will be rejected - during validation. properties: annotations: additionalProperties: type: string - description: 'Annotations is an - unstructured key value map stored - with a resource that may be set - by external tools to store and - retrieve arbitrary metadata. They - are not queryable and should be - preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations' type: object generateName: - description: "GenerateName is an - optional prefix, used by the server, - to generate a unique name ONLY - IF the Name field has not been - provided. If this field is used, - the name returned to the client - will be different than the name - passed. This value will also be - combined with a unique suffix. - The provided value has the same - validation rules as the Name field, - and may be truncated by the length - of the suffix required to make - the value unique on the server. - \n If this field is specified - and the generated name exists, - the server will NOT return a 409 - - instead, it will either return - 201 Created or 500 with Reason - ServerTimeout indicating a unique - name could not be found in the - time allotted, and the client - should retry (optionally after - the time indicated in the Retry-After - header). \n Applied only if Name - is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" type: string labels: additionalProperties: type: string - description: 'Map of string keys - and values that can be used to - organize and categorize (scope - and select) objects. May match - selectors of replication controllers - and services. More info: http://kubernetes.io/docs/user-guide/labels' type: object name: - description: 'Name must be unique - within a namespace. Is required - when creating resources, although - some resources may allow a client - to request the generation of an - appropriate name automatically. - Name is primarily intended for - creation idempotence and configuration - definition. Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' type: string namespace: - description: "Namespace defines - the space within each name must - be unique. An empty namespace - is equivalent to the \"default\" - namespace, but \"default\" is - the canonical representation. - Not all objects are required to - be scoped to a namespace - the - value of this field for those - objects will be empty. \n Must - be a DNS_LABEL. Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/namespaces" type: string ownerReferences: - description: List of objects depended - by this object. If ALL objects - in the list have been deleted, - this object will be garbage collected. - If this object is managed by a - controller, then an entry in this - list will point to this controller, - with the controller field set - to true. There cannot be more - than one managing controller. items: - description: OwnerReference contains - enough information to let you - identify an owning object. An - owning object must be in the - same namespace as the dependent, - or be cluster-scoped, so there - is no namespace field. properties: apiVersion: - description: API version of - the referent. type: string blockOwnerDeletion: - description: If true, AND - if the owner has the "foregroundDeletion" - finalizer, then the owner - cannot be deleted from the - key-value store until this - reference is removed. See - https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion - for how the garbage collector - interacts with this field - and enforces the foreground - deletion. Defaults to false. - To set this field, a user - needs "delete" permission - of the owner, otherwise - 422 (Unprocessable Entity) - will be returned. type: boolean controller: - description: If true, this - reference points to the - managing controller. type: boolean kind: - description: 'Kind of the - referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: - description: 'UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -10462,57 +3620,19 @@ spec: type: array type: object spec: - description: The specification for the - PersistentVolumeClaim. The entire - content is copied unchanged into the - PVC that gets created from this template. - The same fields as in a PersistentVolumeClaim - are also valid here. properties: accessModes: - description: 'accessModes contains - the desired access modes the volume - should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array x-kubernetes-list-type: atomic dataSource: - description: 'dataSource field can - be used to specify either: * An - existing VolumeSnapshot object - (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an external - controller can support the specified - data source, it will create a - new volume based on the contents - of the specified data source. - When the AnyVolumeDataSource feature - gate is enabled, dataSource contents - will be copied to dataSourceRef, - and dataSourceRef contents will - be copied to dataSource when dataSourceRef.namespace - is not specified. If the namespace - is specified, then dataSourceRef - will not be copied to dataSource.' properties: apiGroup: - description: APIGroup is the - group for the resource being - referenced. If APIGroup is - not specified, the specified - Kind must be in the core API - group. For any other third-party - types, APIGroup is required. type: string kind: - description: Kind is the type - of resource being referenced type: string name: - description: Name is the name - of resource being referenced type: string required: - kind @@ -10520,98 +3640,20 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef specifies - the object from which to populate - the volume with data, if a non-empty - volume is desired. This may be - any object from a non-empty API - group (non core object) or a PersistentVolumeClaim - object. When this field is specified, - volume binding will only succeed - if the type of the specified object - matches some installed volume - populator or dynamic provisioner. - This field will replace the functionality - of the dataSource field and as - such if both fields are non-empty, - they must have the same value. - For backwards compatibility, when - namespace isn''t specified in - dataSourceRef, both fields (dataSource - and dataSourceRef) will be set - to the same value automatically - if one of them is empty and the - other is non-empty. When namespace - is specified in dataSourceRef, - dataSource isn''t set to the same - value and must be empty. There - are three important differences - between dataSource and dataSourceRef: - * While dataSource only allows - two specific types of objects, - dataSourceRef allows any non-core - object, as well as PersistentVolumeClaim - objects. * While dataSource ignores - disallowed values (dropping them), - dataSourceRef preserves all values, - and generates an error if a disallowed - value is specified. * While dataSource - only allows local objects, dataSourceRef - allows objects in any namespaces. - (Beta) Using this field requires - the AnyVolumeDataSource feature - gate to be enabled. (Alpha) Using - the namespace field of dataSourceRef - requires the CrossNamespaceVolumeDataSource - feature gate to be enabled.' properties: apiGroup: - description: APIGroup is the - group for the resource being - referenced. If APIGroup is - not specified, the specified - Kind must be in the core API - group. For any other third-party - types, APIGroup is required. type: string kind: - description: Kind is the type - of resource being referenced type: string name: - description: Name is the name - of resource being referenced type: string namespace: - description: Namespace is the - namespace of resource being - referenced Note that when - a namespace is specified, - a gateway.networking.k8s.io/ReferenceGrant - object is required in the - referent namespace to allow - that namespace's owner to - accept the reference. See - the ReferenceGrant documentation - for details. (Alpha) This - field requires the CrossNamespaceVolumeDataSource - feature gate to be enabled. type: string required: - kind - name type: object resources: - description: 'resources represents - the minimum resources the volume - should have. If RecoverVolumeExpansionFailure - feature is enabled users are allowed - to specify resource requirements - that are lower than previous value - but must still be higher than - capacity recorded in the status - field of the claim. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: @@ -10620,10 +3662,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes - the maximum amount of compute - resources allowed. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -10632,59 +3670,18 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes - the minimum amount of compute - resources required. If Requests - is omitted for a container, - it defaults to Limits if that - is explicitly specified, otherwise - to an implementation-defined - value. Requests cannot exceed - Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: - description: selector is a label - query over volumes to consider - for binding. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, a - key, and an operator that - relates the key and values. properties: key: - description: key is the - label key that the selector - applies to. type: string operator: - description: operator - represents a key's relationship - to a set of values. - Valid operators are - In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is - an array of string values. - If the operator is In - or NotIn, the values - array must be non-empty. - If the operator is Exists - or DoesNotExist, the - values array must be - empty. This array is - replaced during a strategic - merge patch. items: type: string type: array @@ -10698,64 +3695,16 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in the - matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName is - the name of the StorageClass required - by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeAttributesClassName: - description: 'volumeAttributesClassName - may be used to set the VolumeAttributesClass - used by this claim. If specified, - the CSI driver will create or - update the volume with the attributes - defined in the corresponding VolumeAttributesClass. - This has a different purpose than - storageClassName, it can be changed - after the claim is created. An - empty string value means that - no VolumeAttributesClass will - be applied to the claim but it''s - not allowed to reset this field - to empty string once it is set. - If unspecified and the PersistentVolumeClaim - is unbound, the default VolumeAttributesClass - will be set by the persistentvolume - controller if it exists. If the - resource referred to by volumeAttributesClass - does not exist, this PersistentVolumeClaim - will be set to a Pending state, - as reflected by the modifyVolumeStatus - field, until such as a resource - exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires - the VolumeAttributesClass feature - gate to be enabled.' type: string volumeMode: - description: volumeMode defines - what type of volume is required - by the claim. Value of Filesystem - is implied when not included in - claim spec. type: string volumeName: - description: volumeName is the binding - reference to the PersistentVolume - backing this claim. type: string type: object required: @@ -10763,94 +3712,41 @@ spec: type: object type: object fc: - description: fc represents a Fibre Channel resource - that is attached to a kubelet's host machine - and then exposed to the pod. properties: fsType: - description: 'fsType is the filesystem type - to mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to - be "ext4" if unspecified. TODO: how do - we prevent errors in the filesystem from - compromising the machine' type: string lun: - description: 'lun is Optional: FC target - lun number' format: int32 type: integer readOnly: - description: 'readOnly is Optional: Defaults - to false (read/write). ReadOnly here will - force the ReadOnly setting in VolumeMounts.' type: boolean targetWWNs: - description: 'targetWWNs is Optional: FC - target worldwide names (WWNs)' items: type: string type: array x-kubernetes-list-type: atomic wwids: - description: 'wwids Optional: FC volume - world wide identifiers (wwids) Either - wwids or combination of targetWWNs and - lun must be set, but not both simultaneously.' items: type: string type: array x-kubernetes-list-type: atomic type: object flexVolume: - description: flexVolume represents a generic - volume resource that is provisioned/attached - using an exec based plugin. properties: driver: - description: driver is the name of the driver - to use for this volume. type: string fsType: - description: fsType is the filesystem type - to mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". The default filesystem - depends on FlexVolume script. type: string options: additionalProperties: type: string - description: 'options is Optional: this - field holds extra command options if any.' type: object readOnly: - description: 'readOnly is Optional: defaults - to false (read/write). ReadOnly here will - force the ReadOnly setting in VolumeMounts.' type: boolean secretRef: - description: 'secretRef is Optional: secretRef - is reference to the secret object containing - sensitive information to pass to the plugin - scripts. This may be empty if no secret - object is specified. If the secret object - contains more than one secret, all secrets - are passed to the plugin scripts.' properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value here - are almost certainly wrong. TODO: - Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic @@ -10858,197 +3754,79 @@ spec: - driver type: object flocker: - description: flocker represents a Flocker volume - attached to a kubelet's host machine. This - depends on the Flocker control service being - running properties: datasetName: - description: datasetName is Name of the - dataset stored as metadata -> name on - the dataset for Flocker should be considered - as deprecated type: string datasetUUID: - description: datasetUUID is the UUID of - the dataset. This is unique identifier - of a Flocker dataset type: string type: object gcePersistentDisk: - description: 'gcePersistentDisk represents a - GCE Disk resource that is attached to a kubelet''s - host machine and then exposed to the pod. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' properties: fsType: - description: 'fsType is filesystem type - of the volume that you want to mount. - Tip: Ensure that the filesystem type is - supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the - filesystem from compromising the machine' type: string partition: - description: 'partition is the partition - in the volume that you want to mount. - If omitted, the default is to mount by - volume name. Examples: For volume /dev/sda1, - you specify the partition as "1". Similarly, - the volume partition for /dev/sda is "0" - (or you can leave the property empty). - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' format: int32 type: integer pdName: - description: 'pdName is unique name of the - PD resource in GCE. Used to identify the - disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: string readOnly: - description: 'readOnly here will force the - ReadOnly setting in VolumeMounts. Defaults - to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: boolean required: - pdName type: object glusterfs: - description: 'glusterfs represents a Glusterfs - mount on the host that shares a pod''s lifetime. - More info: https://examples.k8s.io/volumes/glusterfs/README.md' properties: endpoints: - description: 'endpoints is the endpoint - name that details Glusterfs topology. - More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string path: - description: 'path is the Glusterfs volume - path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string readOnly: - description: 'readOnly here will force the - Glusterfs volume to be mounted with read-only - permissions. Defaults to false. More info: - https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: boolean required: - endpoints - path type: object hostPath: - description: 'hostPath represents a pre-existing - file or directory on the host machine that - is directly exposed to the container. This - is generally used for system agents or other - privileged things that are allowed to see - the host machine. Most containers will NOT - need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict who - can use host directory mounts and who can/can - not mount host directories as read/write.' properties: path: - description: 'path of the directory on the - host. If the path is a symlink, it will - follow the link to the real path. More - info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string type: - description: 'type for HostPath Volume Defaults - to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string required: - path type: object iscsi: - description: 'iscsi represents an ISCSI Disk - resource that is attached to a kubelet''s - host machine and then exposed to the pod. - More info: https://examples.k8s.io/volumes/iscsi/README.md' properties: chapAuthDiscovery: - description: chapAuthDiscovery defines whether - support iSCSI Discovery CHAP authentication type: boolean chapAuthSession: - description: chapAuthSession defines whether - support iSCSI Session CHAP authentication type: boolean fsType: - description: 'fsType is the filesystem type - of the volume that you want to mount. - Tip: Ensure that the filesystem type is - supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the - filesystem from compromising the machine' type: string initiatorName: - description: initiatorName is the custom - iSCSI Initiator Name. If initiatorName - is specified with iscsiInterface simultaneously, - new iSCSI interface : will be created for the connection. type: string iqn: - description: iqn is the target iSCSI Qualified - Name. type: string iscsiInterface: - description: iscsiInterface is the interface - Name that uses an iSCSI transport. Defaults - to 'default' (tcp). type: string lun: - description: lun represents iSCSI Target - Lun number. format: int32 type: integer portals: - description: portals is the iSCSI Target - Portal List. The portal is either an IP - or ip_addr:port if the port is other than - default (typically TCP ports 860 and 3260). items: type: string type: array x-kubernetes-list-type: atomic readOnly: - description: readOnly here will force the - ReadOnly setting in VolumeMounts. Defaults - to false. type: boolean secretRef: - description: secretRef is the CHAP Secret - for iSCSI target and initiator authentication properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value here - are almost certainly wrong. TODO: - Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic targetPortal: - description: targetPortal is iSCSI Target - Portal. The Portal is either an IP or - ip_addr:port if the port is other than - default (typically TCP ports 860 and 3260). type: string required: - iqn @@ -11056,194 +3834,68 @@ spec: - targetPortal type: object name: - description: 'name of the volume. Must be a - DNS_LABEL and unique within the pod. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string nfs: - description: 'nfs represents an NFS mount on - the host that shares a pod''s lifetime More - info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' properties: path: - description: 'path that is exported by the - NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string readOnly: - description: 'readOnly here will force the - NFS export to be mounted with read-only - permissions. Defaults to false. More info: - https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: boolean server: - description: 'server is the hostname or - IP address of the NFS server. More info: - https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string required: - path - server type: object persistentVolumeClaim: - description: 'persistentVolumeClaimVolumeSource - represents a reference to a PersistentVolumeClaim - in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: claimName: - description: 'claimName is the name of a - PersistentVolumeClaim in the same namespace - as the pod using this volume. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' type: string readOnly: - description: readOnly Will force the ReadOnly - setting in VolumeMounts. Default false. type: boolean required: - claimName type: object photonPersistentDisk: - description: photonPersistentDisk represents - a PhotonController persistent disk attached - and mounted on kubelets host machine properties: fsType: - description: fsType is the filesystem type - to mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to - be "ext4" if unspecified. type: string pdID: - description: pdID is the ID that identifies - Photon Controller persistent disk type: string required: - pdID type: object portworxVolume: - description: portworxVolume represents a portworx - volume attached and mounted on kubelets host - machine properties: fsType: - description: fSType represents the filesystem - type to mount Must be a filesystem type - supported by the host operating system. - Ex. "ext4", "xfs". Implicitly inferred - to be "ext4" if unspecified. type: string readOnly: - description: readOnly defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. type: boolean volumeID: - description: volumeID uniquely identifies - a Portworx volume type: string required: - volumeID type: object projected: - description: projected items for all in one - resources secrets, configmaps, and downward - API properties: defaultMode: - description: defaultMode are the mode bits - used to set permissions on created files - by default. Must be an octal value between - 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and - decimal values, JSON requires decimal - values for mode bits. Directories within - the path are not affected by this setting. - This might be in conflict with other options - that affect the file mode, like fsGroup, - and the result can be other mode bits - set. format: int32 type: integer sources: - description: sources is the list of volume - projections items: - description: Projection that may be projected - along with other supported volume types properties: clusterTrustBundle: - description: "ClusterTrustBundle allows - a pod to access the `.spec.trustBundle` - field of ClusterTrustBundle objects - in an auto-updating file. \n Alpha, - gated by the ClusterTrustBundleProjection - feature gate. \n ClusterTrustBundle - objects can either be selected by - name, or by the combination of signer - name and a label selector. \n Kubelet - performs aggressive normalization - of the PEM contents written into - the pod filesystem. Esoteric PEM - features such as inter-block comments - and block headers are stripped. - \ Certificates are deduplicated. - The ordering of certificates within - the file is arbitrary, and Kubelet - may change the order over time." properties: labelSelector: - description: Select all ClusterTrustBundles - that match this label selector. Only - has effect if signerName is - set. Mutually-exclusive with - name. If unset, interpreted - as "match nothing". If set - but empty, interpreted as "match - everything". properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key and - values. properties: key: - description: key is - the label key that - the selector applies - to. type: string operator: - description: operator - represents a key's - relationship to a - set of values. Valid - operators are In, - NotIn, Exists and - DoesNotExist. type: string values: - description: values - is an array of string - values. If the operator - is In or NotIn, the - values array must - be non-empty. If the - operator is Exists - or DoesNotExist, the - values array must - be empty. This array - is replaced during - a strategic merge - patch. items: type: string type: array @@ -11257,110 +3909,31 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in - the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic name: - description: Select a single ClusterTrustBundle - by object name. Mutually-exclusive - with signerName and labelSelector. type: string optional: - description: If true, don't block - pod startup if the referenced - ClusterTrustBundle(s) aren't - available. If using name, then - the named ClusterTrustBundle - is allowed not to exist. If - using signerName, then the combination - of signerName and labelSelector - is allowed to match zero ClusterTrustBundles. type: boolean path: - description: Relative path from - the volume root to write the - bundle. type: string signerName: - description: Select all ClusterTrustBundles - that match this signer name. - Mutually-exclusive with name. The - contents of all selected ClusterTrustBundles - will be unified and deduplicated. type: string required: - path type: object configMap: - description: configMap information - about the configMap data to project properties: items: - description: items if unspecified, - each key-value pair in the Data - field of the referenced ConfigMap - will be projected into the volume - as a file whose name is the - key and content is the value. - If specified, the listed keys - will be projected into the specified - paths, and unlisted keys will - not be present. If a key is - specified which is not present - in the ConfigMap, the volume - setup will error unless it is - marked optional. Paths must - be relative and may not contain - the '..' path or start with - '..'. items: - description: Maps a string key - to a path within a volume. properties: key: - description: key is the - key to project. type: string mode: - description: 'mode is Optional: - mode bits used to set - permissions on this file. - Must be an octal value - between 0000 and 0777 - or a decimal value between - 0 and 511. YAML accepts - both octal and decimal - values, JSON requires - decimal values for mode - bits. If not specified, - the volume defaultMode - will be used. This might - be in conflict with other - options that affect the - file mode, like fsGroup, - and the result can be - other mode bits set.' format: int32 type: integer path: - description: path is the - relative path of the file - to map the key to. May - not be an absolute path. - May not contain the path - element '..'. May not - start with the string - '..'. type: string required: - key @@ -11370,124 +3943,42 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional specify - whether the ConfigMap or its - keys must be defined type: boolean type: object x-kubernetes-map-type: atomic downwardAPI: - description: downwardAPI information - about the downwardAPI data to project properties: items: - description: Items is a list of - DownwardAPIVolume file items: - description: DownwardAPIVolumeFile - represents information to - create the file containing - the pod field properties: fieldRef: - description: 'Required: - Selects a field of the - pod: only annotations, - labels, name, namespace - and uid are supported.' properties: apiVersion: - description: Version - of the schema the - FieldPath is written - in terms of, defaults - to "v1". type: string fieldPath: - description: Path of - the field to select - in the specified API - version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: - mode bits used to set - permissions on this file, - must be an octal value - between 0000 and 0777 - or a decimal value between - 0 and 511. YAML accepts - both octal and decimal - values, JSON requires - decimal values for mode - bits. If not specified, - the volume defaultMode - will be used. This might - be in conflict with other - options that affect the - file mode, like fsGroup, - and the result can be - other mode bits set.' format: int32 type: integer path: - description: 'Required: - Path is the relative - path name of the file - to be created. Must not - be absolute or contain - the ''..'' path. Must - be utf-8 encoded. The - first item of the relative - path must not start with - ''..''' type: string resourceFieldRef: - description: 'Selects a - resource of the container: - only resources limits - and requests (limits.cpu, - limits.memory, requests.cpu - and requests.memory) are - currently supported.' properties: containerName: - description: 'Container - name: required for - volumes, optional - for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies - the output format - of the exposed resources, - defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: - resource to select' type: string required: - resource @@ -11500,64 +3991,16 @@ spec: x-kubernetes-list-type: atomic type: object secret: - description: secret information about - the secret data to project properties: items: - description: items if unspecified, - each key-value pair in the Data - field of the referenced Secret - will be projected into the volume - as a file whose name is the - key and content is the value. - If specified, the listed keys - will be projected into the specified - paths, and unlisted keys will - not be present. If a key is - specified which is not present - in the Secret, the volume setup - will error unless it is marked - optional. Paths must be relative - and may not contain the '..' - path or start with '..'. items: - description: Maps a string key - to a path within a volume. properties: key: - description: key is the - key to project. type: string mode: - description: 'mode is Optional: - mode bits used to set - permissions on this file. - Must be an octal value - between 0000 and 0777 - or a decimal value between - 0 and 511. YAML accepts - both octal and decimal - values, JSON requires - decimal values for mode - bits. If not specified, - the volume defaultMode - will be used. This might - be in conflict with other - options that affect the - file mode, like fsGroup, - and the result can be - other mode bits set.' format: int32 type: integer path: - description: path is the - relative path of the file - to map the key to. May - not be an absolute path. - May not contain the path - element '..'. May not - start with the string - '..'. type: string required: - key @@ -11567,63 +4010,19 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional field specify - whether the Secret or its key - must be defined type: boolean type: object x-kubernetes-map-type: atomic serviceAccountToken: - description: serviceAccountToken is - information about the serviceAccountToken - data to project properties: audience: - description: audience is the intended - audience of the token. A recipient - of a token must identify itself - with an identifier specified - in the audience of the token, - and otherwise should reject - the token. The audience defaults - to the identifier of the apiserver. type: string expirationSeconds: - description: expirationSeconds - is the requested duration of - validity of the service account - token. As the token approaches - expiration, the kubelet volume - plugin will proactively rotate - the service account token. The - kubelet will start trying to - rotate the token if the token - is older than 80 percent of - its time to live or if the token - is older than 24 hours.Defaults - to 1 hour and must be at least - 10 minutes. format: int64 type: integer path: - description: path is the path - relative to the mount point - of the file to project the token - into. type: string required: - path @@ -11633,183 +4032,79 @@ spec: x-kubernetes-list-type: atomic type: object quobyte: - description: quobyte represents a Quobyte mount - on the host that shares a pod's lifetime properties: group: - description: group to map volume access - to Default is no group type: string readOnly: - description: readOnly here will force the - Quobyte volume to be mounted with read-only - permissions. Defaults to false. type: boolean registry: - description: registry represents a single - or multiple Quobyte Registry services - specified as a string as host:port pair - (multiple entries are separated with commas) - which acts as the central registry for - volumes type: string tenant: - description: tenant owning the given Quobyte - volume in the Backend Used with dynamically - provisioned Quobyte volumes, value is - set by the plugin type: string user: - description: user to map volume access to - Defaults to serivceaccount user type: string volume: - description: volume is a string that references - an already created Quobyte volume by name. type: string required: - registry - volume type: object rbd: - description: 'rbd represents a Rados Block Device - mount on the host that shares a pod''s lifetime. - More info: https://examples.k8s.io/volumes/rbd/README.md' properties: fsType: - description: 'fsType is the filesystem type - of the volume that you want to mount. - Tip: Ensure that the filesystem type is - supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the - filesystem from compromising the machine' type: string image: - description: 'image is the rados image name. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string keyring: - description: 'keyring is the path to key - ring for RBDUser. Default is /etc/ceph/keyring. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string monitors: - description: 'monitors is a collection of - Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' items: type: string type: array x-kubernetes-list-type: atomic pool: - description: 'pool is the rados pool name. - Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string readOnly: - description: 'readOnly here will force the - ReadOnly setting in VolumeMounts. Defaults - to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: boolean secretRef: - description: 'secretRef is name of the authentication - secret for RBDUser. If provided overrides - keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value here - are almost certainly wrong. TODO: - Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is the rados user name. - Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string required: - image - monitors type: object scaleIO: - description: scaleIO represents a ScaleIO persistent - volume attached and mounted on Kubernetes - nodes. properties: fsType: - description: fsType is the filesystem type - to mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Default is "xfs". type: string gateway: - description: gateway is the host address - of the ScaleIO API Gateway. type: string protectionDomain: - description: protectionDomain is the name - of the ScaleIO Protection Domain for the - configured storage. type: string readOnly: - description: readOnly Defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: secretRef references to the - secret for ScaleIO user and other sensitive - information. If this is not provided, - Login operation will fail. properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value here - are almost certainly wrong. TODO: - Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic sslEnabled: - description: sslEnabled Flag enable/disable - SSL communication with Gateway, default - false type: boolean storageMode: - description: storageMode indicates whether - the storage for a volume should be ThickProvisioned - or ThinProvisioned. Default is ThinProvisioned. type: string storagePool: - description: storagePool is the ScaleIO - Storage Pool associated with the protection - domain. type: string system: - description: system is the name of the storage - system as configured in ScaleIO. type: string volumeName: - description: volumeName is the name of a - volume already created in the ScaleIO - system that is associated with this volume - source. type: string required: - gateway @@ -11817,68 +4112,19 @@ spec: - system type: object secret: - description: 'secret represents a secret that - should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' properties: defaultMode: - description: 'defaultMode is Optional: mode - bits used to set permissions on created - files by default. Must be an octal value - between 0000 and 0777 or a decimal value - between 0 and 511. YAML accepts both octal - and decimal values, JSON requires decimal - values for mode bits. Defaults to 0644. - Directories within the path are not affected - by this setting. This might be in conflict - with other options that affect the file - mode, like fsGroup, and the result can - be other mode bits set.' format: int32 type: integer items: - description: items If unspecified, each - key-value pair in the Data field of the - referenced Secret will be projected into - the volume as a file whose name is the - key and content is the value. If specified, - the listed keys will be projected into - the specified paths, and unlisted keys - will not be present. If a key is specified - which is not present in the Secret, the - volume setup will error unless it is marked - optional. Paths must be relative and may - not contain the '..' path or start with - '..'. items: - description: Maps a string key to a path - within a volume. properties: key: - description: key is the key to project. type: string mode: - description: 'mode is Optional: mode - bits used to set permissions on - this file. Must be an octal value - between 0000 and 0777 or a decimal - value between 0 and 511. YAML accepts - both octal and decimal values, JSON - requires decimal values for mode - bits. If not specified, the volume - defaultMode will be used. This might - be in conflict with other options - that affect the file mode, like - fsGroup, and the result can be other - mode bits set.' format: int32 type: integer path: - description: path is the relative - path of the file to map the key - to. May not be an absolute path. - May not contain the path element - '..'. May not start with the string - '..'. type: string required: - key @@ -11887,97 +4133,37 @@ spec: type: array x-kubernetes-list-type: atomic optional: - description: optional field specify whether - the Secret or its keys must be defined type: boolean secretName: - description: 'secretName is the name of - the secret in the pod''s namespace to - use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' type: string type: object storageos: - description: storageOS represents a StorageOS - volume attached and mounted on Kubernetes - nodes. properties: fsType: - description: fsType is the filesystem type - to mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to - be "ext4" if unspecified. type: string readOnly: - description: readOnly defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: secretRef specifies the secret - to use for obtaining the StorageOS API - credentials. If not specified, default - values will be attempted. properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value here - are almost certainly wrong. TODO: - Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic volumeName: - description: volumeName is the human-readable - name of the StorageOS volume. Volume - names are only unique within a namespace. type: string volumeNamespace: - description: volumeNamespace specifies the - scope of the volume within StorageOS. If - no namespace is specified then the Pod's - namespace will be used. This allows the - Kubernetes name scoping to be mirrored - within StorageOS for tighter integration. - Set VolumeName to any name to override - the default behaviour. Set to "default" - if you are not using namespaces within - StorageOS. Namespaces that do not pre-exist - within StorageOS will be created. type: string type: object vsphereVolume: - description: vsphereVolume represents a vSphere - volume attached and mounted on kubelets host - machine properties: fsType: - description: fsType is filesystem type to - mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to - be "ext4" if unspecified. type: string storagePolicyID: - description: storagePolicyID is the storage - Policy Based Management (SPBM) profile - ID associated with the StoragePolicyName. type: string storagePolicyName: - description: storagePolicyName is the storage - Policy Based Management (SPBM) profile - name. type: string volumePath: - description: volumePath is the path that - identifies vSphere volume vmdk type: string required: - volumePath @@ -11990,252 +4176,85 @@ spec: type: array type: object name: - description: Name specifies the name of the session type: string retryConfig: - description: RetryConfig specifies the behavior of retry in - case of a backup failure. properties: delay: - description: 'The amount of time to wait before next retry. - If you don''t specify this field, KubeStash will retry - immediately. Format: 30s, 2m, 1h etc.' type: string maxRetry: default: 1 - description: MaxRetry specifies the maximum number of times - KubeStash should retry the backup/restore process. By - default, KubeStash will retry only 1 time. format: int32 minimum: 1 type: integer type: object scheduler: - description: Scheduler specifies the configuration for backup - triggering CronJob properties: concurrencyPolicy: - description: 'Specifies how to treat concurrent executions - of a Job. Valid values are: - "Allow" (default): allows - CronJobs to run concurrently; - "Forbid": forbids concurrent - runs, skipping next run if previous run hasn''t finished - yet; - "Replace": cancels currently running job and replaces - it with a new one' type: string failedJobsHistoryLimit: - description: The number of failed finished jobs to retain. - Value must be non-negative integer. Defaults to 1. format: int32 type: integer jobTemplate: - description: Specifies the job that will be created when - executing a CronJob. properties: activeDeadlineSeconds: - description: Specifies the duration in seconds relative - to the startTime that the job may be continuously - active before the system tries to terminate it; value - must be positive integer. If a Job is suspended (at - creation or through an update), this timer will effectively - be stopped and reset when the Job is resumed again. format: int64 type: integer backoffLimit: - description: Specifies the number of retries before - marking this job failed. Defaults to 6 format: int32 type: integer completionMode: - description: "CompletionMode specifies how Pod completions - are tracked. It can be `NonIndexed` (default) or `Indexed`. - \n `NonIndexed` means that the Job is considered complete - when there have been .spec.completions successfully - completed Pods. Each Pod completion is homologous - to each other. \n `Indexed` means that the Pods of - a Job get an associated completion index from 0 to - (.spec.completions - 1), available in the annotation - batch.kubernetes.io/job-completion-index. The Job - is considered complete when there is one successfully - completed Pod for each index. When value is `Indexed`, - .spec.completions must be specified and `.spec.parallelism` - must be less than or equal to 10^5. \n This field - is alpha-level and is only honored by servers that - enable the IndexedJob feature gate. More completion - modes can be added in the future. If the Job controller - observes a mode that it doesn't recognize, the controller - skips updates for the Job." type: string completions: - description: 'Specifies the desired number of successfully - finished pods the job should be run with. Setting - to nil means that the success of any pod signals the - success of all pods, and allows parallelism to have - any positive value. Setting to 1 means that parallelism - is limited to 1 and the success of that pod signals - the success of the job. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/' format: int32 type: integer parallelism: - description: 'Specifies the maximum desired number of - pods the job should run at any given time. The actual - number of pods running in steady state will be less - than this number when ((.spec.completions - .status.successful) - < .spec.parallelism), i.e. when the work left to do - is less than max parallelism. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/' format: int32 type: integer suspend: - description: Suspend specifies whether the Job controller - should create Pods or not. If a Job is created with - suspend set to true, no Pods are created by the Job - controller. If a Job is suspended after creation (i.e. - the flag goes from false to true), the Job controller - will delete all active Pods associated with this Job. - Users must design their workload to gracefully handle - this. Suspending a Job will reset the StartTime field - of the Job, effectively resetting the ActiveDeadlineSeconds - timer too. This is an alpha field and requires the - SuspendJob feature gate to be enabled; otherwise this - field may not be set to true. Defaults to false. type: boolean template: - description: Describes the pod that will be created - when executing a job. properties: controller: - description: 'Workload controller''s metadata. More - info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' properties: annotations: additionalProperties: type: string - description: 'Annotations is an unstructured - key value map stored with a resource that - may be set by external tools to store and - retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying - objects. More info: http://kubernetes.io/docs/user-guide/annotations' type: object labels: additionalProperties: type: string - description: 'Map of string keys and values - that can be used to organize and categorize - (scope and select) objects. May match selectors - of replication controllers and services. More - info: http://kubernetes.io/docs/user-guide/labels' type: object type: object metadata: - description: 'Standard object''s metadata. More - info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' properties: annotations: additionalProperties: type: string - description: 'Annotations is an unstructured - key value map stored with a resource that - may be set by external tools to store and - retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying - objects. More info: http://kubernetes.io/docs/user-guide/annotations' type: object labels: additionalProperties: type: string - description: 'Map of string keys and values - that can be used to organize and categorize - (scope and select) objects. May match selectors - of replication controllers and services. More - info: http://kubernetes.io/docs/user-guide/labels' type: object type: object spec: - description: 'Specification of the desired behavior - of the pod. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status' properties: affinity: - description: If specified, the pod's scheduling - constraints properties: nodeAffinity: - description: Describes node affinity scheduling - rules for the pod. properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer - to schedule pods to nodes that satisfy - the affinity expressions specified - by this field, but it may choose a - node that violates one or more of - the expressions. The node that is - most preferred is the one with the - greatest sum of weights, i.e. for - each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute - a sum by iterating through the elements - of this field and adding "weight" - to the sum if the node matches the - corresponding matchExpressions; the - node(s) with the highest sum are the - most preferred. items: - description: An empty preferred scheduling - term matches all objects with implicit - weight 0 (i.e. it's a no-op). A - null preferred scheduling term matches - no objects (i.e. is also a no-op). properties: preference: - description: A node selector term, - associated with the corresponding - weight. properties: matchExpressions: - description: A list of node - selector requirements by - node's labels. items: - description: A node selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key and - values. properties: key: - description: The label - key that the selector - applies to. type: string operator: - description: Represents - a key's relationship - to a set of values. - Valid operators are - In, NotIn, Exists, - DoesNotExist. Gt, - and Lt. type: string values: - description: An array - of string values. - If the operator is - In or NotIn, the values - array must be non-empty. - If the operator is - Exists or DoesNotExist, - the values array must - be empty. If the operator - is Gt or Lt, the values - array must have a - single element, which - will be interpreted - as an integer. This - array is replaced - during a strategic - merge patch. items: type: string type: array @@ -12247,49 +4266,13 @@ spec: type: array x-kubernetes-list-type: atomic matchFields: - description: A list of node - selector requirements by - node's fields. items: - description: A node selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key and - values. properties: key: - description: The label - key that the selector - applies to. type: string operator: - description: Represents - a key's relationship - to a set of values. - Valid operators are - In, NotIn, Exists, - DoesNotExist. Gt, - and Lt. type: string values: - description: An array - of string values. - If the operator is - In or NotIn, the values - array must be non-empty. - If the operator is - Exists or DoesNotExist, - the values array must - be empty. If the operator - is Gt or Lt, the values - array must have a - single element, which - will be interpreted - as an integer. This - array is replaced - during a strategic - merge patch. items: type: string type: array @@ -12303,10 +4286,6 @@ spec: type: object x-kubernetes-map-type: atomic weight: - description: Weight associated - with matching the corresponding - nodeSelectorTerm, in the range - 1-100. format: int32 type: integer required: @@ -12316,73 +4295,18 @@ spec: type: array x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements - specified by this field are not met - at scheduling time, the pod will not - be scheduled onto the node. If the - affinity requirements specified by - this field cease to be met at some - point during pod execution (e.g. due - to an update), the system may or may - not try to eventually evict the pod - from its node. properties: nodeSelectorTerms: - description: Required. A list of - node selector terms. The terms - are ORed. items: - description: A null or empty node - selector term matches no objects. - The requirements of them are - ANDed. The TopologySelectorTerm - type implements a subset of - the NodeSelectorTerm. properties: matchExpressions: - description: A list of node - selector requirements by - node's labels. items: - description: A node selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key and - values. properties: key: - description: The label - key that the selector - applies to. type: string operator: - description: Represents - a key's relationship - to a set of values. - Valid operators are - In, NotIn, Exists, - DoesNotExist. Gt, - and Lt. type: string values: - description: An array - of string values. - If the operator is - In or NotIn, the values - array must be non-empty. - If the operator is - Exists or DoesNotExist, - the values array must - be empty. If the operator - is Gt or Lt, the values - array must have a - single element, which - will be interpreted - as an integer. This - array is replaced - during a strategic - merge patch. items: type: string type: array @@ -12394,49 +4318,13 @@ spec: type: array x-kubernetes-list-type: atomic matchFields: - description: A list of node - selector requirements by - node's fields. items: - description: A node selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key and - values. properties: key: - description: The label - key that the selector - applies to. type: string operator: - description: Represents - a key's relationship - to a set of values. - Valid operators are - In, NotIn, Exists, - DoesNotExist. Gt, - and Lt. type: string values: - description: An array - of string values. - If the operator is - In or NotIn, the values - array must be non-empty. - If the operator is - Exists or DoesNotExist, - the values array must - be empty. If the operator - is Gt or Lt, the values - array must have a - single element, which - will be interpreted - as an integer. This - array is replaced - during a strategic - merge patch. items: type: string type: array @@ -12457,91 +4345,22 @@ spec: x-kubernetes-map-type: atomic type: object podAffinity: - description: Describes pod affinity scheduling - rules (e.g. co-locate this pod in the - same node, zone, etc. as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer - to schedule pods to nodes that satisfy - the affinity expressions specified - by this field, but it may choose a - node that violates one or more of - the expressions. The node that is - most preferred is the one with the - greatest sum of weights, i.e. for - each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute - a sum by iterating through the elements - of this field and adding "weight" - to the sum if the node has pods which - matches the corresponding podAffinityTerm; - the node(s) with the highest sum are - the most preferred. items: - description: The weights of all of - the matched WeightedPodAffinityTerm - fields are added per-node to find - the most preferred node(s) properties: podAffinityTerm: - description: Required. A pod affinity - term, associated with the corresponding - weight. properties: labelSelector: - description: A label query - over a set of resources, - in this case pods. If it's - null, this PodAffinityTerm - matches with no Pods. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. properties: key: - description: key - is the label key - that the selector - applies to. type: string operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. items: type: string type: array @@ -12555,141 +4374,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys - is a set of pod label keys - to select which pods will - be taken into consideration. - The keys are used to lookup - values from the incoming - pod labels, those key-value - labels are merged with `labelSelector` - as `key in (value)` to select - the group of existing pods - which pods will be taken - into consideration for the - incoming pod's pod (anti) - affinity. Keys that don't - exist in the incoming pod - labels will be ignored. - The default value is empty. - The same key is forbidden - to exist in both matchLabelKeys - and labelSelector. Also, - matchLabelKeys cannot be - set when labelSelector isn't - set. This is an alpha field - and requires enabling MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys - is a set of pod label keys - to select which pods will - be taken into consideration. - The keys are used to lookup - values from the incoming - pod labels, those key-value - labels are merged with `labelSelector` - as `key notin (value)` to - select the group of existing - pods which pods will be - taken into consideration - for the incoming pod's pod - (anti) affinity. Keys that - don't exist in the incoming - pod labels will be ignored. - The default value is empty. - The same key is forbidden - to exist in both mismatchLabelKeys - and labelSelector. Also, - mismatchLabelKeys cannot - be set when labelSelector - isn't set. This is an alpha - field and requires enabling - MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query - over the set of namespaces - that the term applies to. - The term is applied to the - union of the namespaces - selected by this field and - the ones listed in the namespaces - field. null selector and - null or empty namespaces - list means "this pod's namespace". - An empty selector ({}) matches - all namespaces. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. properties: key: - description: key - is the label key - that the selector - applies to. type: string operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. items: type: string type: array @@ -12703,59 +4410,20 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies - a static list of namespace - names that the term applies - to. The term is applied - to the union of the namespaces - listed in this field and - the ones selected by namespaceSelector. - null or empty namespaces - list and null namespaceSelector - means "this pod's namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: - description: This pod should - be co-located (affinity) - or not co-located (anti-affinity) - with the pods matching the - labelSelector in the specified - namespaces, where co-located - is defined as running on - a node whose value of the - label with key topologyKey - matches that of any node - on which any of the selected - pods is running. Empty topologyKey - is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated - with matching the corresponding - podAffinityTerm, in the range - 1-100. format: int32 type: integer required: @@ -12765,81 +4433,18 @@ spec: type: array x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements - specified by this field are not met - at scheduling time, the pod will not - be scheduled onto the node. If the - affinity requirements specified by - this field cease to be met at some - point during pod execution (e.g. due - to a pod label update), the system - may or may not try to eventually evict - the pod from its node. When there - are multiple elements, the lists of - nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must - be satisfied. items: - description: Defines a set of pods - (namely those matching the labelSelector - relative to the given namespace(s)) - that this pod should be co-located - (affinity) or not co-located (anti-affinity) - with, where co-located is defined - as running on a node whose value - of the label with key - matches that of any node on which - a pod of the set of pods is running properties: labelSelector: - description: A label query over - a set of resources, in this - case pods. If it's null, this - PodAffinityTerm matches with - no Pods. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key and - values. properties: key: - description: key is - the label key that - the selector applies - to. type: string operator: - description: operator - represents a key's - relationship to a - set of values. Valid - operators are In, - NotIn, Exists and - DoesNotExist. type: string values: - description: values - is an array of string - values. If the operator - is In or NotIn, the - values array must - be non-empty. If the - operator is Exists - or DoesNotExist, the - values array must - be empty. This array - is replaced during - a strategic merge - patch. items: type: string type: array @@ -12853,129 +4458,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in - the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is - a set of pod label keys to select - which pods will be taken into - consideration. The keys are - used to lookup values from the - incoming pod labels, those key-value - labels are merged with `labelSelector` - as `key in (value)` to select - the group of existing pods which - pods will be taken into consideration - for the incoming pod's pod (anti) - affinity. Keys that don't exist - in the incoming pod labels will - be ignored. The default value - is empty. The same key is forbidden - to exist in both matchLabelKeys - and labelSelector. Also, matchLabelKeys - cannot be set when labelSelector - isn't set. This is an alpha - field and requires enabling - MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys - is a set of pod label keys to - select which pods will be taken - into consideration. The keys - are used to lookup values from - the incoming pod labels, those - key-value labels are merged - with `labelSelector` as `key - notin (value)` to select the - group of existing pods which - pods will be taken into consideration - for the incoming pod's pod (anti) - affinity. Keys that don't exist - in the incoming pod labels will - be ignored. The default value - is empty. The same key is forbidden - to exist in both mismatchLabelKeys - and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector - isn't set. This is an alpha - field and requires enabling - MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over - the set of namespaces that the - term applies to. The term is - applied to the union of the - namespaces selected by this - field and the ones listed in - the namespaces field. null selector - and null or empty namespaces - list means "this pod's namespace". - An empty selector ({}) matches - all namespaces. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key and - values. properties: key: - description: key is - the label key that - the selector applies - to. type: string operator: - description: operator - represents a key's - relationship to a - set of values. Valid - operators are In, - NotIn, Exists and - DoesNotExist. type: string values: - description: values - is an array of string - values. If the operator - is In or NotIn, the - values array must - be non-empty. If the - operator is Exists - or DoesNotExist, the - values array must - be empty. This array - is replaced during - a strategic merge - patch. items: type: string type: array @@ -12989,47 +4494,15 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in - the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies - a static list of namespace names - that the term applies to. The - term is applied to the union - of the namespaces listed in - this field and the ones selected - by namespaceSelector. null or - empty namespaces list and null - namespaceSelector means "this - pod's namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: - description: This pod should be - co-located (affinity) or not - co-located (anti-affinity) with - the pods matching the labelSelector - in the specified namespaces, - where co-located is defined - as running on a node whose value - of the label with key topologyKey - matches that of any node on - which any of the selected pods - is running. Empty topologyKey - is not allowed. type: string required: - topologyKey @@ -13038,92 +4511,22 @@ spec: x-kubernetes-list-type: atomic type: object podAntiAffinity: - description: Describes pod anti-affinity - scheduling rules (e.g. avoid putting this - pod in the same node, zone, etc. as some - other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer - to schedule pods to nodes that satisfy - the anti-affinity expressions specified - by this field, but it may choose a - node that violates one or more of - the expressions. The node that is - most preferred is the one with the - greatest sum of weights, i.e. for - each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - anti-affinity expressions, etc.), - compute a sum by iterating through - the elements of this field and adding - "weight" to the sum if the node has - pods which matches the corresponding - podAffinityTerm; the node(s) with - the highest sum are the most preferred. items: - description: The weights of all of - the matched WeightedPodAffinityTerm - fields are added per-node to find - the most preferred node(s) properties: podAffinityTerm: - description: Required. A pod affinity - term, associated with the corresponding - weight. properties: labelSelector: - description: A label query - over a set of resources, - in this case pods. If it's - null, this PodAffinityTerm - matches with no Pods. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. properties: key: - description: key - is the label key - that the selector - applies to. type: string operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. items: type: string type: array @@ -13137,141 +4540,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys - is a set of pod label keys - to select which pods will - be taken into consideration. - The keys are used to lookup - values from the incoming - pod labels, those key-value - labels are merged with `labelSelector` - as `key in (value)` to select - the group of existing pods - which pods will be taken - into consideration for the - incoming pod's pod (anti) - affinity. Keys that don't - exist in the incoming pod - labels will be ignored. - The default value is empty. - The same key is forbidden - to exist in both matchLabelKeys - and labelSelector. Also, - matchLabelKeys cannot be - set when labelSelector isn't - set. This is an alpha field - and requires enabling MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys - is a set of pod label keys - to select which pods will - be taken into consideration. - The keys are used to lookup - values from the incoming - pod labels, those key-value - labels are merged with `labelSelector` - as `key notin (value)` to - select the group of existing - pods which pods will be - taken into consideration - for the incoming pod's pod - (anti) affinity. Keys that - don't exist in the incoming - pod labels will be ignored. - The default value is empty. - The same key is forbidden - to exist in both mismatchLabelKeys - and labelSelector. Also, - mismatchLabelKeys cannot - be set when labelSelector - isn't set. This is an alpha - field and requires enabling - MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query - over the set of namespaces - that the term applies to. - The term is applied to the - union of the namespaces - selected by this field and - the ones listed in the namespaces - field. null selector and - null or empty namespaces - list means "this pod's namespace". - An empty selector ({}) matches - all namespaces. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. properties: key: - description: key - is the label key - that the selector - applies to. type: string operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. items: type: string type: array @@ -13285,59 +4576,20 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies - a static list of namespace - names that the term applies - to. The term is applied - to the union of the namespaces - listed in this field and - the ones selected by namespaceSelector. - null or empty namespaces - list and null namespaceSelector - means "this pod's namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: - description: This pod should - be co-located (affinity) - or not co-located (anti-affinity) - with the pods matching the - labelSelector in the specified - namespaces, where co-located - is defined as running on - a node whose value of the - label with key topologyKey - matches that of any node - on which any of the selected - pods is running. Empty topologyKey - is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated - with matching the corresponding - podAffinityTerm, in the range - 1-100. format: int32 type: integer required: @@ -13347,81 +4599,18 @@ spec: type: array x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements - specified by this field are not met - at scheduling time, the pod will not - be scheduled onto the node. If the - anti-affinity requirements specified - by this field cease to be met at some - point during pod execution (e.g. due - to a pod label update), the system - may or may not try to eventually evict - the pod from its node. When there - are multiple elements, the lists of - nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must - be satisfied. items: - description: Defines a set of pods - (namely those matching the labelSelector - relative to the given namespace(s)) - that this pod should be co-located - (affinity) or not co-located (anti-affinity) - with, where co-located is defined - as running on a node whose value - of the label with key - matches that of any node on which - a pod of the set of pods is running properties: labelSelector: - description: A label query over - a set of resources, in this - case pods. If it's null, this - PodAffinityTerm matches with - no Pods. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key and - values. properties: key: - description: key is - the label key that - the selector applies - to. type: string operator: - description: operator - represents a key's - relationship to a - set of values. Valid - operators are In, - NotIn, Exists and - DoesNotExist. type: string values: - description: values - is an array of string - values. If the operator - is In or NotIn, the - values array must - be non-empty. If the - operator is Exists - or DoesNotExist, the - values array must - be empty. This array - is replaced during - a strategic merge - patch. items: type: string type: array @@ -13435,129 +4624,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in - the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is - a set of pod label keys to select - which pods will be taken into - consideration. The keys are - used to lookup values from the - incoming pod labels, those key-value - labels are merged with `labelSelector` - as `key in (value)` to select - the group of existing pods which - pods will be taken into consideration - for the incoming pod's pod (anti) - affinity. Keys that don't exist - in the incoming pod labels will - be ignored. The default value - is empty. The same key is forbidden - to exist in both matchLabelKeys - and labelSelector. Also, matchLabelKeys - cannot be set when labelSelector - isn't set. This is an alpha - field and requires enabling - MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys - is a set of pod label keys to - select which pods will be taken - into consideration. The keys - are used to lookup values from - the incoming pod labels, those - key-value labels are merged - with `labelSelector` as `key - notin (value)` to select the - group of existing pods which - pods will be taken into consideration - for the incoming pod's pod (anti) - affinity. Keys that don't exist - in the incoming pod labels will - be ignored. The default value - is empty. The same key is forbidden - to exist in both mismatchLabelKeys - and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector - isn't set. This is an alpha - field and requires enabling - MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over - the set of namespaces that the - term applies to. The term is - applied to the union of the - namespaces selected by this - field and the ones listed in - the namespaces field. null selector - and null or empty namespaces - list means "this pod's namespace". - An empty selector ({}) matches - all namespaces. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key and - values. properties: key: - description: key is - the label key that - the selector applies - to. type: string operator: - description: operator - represents a key's - relationship to a - set of values. Valid - operators are In, - NotIn, Exists and - DoesNotExist. type: string values: - description: values - is an array of string - values. If the operator - is In or NotIn, the - values array must - be non-empty. If the - operator is Exists - or DoesNotExist, the - values array must - be empty. This array - is replaced during - a strategic merge - patch. items: type: string type: array @@ -13571,47 +4660,15 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in - the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies - a static list of namespace names - that the term applies to. The - term is applied to the union - of the namespaces listed in - this field and the ones selected - by namespaceSelector. null or - empty namespaces list and null - namespaceSelector means "this - pod's namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: - description: This pod should be - co-located (affinity) or not - co-located (anti-affinity) with - the pods matching the labelSelector - in the specified namespaces, - where co-located is defined - as running on a node whose value - of the label with key topologyKey - matches that of any node on - which any of the selected pods - is running. Empty topologyKey - is not allowed. type: string required: - topologyKey @@ -13621,281 +4678,92 @@ spec: type: object type: object args: - description: 'Arguments to the entrypoint. The - docker image''s CMD is used if this is not - provided. Variable references $(VAR_NAME) - are expanded using the container''s environment. - If a variable cannot be resolved, the reference - in the input string will be unchanged. The - $(VAR_NAME) syntax can be escaped with a double - $$, ie: $$(VAR_NAME). Escaped references will - never be expanded, regardless of whether the - variable exists or not. Cannot be updated. - More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array containerSecurityContext: - description: 'Security options the pod should - run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls - whether a process can gain more privileges - than its parent process. This bool directly - controls if the no_new_privs flag will - be set on the container process. AllowPrivilegeEscalation - is true always when the container is: - 1) run as Privileged 2) has CAP_SYS_ADMIN - Note that this field cannot be set when - spec.os.name is windows.' type: boolean appArmorProfile: - description: appArmorProfile is the AppArmor - options to use by this container. If set, - this profile overrides the pod's appArmorProfile. - Note that this field cannot be set when - spec.os.name is windows. properties: localhostProfile: - description: localhostProfile indicates - a profile loaded on the node that - should be used. The profile must be - preconfigured on the node to work. - Must match the loaded name of the - profile. Must be set if and only if - type is "Localhost". type: string type: - description: 'type indicates which kind - of AppArmor profile will be applied. - Valid options are: Localhost - a profile - pre-loaded on the node. RuntimeDefault - - the container runtime''s default - profile. Unconfined - no AppArmor - enforcement.' type: string required: - type type: object capabilities: - description: The capabilities to add/drop - when running containers. Defaults to the - default set of capabilities granted by - the container runtime. Note that this - field cannot be set when spec.os.name - is windows. properties: add: - description: Added capabilities items: - description: Capability represent - POSIX capabilities type type: string type: array x-kubernetes-list-type: atomic drop: - description: Removed capabilities items: - description: Capability represent - POSIX capabilities type type: string type: array x-kubernetes-list-type: atomic type: object privileged: - description: Run container in privileged - mode. Processes in privileged containers - are essentially equivalent to root on - the host. Defaults to false. Note that - this field cannot be set when spec.os.name - is windows. type: boolean procMount: - description: procMount denotes the type - of proc mount to use for the containers. - The default is DefaultProcMount which - uses the container runtime defaults for - readonly paths and masked paths. This - requires the ProcMountType feature flag - to be enabled. Note that this field cannot - be set when spec.os.name is windows. type: string readOnlyRootFilesystem: - description: Whether this container has - a read-only root filesystem. Default is - false. Note that this field cannot be - set when spec.os.name is windows. type: boolean runAsGroup: - description: The GID to run the entrypoint - of the container process. Uses runtime - default if unset. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this field - cannot be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: - description: Indicates that the container - must run as a non-root user. If true, - the Kubelet will validate the image at - runtime to ensure that it does not run - as UID 0 (root) and fail to start the - container if it does. If unset or false, - no such validation will be performed. - May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint - of the container process. Defaults to - user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this field - cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be applied - to the container. If unspecified, the - container runtime will allocate a random - SELinux context for each container. May - also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this field - cannot be set when spec.os.name is windows. properties: level: - description: Level is SELinux level - label that applies to the container. type: string role: - description: Role is a SELinux role - label that applies to the container. type: string type: - description: Type is a SELinux type - label that applies to the container. type: string user: - description: User is a SELinux user - label that applies to the container. type: string type: object seccompProfile: - description: The seccomp options to use - by this container. If seccomp options - are provided at both the pod & container - level, the container options override - the pod options. Note that this field - cannot be set when spec.os.name is windows. properties: localhostProfile: - description: localhostProfile indicates - a profile defined in a file on the - node should be used. The profile must - be preconfigured on the node to work. - Must be a descending path, relative - to the kubelet's configured seccomp - profile location. Must be set if type - is "Localhost". Must NOT be set for - any other type. type: string type: - description: "type indicates which kind - of seccomp profile will be applied. - Valid options are: \n Localhost - - a profile defined in a file on the - node should be used. RuntimeDefault - - the container runtime default profile - should be used. Unconfined - no profile - should be applied." type: string required: - type type: object windowsOptions: - description: The Windows specific settings - applied to all containers. If unspecified, - the options from the PodSecurityContext - will be used. If set in both SecurityContext - and PodSecurityContext, the value specified - in SecurityContext takes precedence. Note - that this field cannot be set when spec.os.name - is linux. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is where - the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential - spec named by the GMSACredentialSpecName - field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName - is the name of the GMSA credential - spec to use. type: string hostProcess: - description: HostProcess determines - if a container should be run as a - 'Host Process' container. All of a - Pod's containers must have the same - effective HostProcess value (it is - not allowed to have a mix of HostProcess - containers and non-HostProcess containers). - In addition, if HostProcess is true - then HostNetwork must also be set - to true. type: boolean runAsUserName: - description: The UserName in Windows - to run the entrypoint of the container - process. Defaults to the user specified - in image metadata if unspecified. - May also be set in PodSecurityContext. - If set in both SecurityContext and - PodSecurityContext, the value specified - in SecurityContext takes precedence. type: string type: object type: object dnsConfig: - description: Specifies the DNS parameters of - a pod. Parameters specified here will be merged - to the generated DNS configuration based on - DNSPolicy. properties: nameservers: - description: A list of DNS name server IP - addresses. This will be appended to the - base nameservers generated from DNSPolicy. - Duplicated nameservers will be removed. items: type: string type: array x-kubernetes-list-type: atomic options: - description: A list of DNS resolver options. - This will be merged with the base options - generated from DNSPolicy. Duplicated entries - will be removed. Resolution options given - in Options will override those that appear - in the base DNSPolicy. items: - description: PodDNSConfigOption defines - DNS resolver options of a pod. properties: name: - description: Required. type: string value: type: string @@ -13903,171 +4771,71 @@ spec: type: array x-kubernetes-list-type: atomic searches: - description: A list of DNS search domains - for host-name lookup. This will be appended - to the base search paths generated from - DNSPolicy. Duplicated search paths will - be removed. items: type: string type: array x-kubernetes-list-type: atomic type: object dnsPolicy: - description: Set DNS policy for the pod. Defaults - to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', - 'ClusterFirst', 'Default' or 'None'. DNS parameters - given in DNSConfig will be merged with the - policy selected with DNSPolicy. To have DNS - options set along with hostNetwork, you have - to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. type: string enableServiceLinks: - description: 'EnableServiceLinks indicates whether - information about services should be injected - into pod''s environment variables, matching - the syntax of Docker links. Optional: Defaults - to true.' type: boolean env: - description: List of environment variables to - set in the container. Cannot be updated. items: - description: EnvVar represents an environment - variable present in a Container. properties: name: - description: Name of the environment variable. - Must be a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) - are expanded using the previously defined - environment variables in the container - and any service environment variables. - If a variable cannot be resolved, the - reference in the input string will be - unchanged. Double $$ are reduced to - a single $, which allows for escaping - the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" - will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, - regardless of whether the variable exists - or not. Defaults to "".' type: string valueFrom: - description: Source for the environment - variable's value. Cannot be used if - value is not empty. properties: configMapKeyRef: - description: Selects a key of a ConfigMap. properties: key: - description: The key to select. type: string name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the - ConfigMap or its key must be - defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of the - pod: supports metadata.name, metadata.namespace, - `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, status.podIPs.' properties: apiVersion: - description: Version of the schema - the FieldPath is written in - terms of, defaults to "v1". type: string fieldPath: - description: Path of the field - to select in the specified API - version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource of - the container: only resources limits - and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' properties: containerName: - description: 'Container name: - required for volumes, optional - for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output - format of the exposed resources, - defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource - to select' type: string required: - resource type: object x-kubernetes-map-type: atomic secretKeyRef: - description: Selects a key of a secret - in the pod's namespace properties: key: - description: The key of the secret - to select from. Must be a valid - secret key. type: string name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the - Secret or its key must be defined type: boolean required: - key @@ -14079,264 +4847,89 @@ spec: type: object type: array hostIPC: - description: 'Use the host''s ipc namespace. - Optional: Default to false.' type: boolean hostNetwork: - description: Host networking requested for this - pod. Use the host's network namespace. If - this option is set, the ports that will be - used must be specified. Default to false. type: boolean hostPID: - description: 'Use the host''s pid namespace. - Optional: Default to false.' type: boolean imagePullSecrets: - description: 'ImagePullSecrets is an optional - list of references to secrets in the same - namespace to use for pulling any of the images - used by this PodSpec. If specified, these - secrets will be passed to individual puller - implementations for them to use. More info: - https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' items: - description: LocalObjectReference contains - enough information to let you locate the - referenced object inside the same namespace. properties: name: default: "" - description: 'Name of the referent. This - field is effectively required, but due - to backwards compatibility is allowed - to be empty. Instances of this type - with an empty value here are almost - certainly wrong. TODO: Add other useful - fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic type: array initContainers: - description: 'List of initialization containers - belonging to the pod. Init containers are - executed in order prior to containers being - started. If any init container fails, the - pod is considered to have failed and is handled - according to its restartPolicy. The name for - an init container or normal container must - be unique among all containers. Init containers - may not have Lifecycle actions, Readiness - probes, or Liveness probes. The resourceRequirements - of an init container are taken into account - during scheduling by finding the highest request/limit - for each resource type, and then using the - max of of that value or the sum of the normal - containers. Limits are applied to init containers - in a similar fashion. Init containers cannot - currently be added or removed. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' items: - description: A single application container - that you want to run within a pod. properties: args: - description: 'Arguments to the entrypoint. - The container image''s CMD is used if - this is not provided. Variable references - $(VAR_NAME) are expanded using the container''s - environment. If a variable cannot be - resolved, the reference in the input - string will be unchanged. Double $$ - are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: - i.e. "$$(VAR_NAME)" will produce the - string literal "$(VAR_NAME)". Escaped - references will never be expanded, regardless - of whether the variable exists or not. - Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array x-kubernetes-list-type: atomic command: - description: 'Entrypoint array. Not executed - within a shell. The container image''s - ENTRYPOINT is used if this is not provided. - Variable references $(VAR_NAME) are - expanded using the container''s environment. - If a variable cannot be resolved, the - reference in the input string will be - unchanged. Double $$ are reduced to - a single $, which allows for escaping - the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" - will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, - regardless of whether the variable exists - or not. Cannot be updated. More info: - https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array x-kubernetes-list-type: atomic env: - description: List of environment variables - to set in the container. Cannot be updated. items: - description: EnvVar represents an environment - variable present in a Container. properties: name: - description: Name of the environment - variable. Must be a C_IDENTIFIER. type: string value: - description: 'Variable references - $(VAR_NAME) are expanded using - the previously defined environment - variables in the container and - any service environment variables. - If a variable cannot be resolved, - the reference in the input string - will be unchanged. Double $$ are - reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: - i.e. "$$(VAR_NAME)" will produce - the string literal "$(VAR_NAME)". - Escaped references will never - be expanded, regardless of whether - the variable exists or not. Defaults - to "".' type: string valueFrom: - description: Source for the environment - variable's value. Cannot be used - if value is not empty. properties: configMapKeyRef: - description: Selects a key of - a ConfigMap. properties: key: - description: The key to - select. type: string name: default: "" - description: 'Name of the - referent. This field is - effectively required, - but due to backwards compatibility - is allowed to be empty. - Instances of this type - with an empty value here - are almost certainly wrong. - TODO: Add other useful - fields. apiVersion, kind, - uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether - the ConfigMap or its key - must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field - of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, - status.podIPs.' properties: apiVersion: - description: Version of - the schema the FieldPath - is written in terms of, - defaults to "v1". type: string fieldPath: - description: Path of the - field to select in the - specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource - of the container: only resources - limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, - requests.cpu, requests.memory - and requests.ephemeral-storage) - are currently supported.' properties: containerName: - description: 'Container - name: required for volumes, - optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the - output format of the exposed - resources, defaults to - "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: - resource to select' type: string required: - resource type: object x-kubernetes-map-type: atomic secretKeyRef: - description: Selects a key of - a secret in the pod's namespace properties: key: - description: The key of - the secret to select from. Must - be a valid secret key. type: string name: default: "" - description: 'Name of the - referent. This field is - effectively required, - but due to backwards compatibility - is allowed to be empty. - Instances of this type - with an empty value here - are almost certainly wrong. - TODO: Add other useful - fields. apiVersion, kind, - uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether - the Secret or its key - must be defined type: boolean required: - key @@ -14351,75 +4944,25 @@ spec: - name x-kubernetes-list-type: map envFrom: - description: List of sources to populate - environment variables in the container. - The keys defined within a source must - be a C_IDENTIFIER. All invalid keys - will be reported as an event when the - container is starting. When a key exists - in multiple sources, the value associated - with the last source will take precedence. - Values defined by an Env with a duplicate - key will take precedence. Cannot be - updated. items: - description: EnvFromSource represents - the source of a set of ConfigMaps properties: configMapRef: - description: The ConfigMap to select - from properties: name: default: "" - description: 'Name of the referent. - This field is effectively - required, but due to backwards - compatibility is allowed to - be empty. Instances of this - type with an empty value here - are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether - the ConfigMap must be defined type: boolean type: object x-kubernetes-map-type: atomic prefix: - description: An optional identifier - to prepend to each key in the - ConfigMap. Must be a C_IDENTIFIER. type: string secretRef: - description: The Secret to select - from properties: name: default: "" - description: 'Name of the referent. - This field is effectively - required, but due to backwards - compatibility is allowed to - be empty. Instances of this - type with an empty value here - are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether - the Secret must be defined type: boolean type: object x-kubernetes-map-type: atomic @@ -14427,91 +4970,31 @@ spec: type: array x-kubernetes-list-type: atomic image: - description: 'Container image name. More - info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher - level config management to default or - override container images in workload - controllers like Deployments and StatefulSets.' type: string imagePullPolicy: - description: 'Image pull policy. One of - Always, Never, IfNotPresent. Defaults - to Always if :latest tag is specified, - or IfNotPresent otherwise. Cannot be - updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' type: string lifecycle: - description: Actions that the management - system should take in response to container - lifecycle events. Cannot be updated. properties: postStart: - description: 'PostStart is called - immediately after a container is - created. If the handler fails, the - container is terminated and restarted - according to its restart policy. - Other management of the container - blocks until the hook completes. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: Exec specifies the - action to take. properties: command: - description: Command is the - command line to execute - inside the container, the - working directory for the - command is root ('/') in - the container's filesystem. - The command is simply exec'd, - it is not run inside a shell, - so traditional shell instructions - ('|', etc) won't work. To - use a shell, you need to - explicitly call out to that - shell. Exit status of 0 - is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies - the http request to perform. properties: host: - description: Host name to - connect to, defaults to - the pod IP. You probably - want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. items: - description: HTTPHeader - describes a custom header - to be used in HTTP probes properties: name: - description: The header - field name. This will - be canonicalized upon - output, so case-variant - names will be understood - as the same header. type: string value: - description: The header - field value type: string required: - name @@ -14520,144 +5003,58 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access - on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use - for connecting to the host. - Defaults to HTTP. type: string required: - port type: object sleep: - description: Sleep represents - the duration that the container - should sleep before being terminated. properties: seconds: - description: Seconds is the - number of seconds to sleep. format: int64 type: integer required: - seconds type: object tcpSocket: - description: Deprecated. TCPSocket - is NOT supported as a LifecycleHandler - and kept for the backward compatibility. - There are no validation of this - field and lifecycle hooks will - fail in runtime when tcp handler - is specified. properties: host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: - description: 'PreStop is called immediately - before a container is terminated - due to an API request or management - event such as liveness/startup probe - failure, preemption, resource contention, - etc. The handler is not called if - the container crashes or exits. - The Pod''s termination grace period - countdown begins before the PreStop - hook is executed. Regardless of - the outcome of the handler, the - container will eventually terminate - within the Pod''s termination grace - period (unless delayed by finalizers). - Other management of the container - blocks until the hook completes - or until the termination grace period - is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: Exec specifies the - action to take. properties: command: - description: Command is the - command line to execute - inside the container, the - working directory for the - command is root ('/') in - the container's filesystem. - The command is simply exec'd, - it is not run inside a shell, - so traditional shell instructions - ('|', etc) won't work. To - use a shell, you need to - explicitly call out to that - shell. Exit status of 0 - is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies - the http request to perform. properties: host: - description: Host name to - connect to, defaults to - the pod IP. You probably - want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. items: - description: HTTPHeader - describes a custom header - to be used in HTTP probes properties: name: - description: The header - field name. This will - be canonicalized upon - output, so case-variant - names will be understood - as the same header. type: string value: - description: The header - field value type: string required: - name @@ -14666,63 +5063,33 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access - on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use - for connecting to the host. - Defaults to HTTP. type: string required: - port type: object sleep: - description: Sleep represents - the duration that the container - should sleep before being terminated. properties: seconds: - description: Seconds is the - number of seconds to sleep. format: int64 type: integer required: - seconds type: object tcpSocket: - description: Deprecated. TCPSocket - is NOT supported as a LifecycleHandler - and kept for the backward compatibility. - There are no validation of this - field and lifecycle hooks will - fail in runtime when tcp handler - is specified. properties: host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -14730,93 +5097,38 @@ spec: type: object type: object livenessProbe: - description: 'Periodic probe of container - liveness. Container will be restarted - if the probe fails. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action - to take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the - command is root ('/') in the - container's filesystem. The - command is simply exec'd, it - is not run inside a shell, so - traditional shell instructions - ('|', etc) won't work. To use - a shell, you need to explicitly - call out to that shell. Exit - status of 0 is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults - to 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action - involving a GRPC port. properties: port: - description: Port number of the - gRPC service. Number must be - in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name - of the service to place in the - gRPC HealthCheckRequest (see - https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, - the default behavior is defined - by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the - http request to perform. properties: host: - description: Host name to connect - to, defaults to the pod IP. - You probably want to set "Host" - in httpHeaders instead. type: string httpHeaders: - description: Custom headers to - set in the request. HTTP allows - repeated headers. items: - description: HTTPHeader describes - a custom header to be used - in HTTP probes properties: name: - description: The header - field name. This will - be canonicalized upon - output, so case-variant - names will be understood - as the same header. type: string value: - description: The header - field value type: string required: - name @@ -14825,157 +5137,62 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on - the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for - connecting to the host. Defaults - to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after - the container has started before - liveness probes are initiated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) - to perform the probe. Default to - 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to - 1. Must be 1 for liveness and startup. - Minimum value is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an - action involving a TCP port. properties: host: - description: 'Optional: Host name - to connect to, defaults to the - pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in - seconds the pod needs to terminate - gracefully upon probe failure. The - grace period is the duration in - seconds after the processes running - in the pod are sent a termination - signal and the time when the processes - are forcibly halted with a kill - signal. Set this value longer than - the expected cleanup time for your - process. If this value is nil, the - pod's terminationGracePeriodSeconds - will be used. Otherwise, this value - overrides the value provided by - the pod spec. Value must be non-negative - integer. The value zero indicates - stop immediately via the kill signal - (no opportunity to shut down). This - is a beta field and requires enabling - ProbeTerminationGracePeriod feature - gate. Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after - which the probe times out. Defaults - to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object name: - description: Name of the container specified - as a DNS_LABEL. Each container in a - pod must have a unique name (DNS_LABEL). - Cannot be updated. type: string ports: - description: List of ports to expose from - the container. Not specifying a port - here DOES NOT prevent that port from - being exposed. Any port which is listening - on the default "0.0.0.0" address inside - a container will be accessible from - the network. Modifying this array with - strategic merge patch may corrupt the - data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. - Cannot be updated. items: - description: ContainerPort represents - a network port in a single container. properties: containerPort: - description: Number of port to expose - on the pod's IP address. This - must be a valid port number, 0 - < x < 65536. format: int32 type: integer hostIP: - description: What host IP to bind - the external port to. type: string hostPort: - description: Number of port to expose - on the host. If specified, this - must be a valid port number, 0 - < x < 65536. If HostNetwork is - specified, this must match ContainerPort. - Most containers do not need this. format: int32 type: integer name: - description: If specified, this - must be an IANA_SVC_NAME and unique - within the pod. Each named port - in a pod must have a unique name. - Name for the port that can be - referred to by services. type: string protocol: default: TCP - description: Protocol for port. - Must be UDP, TCP, or SCTP. Defaults - to "TCP". type: string required: - containerPort @@ -14986,94 +5203,38 @@ spec: - protocol x-kubernetes-list-type: map readinessProbe: - description: 'Periodic probe of container - service readiness. Container will be - removed from service endpoints if the - probe fails. Cannot be updated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action - to take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the - command is root ('/') in the - container's filesystem. The - command is simply exec'd, it - is not run inside a shell, so - traditional shell instructions - ('|', etc) won't work. To use - a shell, you need to explicitly - call out to that shell. Exit - status of 0 is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults - to 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action - involving a GRPC port. properties: port: - description: Port number of the - gRPC service. Number must be - in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name - of the service to place in the - gRPC HealthCheckRequest (see - https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, - the default behavior is defined - by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the - http request to perform. properties: host: - description: Host name to connect - to, defaults to the pod IP. - You probably want to set "Host" - in httpHeaders instead. type: string httpHeaders: - description: Custom headers to - set in the request. HTTP allows - repeated headers. items: - description: HTTPHeader describes - a custom header to be used - in HTTP probes properties: name: - description: The header - field name. This will - be canonicalized upon - output, so case-variant - names will be understood - as the same header. type: string value: - description: The header - field value type: string required: - name @@ -15082,121 +5243,51 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on - the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for - connecting to the host. Defaults - to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after - the container has started before - liveness probes are initiated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) - to perform the probe. Default to - 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to - 1. Must be 1 for liveness and startup. - Minimum value is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an - action involving a TCP port. properties: host: - description: 'Optional: Host name - to connect to, defaults to the - pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in - seconds the pod needs to terminate - gracefully upon probe failure. The - grace period is the duration in - seconds after the processes running - in the pod are sent a termination - signal and the time when the processes - are forcibly halted with a kill - signal. Set this value longer than - the expected cleanup time for your - process. If this value is nil, the - pod's terminationGracePeriodSeconds - will be used. Otherwise, this value - overrides the value provided by - the pod spec. Value must be non-negative - integer. The value zero indicates - stop immediately via the kill signal - (no opportunity to shut down). This - is a beta field and requires enabling - ProbeTerminationGracePeriod feature - gate. Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after - which the probe times out. Defaults - to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object resizePolicy: - description: Resources resize policy for - the container. items: - description: ContainerResizePolicy represents - resource resize policy for the container. properties: resourceName: - description: 'Name of the resource - to which this resource resize - policy applies. Supported values: - cpu, memory.' type: string restartPolicy: - description: Restart policy to apply - when specified resource is resized. - If not specified, it defaults - to NotRequired. type: string required: - resourceName @@ -15205,28 +5296,11 @@ spec: type: array x-kubernetes-list-type: atomic resources: - description: 'Compute Resources required - by this container. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' properties: claims: - description: "Claims lists the names - of resources, defined in spec.resourceClaims, - that are used by this container. - \n This is an alpha field and requires - enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. - It can only be set for containers." items: - description: ResourceClaim references - one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match - the name of one entry in pod.spec.resourceClaims - of the Pod where this field - is used. It makes that resource - available inside a container. type: string required: - name @@ -15242,9 +5316,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the - maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -15253,402 +5324,115 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the - minimum amount of compute resources - required. If Requests is omitted - for a container, it defaults to - Limits if that is explicitly specified, - otherwise to an implementation-defined - value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object restartPolicy: - description: 'RestartPolicy defines the - restart behavior of individual containers - in a pod. This field may only be set - for init containers, and the only allowed - value is "Always". For non-init containers - or when this field is not specified, - the restart behavior is defined by the - Pod''s restart policy and the container - type. Setting the RestartPolicy as "Always" - for the init container will have the - following effect: this init container - will be continually restarted on exit - until all regular containers have terminated. - Once all regular containers have completed, - all init containers with restartPolicy - "Always" will be shut down. This lifecycle - differs from normal init containers - and is often referred to as a "sidecar" - container. Although this init container - still starts in the init container sequence, - it does not wait for the container to - complete before proceeding to the next - init container. Instead, the next init - container starts immediately after this - init container is started, or after - any startupProbe has successfully completed.' type: string securityContext: - description: 'SecurityContext defines - the security options the container should - be run with. If set, the fields of SecurityContext - override the equivalent fields of PodSecurityContext. - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation - controls whether a process can gain - more privileges than its parent - process. This bool directly controls - if the no_new_privs flag will be - set on the container process. AllowPrivilegeEscalation - is true always when the container - is: 1) run as Privileged 2) has - CAP_SYS_ADMIN Note that this field - cannot be set when spec.os.name - is windows.' type: boolean appArmorProfile: - description: appArmorProfile is the - AppArmor options to use by this - container. If set, this profile - overrides the pod's appArmorProfile. - Note that this field cannot be set - when spec.os.name is windows. properties: localhostProfile: - description: localhostProfile - indicates a profile loaded on - the node that should be used. - The profile must be preconfigured - on the node to work. Must match - the loaded name of the profile. - Must be set if and only if type - is "Localhost". type: string type: - description: 'type indicates which - kind of AppArmor profile will - be applied. Valid options are: - Localhost - a profile pre-loaded - on the node. RuntimeDefault - - the container runtime''s default - profile. Unconfined - no AppArmor - enforcement.' type: string required: - type type: object capabilities: - description: The capabilities to add/drop - when running containers. Defaults - to the default set of capabilities - granted by the container runtime. - Note that this field cannot be set - when spec.os.name is windows. properties: add: - description: Added capabilities items: - description: Capability represent - POSIX capabilities type type: string type: array x-kubernetes-list-type: atomic drop: - description: Removed capabilities items: - description: Capability represent - POSIX capabilities type type: string type: array x-kubernetes-list-type: atomic type: object privileged: - description: Run container in privileged - mode. Processes in privileged containers - are essentially equivalent to root - on the host. Defaults to false. - Note that this field cannot be set - when spec.os.name is windows. type: boolean procMount: - description: procMount denotes the - type of proc mount to use for the - containers. The default is DefaultProcMount - which uses the container runtime - defaults for readonly paths and - masked paths. This requires the - ProcMountType feature flag to be - enabled. Note that this field cannot - be set when spec.os.name is windows. type: string readOnlyRootFilesystem: - description: Whether this container - has a read-only root filesystem. - Default is false. Note that this - field cannot be set when spec.os.name - is windows. type: boolean runAsGroup: - description: The GID to run the entrypoint - of the container process. Uses runtime - default if unset. May also be set - in PodSecurityContext. If set in - both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this - field cannot be set when spec.os.name - is windows. format: int64 type: integer runAsNonRoot: - description: Indicates that the container - must run as a non-root user. If - true, the Kubelet will validate - the image at runtime to ensure that - it does not run as UID 0 (root) - and fail to start the container - if it does. If unset or false, no - such validation will be performed. - May also be set in PodSecurityContext. If - set in both SecurityContext and - PodSecurityContext, the value specified - in SecurityContext takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint - of the container process. Defaults - to user specified in image metadata - if unspecified. May also be set - in PodSecurityContext. If set in - both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this - field cannot be set when spec.os.name - is windows. format: int64 type: integer seLinuxOptions: - description: The SELinux context to - be applied to the container. If - unspecified, the container runtime - will allocate a random SELinux context - for each container. May also be - set in PodSecurityContext. If set - in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this - field cannot be set when spec.os.name - is windows. properties: level: - description: Level is SELinux - level label that applies to - the container. type: string role: - description: Role is a SELinux - role label that applies to the - container. type: string type: - description: Type is a SELinux - type label that applies to the - container. type: string user: - description: User is a SELinux - user label that applies to the - container. type: string type: object seccompProfile: - description: The seccomp options to - use by this container. If seccomp - options are provided at both the - pod & container level, the container - options override the pod options. - Note that this field cannot be set - when spec.os.name is windows. properties: localhostProfile: - description: localhostProfile - indicates a profile defined - in a file on the node should - be used. The profile must be - preconfigured on the node to - work. Must be a descending path, - relative to the kubelet's configured - seccomp profile location. Must - be set if type is "Localhost". - Must NOT be set for any other - type. type: string type: - description: "type indicates which - kind of seccomp profile will - be applied. Valid options are: - \n Localhost - a profile defined - in a file on the node should - be used. RuntimeDefault - the - container runtime default profile - should be used. Unconfined - - no profile should be applied." type: string required: - type type: object windowsOptions: - description: The Windows specific - settings applied to all containers. - If unspecified, the options from - the PodSecurityContext will be used. - If set in both SecurityContext and - PodSecurityContext, the value specified - in SecurityContext takes precedence. - Note that this field cannot be set - when spec.os.name is linux. properties: gmsaCredentialSpec: - description: GMSACredentialSpec - is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the - GMSA credential spec named by - the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName - is the name of the GMSA credential - spec to use. type: string hostProcess: - description: HostProcess determines - if a container should be run - as a 'Host Process' container. - All of a Pod's containers must - have the same effective HostProcess - value (it is not allowed to - have a mix of HostProcess containers - and non-HostProcess containers). - In addition, if HostProcess - is true then HostNetwork must - also be set to true. type: boolean runAsUserName: - description: The UserName in Windows - to run the entrypoint of the - container process. Defaults - to the user specified in image - metadata if unspecified. May - also be set in PodSecurityContext. - If set in both SecurityContext - and PodSecurityContext, the - value specified in SecurityContext - takes precedence. type: string type: object type: object startupProbe: - description: 'StartupProbe indicates that - the Pod has successfully initialized. - If specified, no other probes are executed - until this completes successfully. If - this probe fails, the Pod will be restarted, - just as if the livenessProbe failed. - This can be used to provide different - probe parameters at the beginning of - a Pod''s lifecycle, when it might take - a long time to load data or warm a cache, - than during steady-state operation. - This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action - to take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the - command is root ('/') in the - container's filesystem. The - command is simply exec'd, it - is not run inside a shell, so - traditional shell instructions - ('|', etc) won't work. To use - a shell, you need to explicitly - call out to that shell. Exit - status of 0 is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults - to 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action - involving a GRPC port. properties: port: - description: Port number of the - gRPC service. Number must be - in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name - of the service to place in the - gRPC HealthCheckRequest (see - https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, - the default behavior is defined - by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the - http request to perform. properties: host: - description: Host name to connect - to, defaults to the pod IP. - You probably want to set "Host" - in httpHeaders instead. type: string httpHeaders: - description: Custom headers to - set in the request. HTTP allows - repeated headers. items: - description: HTTPHeader describes - a custom header to be used - in HTTP probes properties: name: - description: The header - field name. This will - be canonicalized upon - output, so case-variant - names will be understood - as the same header. type: string value: - description: The header - field value type: string required: - name @@ -15657,176 +5441,61 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on - the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for - connecting to the host. Defaults - to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after - the container has started before - liveness probes are initiated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) - to perform the probe. Default to - 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to - 1. Must be 1 for liveness and startup. - Minimum value is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an - action involving a TCP port. properties: host: - description: 'Optional: Host name - to connect to, defaults to the - pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in - seconds the pod needs to terminate - gracefully upon probe failure. The - grace period is the duration in - seconds after the processes running - in the pod are sent a termination - signal and the time when the processes - are forcibly halted with a kill - signal. Set this value longer than - the expected cleanup time for your - process. If this value is nil, the - pod's terminationGracePeriodSeconds - will be used. Otherwise, this value - overrides the value provided by - the pod spec. Value must be non-negative - integer. The value zero indicates - stop immediately via the kill signal - (no opportunity to shut down). This - is a beta field and requires enabling - ProbeTerminationGracePeriod feature - gate. Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after - which the probe times out. Defaults - to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object stdin: - description: Whether this container should - allocate a buffer for stdin in the container - runtime. If this is not set, reads from - stdin in the container will always result - in EOF. Default is false. type: boolean stdinOnce: - description: Whether the container runtime - should close the stdin channel after - it has been opened by a single attach. - When stdin is true the stdin stream - will remain open across multiple attach - sessions. If stdinOnce is set to true, - stdin is opened on container start, - is empty until the first client attaches - to stdin, and then remains open and - accepts data until the client disconnects, - at which time stdin is closed and remains - closed until the container is restarted. - If this flag is false, a container processes - that reads from stdin will never receive - an EOF. Default is false type: boolean terminationMessagePath: - description: 'Optional: Path at which - the file to which the container''s termination - message will be written is mounted into - the container''s filesystem. Message - written is intended to be brief final - status, such as an assertion failure - message. Will be truncated by the node - if greater than 4096 bytes. The total - message length across all containers - will be limited to 12kb. Defaults to - /dev/termination-log. Cannot be updated.' type: string terminationMessagePolicy: - description: Indicate how the termination - message should be populated. File will - use the contents of terminationMessagePath - to populate the container status message - on both success and failure. FallbackToLogsOnError - will use the last chunk of container - log output if the termination message - file is empty and the container exited - with an error. The log output is limited - to 2048 bytes or 80 lines, whichever - is smaller. Defaults to File. Cannot - be updated. type: string tty: - description: Whether this container should - allocate a TTY for itself, also requires - 'stdin' to be true. Default is false. type: boolean volumeDevices: - description: volumeDevices is the list - of block devices to be used by the container. items: - description: volumeDevice describes - a mapping of a raw block device within - a container. properties: devicePath: - description: devicePath is the path - inside of the container that the - device will be mapped to. type: string name: - description: name must match the - name of a persistentVolumeClaim - in the pod type: string required: - devicePath @@ -15837,84 +5506,21 @@ spec: - devicePath x-kubernetes-list-type: map volumeMounts: - description: Pod volumes to mount into - the container's filesystem. Cannot be - updated. items: - description: VolumeMount describes a - mounting of a Volume within a container. properties: mountPath: - description: Path within the container - at which the volume should be - mounted. Must not contain ':'. type: string mountPropagation: - description: mountPropagation determines - how mounts are propagated from - the host to container and the - other way around. When not set, - MountPropagationNone is used. - This field is beta in 1.10. When - RecursiveReadOnly is set to IfPossible - or to Enabled, MountPropagation - must be None or unspecified (which - defaults to None). type: string name: - description: This must match the - Name of a Volume. type: string readOnly: - description: Mounted read-only if - true, read-write otherwise (false - or unspecified). Defaults to false. type: boolean recursiveReadOnly: - description: "RecursiveReadOnly - specifies whether read-only mounts - should be handled recursively. - \n If ReadOnly is false, this - field has no meaning and must - be unspecified. \n If ReadOnly - is true, and this field is set - to Disabled, the mount is not - made recursively read-only. If - this field is set to IfPossible, - the mount is made recursively - read-only, if it is supported - by the container runtime. If - this field is set to Enabled, - the mount is made recursively - read-only if it is supported by - the container runtime, otherwise - the pod will not be started and - an error will be generated to - indicate the reason. \n If this - field is set to IfPossible or - Enabled, MountPropagation must - be set to None (or be unspecified, - which defaults to None). \n If - this field is not specified, it - is treated as an equivalent of - Disabled." type: string subPath: - description: Path within the volume - from which the container's volume - should be mounted. Defaults to - "" (volume's root). type: string subPathExpr: - description: Expanded path within - the volume from which the container's - volume should be mounted. Behaves - similarly to SubPath but environment - variable references $(VAR_NAME) - are expanded using the container's - environment. Defaults to "" (volume's - root). SubPathExpr and SubPath - are mutually exclusive. type: string required: - mountPath @@ -15925,81 +5531,33 @@ spec: - mountPath x-kubernetes-list-type: map workingDir: - description: Container's working directory. - If not specified, the container runtime's - default will be used, which might be - configured in the container image. Cannot - be updated. type: string required: - name type: object type: array lifecycle: - description: Actions that the management system - should take in response to container lifecycle - events. Cannot be updated. properties: postStart: - description: 'PostStart is called immediately - after a container is created. If the handler - fails, the container is terminated and - restarted according to its restart policy. - Other management of the container blocks - until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: Exec specifies the action - to take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the - command is root ('/') in the - container's filesystem. The command - is simply exec'd, it is not run - inside a shell, so traditional - shell instructions ('|', etc) - won't work. To use a shell, you - need to explicitly call out to - that shell. Exit status of 0 is - treated as live/healthy and non-zero - is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the http - request to perform. properties: host: - description: Host name to connect - to, defaults to the pod IP. You - probably want to set "Host" in - httpHeaders instead. type: string httpHeaders: - description: Custom headers to set - in the request. HTTP allows repeated - headers. items: - description: HTTPHeader describes - a custom header to be used in - HTTP probes properties: name: - description: The header field - name. This will be canonicalized - upon output, so case-variant - names will be understood - as the same header. type: string value: - description: The header field - value type: string required: - name @@ -16008,134 +5566,58 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the - HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the - port to access on the container. - Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. type: string required: - port type: object sleep: - description: Sleep represents the duration - that the container should sleep before - being terminated. properties: seconds: - description: Seconds is the number - of seconds to sleep. format: int64 type: integer required: - seconds type: object tcpSocket: - description: Deprecated. TCPSocket is - NOT supported as a LifecycleHandler - and kept for the backward compatibility. - There are no validation of this field - and lifecycle hooks will fail in runtime - when tcp handler is specified. properties: host: - description: 'Optional: Host name - to connect to, defaults to the - pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the - port to access on the container. - Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: - description: 'PreStop is called immediately - before a container is terminated due to - an API request or management event such - as liveness/startup probe failure, preemption, - resource contention, etc. The handler - is not called if the container crashes - or exits. The Pod''s termination grace - period countdown begins before the PreStop - hook is executed. Regardless of the outcome - of the handler, the container will eventually - terminate within the Pod''s termination - grace period (unless delayed by finalizers). - Other management of the container blocks - until the hook completes or until the - termination grace period is reached. More - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: Exec specifies the action - to take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the - command is root ('/') in the - container's filesystem. The command - is simply exec'd, it is not run - inside a shell, so traditional - shell instructions ('|', etc) - won't work. To use a shell, you - need to explicitly call out to - that shell. Exit status of 0 is - treated as live/healthy and non-zero - is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the http - request to perform. properties: host: - description: Host name to connect - to, defaults to the pod IP. You - probably want to set "Host" in - httpHeaders instead. type: string httpHeaders: - description: Custom headers to set - in the request. HTTP allows repeated - headers. items: - description: HTTPHeader describes - a custom header to be used in - HTTP probes properties: name: - description: The header field - name. This will be canonicalized - upon output, so case-variant - names will be understood - as the same header. type: string value: - description: The header field - value type: string required: - name @@ -16144,59 +5626,33 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the - HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the - port to access on the container. - Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. type: string required: - port type: object sleep: - description: Sleep represents the duration - that the container should sleep before - being terminated. properties: seconds: - description: Seconds is the number - of seconds to sleep. format: int64 type: integer required: - seconds type: object tcpSocket: - description: Deprecated. TCPSocket is - NOT supported as a LifecycleHandler - and kept for the backward compatibility. - There are no validation of this field - and lifecycle hooks will fail in runtime - when tcp handler is specified. properties: host: - description: 'Optional: Host name - to connect to, defaults to the - pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the - port to access on the container. - Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -16204,90 +5660,38 @@ spec: type: object type: object livenessProbe: - description: 'Periodic probe of container liveness. - Container will be restarted if the probe fails. - Controllers may set default LivenessProbe - if no liveness probe is provided. To ignore - defaulting, set the value to empty LivenessProbe - "{}". Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action to - take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it is - not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to - explicitly call out to that shell. - Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults to 3. - Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action involving - a GRPC port. properties: port: - description: Port number of the gRPC - service. Number must be in the range - 1 to 65535. format: int32 type: integer service: - description: "Service is the name of - the service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default - behavior is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http - request to perform. properties: host: - description: Host name to connect to, - defaults to the pod IP. You probably - want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers to set in - the request. HTTP allows repeated - headers. items: - description: HTTPHeader describes - a custom header to be used in HTTP - probes properties: name: - description: The header field - name. This will be canonicalized - upon output, so case-variant - names will be understood as - the same header. type: string value: - description: The header field - value type: string required: - name @@ -16296,228 +5700,95 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the HTTP - server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the - container has started before liveness - probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform - the probe. Default to 10 seconds. Minimum - value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to 1. Must - be 1 for liveness and startup. Minimum - value is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action - involving a TCP port. properties: host: - description: 'Optional: Host name to - connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds - the pod needs to terminate gracefully - upon probe failure. The grace period is - the duration in seconds after the processes - running in the pod are sent a termination - signal and the time when the processes - are forcibly halted with a kill signal. - Set this value longer than the expected - cleanup time for your process. If this - value is nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this value overrides - the value provided by the pod spec. Value - must be non-negative integer. The value - zero indicates stop immediately via the - kill signal (no opportunity to shut down). - This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which - the probe times out. Defaults to 1 second. - Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object nodeSelector: additionalProperties: type: string - description: 'NodeSelector is a selector which - must be true for the pod to fit on a node. - Selector which must match a node''s labels - for the pod to be scheduled on that node. - More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' type: object x-kubernetes-map-type: atomic podPlacementPolicy: - description: PodPlacementPolicy is the reference - of the podPlacementPolicy properties: name: default: "" - description: 'Name of the referent. This - field is effectively required, but due - to backwards compatibility is allowed - to be empty. Instances of this type with - an empty value here are almost certainly - wrong. TODO: Add other useful fields. - apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic priority: - description: The priority value. Various system - components use this field to find the priority - of the pod. When Priority Admission Controller - is enabled, it prevents users from setting - this field. The admission controller populates - this field from PriorityClassName. The higher - the value, the higher the priority. format: int32 type: integer priorityClassName: - description: If specified, indicates the pod's - priority. "system-node-critical" and "system-cluster-critical" - are two special keywords which indicate the - highest priorities with the former being the - highest priority. Any other name must be defined - by creating a PriorityClass object with that - name. If not specified, the pod priority will - be default or zero if there is no default. type: string readinessProbe: - description: 'Periodic probe of container service - readiness. Container will be removed from - service endpoints if the probe fails. Cannot - be updated. Controllers may set default ReadinessProbe - if no readyness probe is provided. To ignore - defaulting, set the value to empty ReadynessProbe - "{}". More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action to - take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it is - not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to - explicitly call out to that shell. - Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults to 3. - Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action involving - a GRPC port. properties: port: - description: Port number of the gRPC - service. Number must be in the range - 1 to 65535. format: int32 type: integer service: - description: "Service is the name of - the service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default - behavior is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http - request to perform. properties: host: - description: Host name to connect to, - defaults to the pod IP. You probably - want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers to set in - the request. HTTP allows repeated - headers. items: - description: HTTPHeader describes - a custom header to be used in HTTP - probes properties: name: - description: The header field - name. This will be canonicalized - upon output, so case-variant - names will be understood as - the same header. type: string value: - description: The header field - value type: string required: - name @@ -16526,116 +5797,51 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the HTTP - server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the - container has started before liveness - probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform - the probe. Default to 10 seconds. Minimum - value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to 1. Must - be 1 for liveness and startup. Minimum - value is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action - involving a TCP port. properties: host: - description: 'Optional: Host name to - connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds - the pod needs to terminate gracefully - upon probe failure. The grace period is - the duration in seconds after the processes - running in the pod are sent a termination - signal and the time when the processes - are forcibly halted with a kill signal. - Set this value longer than the expected - cleanup time for your process. If this - value is nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this value overrides - the value provided by the pod spec. Value - must be non-negative integer. The value - zero indicates stop immediately via the - kill signal (no opportunity to shut down). - This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which - the probe times out. Defaults to 1 second. - Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object resources: - description: Compute Resources required by the - sidecar container. properties: claims: - description: "Claims lists the names of - resources, defined in spec.resourceClaims, - that are used by this container. \n This - is an alpha field and requires enabling - the DynamicResourceAllocation feature - gate. \n This field is immutable. It can - only be set for containers." items: - description: ResourceClaim references - one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name - of one entry in pod.spec.resourceClaims - of the Pod where this field is used. - It makes that resource available - inside a container. type: string required: - name @@ -16651,9 +5857,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum - amount of compute resources allowed. More - info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -16662,225 +5865,68 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum - amount of compute resources required. - If Requests is omitted for a container, - it defaults to Limits if that is explicitly - specified, otherwise to an implementation-defined - value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object runtimeClassName: - description: 'RuntimeClassName refers to a RuntimeClass - object in the node.k8s.io group, which should - be used to run this pod. If no RuntimeClass - resource matches the named class, the pod - will not be run. If unset or empty, the "legacy" - RuntimeClass will be used, which is an implicit - class with an empty definition that uses the - default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class' type: string schedulerName: - description: If specified, the pod will be dispatched - by specified scheduler. If not specified, - the pod will be dispatched by default scheduler. type: string securityContext: - description: 'SecurityContext holds pod-level - security attributes and common container settings. - Optional: Defaults to empty. See type description - for default values of each field.' properties: appArmorProfile: - description: appArmorProfile is the AppArmor - options to use by the containers in this - pod. Note that this field cannot be set - when spec.os.name is windows. properties: localhostProfile: - description: localhostProfile indicates - a profile loaded on the node that - should be used. The profile must be - preconfigured on the node to work. - Must match the loaded name of the - profile. Must be set if and only if - type is "Localhost". type: string type: - description: 'type indicates which kind - of AppArmor profile will be applied. - Valid options are: Localhost - a profile - pre-loaded on the node. RuntimeDefault - - the container runtime''s default - profile. Unconfined - no AppArmor - enforcement.' type: string required: - type type: object fsGroup: - description: "A special supplemental group - that applies to all containers in a pod. - Some volume types allow the Kubelet to - change the ownership of that volume to - be owned by the pod: \n 1. The owning - GID will be the FSGroup 2. The setgid - bit is set (new files created in the volume - will be owned by FSGroup) 3. The permission - bits are OR'd with rw-rw---- \n If unset, - the Kubelet will not modify the ownership - and permissions of any volume. Note that - this field cannot be set when spec.os.name - is windows." format: int64 type: integer fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines - behavior of changing ownership and permission - of the volume before being exposed inside - Pod. This field will only apply to volume - types which support fsGroup based ownership(and - permissions). It will have no effect on - ephemeral volume types such as: secret, - configmaps and emptydir. Valid values - are "OnRootMismatch" and "Always". If - not specified, "Always" is used. Note - that this field cannot be set when spec.os.name - is windows.' type: string runAsGroup: - description: The GID to run the entrypoint - of the container process. Uses runtime - default if unset. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence for that container. Note - that this field cannot be set when spec.os.name - is windows. format: int64 type: integer runAsNonRoot: - description: Indicates that the container - must run as a non-root user. If true, - the Kubelet will validate the image at - runtime to ensure that it does not run - as UID 0 (root) and fail to start the - container if it does. If unset or false, - no such validation will be performed. - May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint - of the container process. Defaults to - user specified in image metadata if unspecified. - May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence for that container. Note - that this field cannot be set when spec.os.name - is windows. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be applied - to all containers. If unspecified, the - container runtime will allocate a random - SELinux context for each container. May - also be set in SecurityContext. If set - in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence for that container. Note - that this field cannot be set when spec.os.name - is windows. properties: level: - description: Level is SELinux level - label that applies to the container. type: string role: - description: Role is a SELinux role - label that applies to the container. type: string type: - description: Type is a SELinux type - label that applies to the container. type: string user: - description: User is a SELinux user - label that applies to the container. type: string type: object seccompProfile: - description: The seccomp options to use - by the containers in this pod. Note that - this field cannot be set when spec.os.name - is windows. properties: localhostProfile: - description: localhostProfile indicates - a profile defined in a file on the - node should be used. The profile must - be preconfigured on the node to work. - Must be a descending path, relative - to the kubelet's configured seccomp - profile location. Must be set if type - is "Localhost". Must NOT be set for - any other type. type: string type: - description: "type indicates which kind - of seccomp profile will be applied. - Valid options are: \n Localhost - - a profile defined in a file on the - node should be used. RuntimeDefault - - the container runtime default profile - should be used. Unconfined - no profile - should be applied." type: string required: - type type: object supplementalGroups: - description: A list of groups applied to - the first process run in each container, - in addition to the container's primary - GID, the fsGroup (if specified), and group - memberships defined in the container image - for the uid of the container process. - If unspecified, no additional groups are - added to any container. Note that group - memberships defined in the container image - for the uid of the container process are - still effective, even if they are not - included in this list. Note that this - field cannot be set when spec.os.name - is windows. items: format: int64 type: integer type: array x-kubernetes-list-type: atomic sysctls: - description: Sysctls hold a list of namespaced - sysctls used for the pod. Pods with unsupported - sysctls (by the container runtime) might - fail to launch. Note that this field cannot - be set when spec.os.name is windows. items: - description: Sysctl defines a kernel parameter - to be set properties: name: - description: Name of a property to - set type: string value: - description: Value of a property to - set type: string required: - name @@ -16889,183 +5935,53 @@ spec: type: array x-kubernetes-list-type: atomic windowsOptions: - description: The Windows specific settings - applied to all containers. If unspecified, - the options within a container's SecurityContext - will be used. If set in both SecurityContext - and PodSecurityContext, the value specified - in SecurityContext takes precedence. Note - that this field cannot be set when spec.os.name - is linux. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is where - the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential - spec named by the GMSACredentialSpecName - field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName - is the name of the GMSA credential - spec to use. type: string hostProcess: - description: HostProcess determines - if a container should be run as a - 'Host Process' container. All of a - Pod's containers must have the same - effective HostProcess value (it is - not allowed to have a mix of HostProcess - containers and non-HostProcess containers). - In addition, if HostProcess is true - then HostNetwork must also be set - to true. type: boolean runAsUserName: - description: The UserName in Windows - to run the entrypoint of the container - process. Defaults to the user specified - in image metadata if unspecified. - May also be set in PodSecurityContext. - If set in both SecurityContext and - PodSecurityContext, the value specified - in SecurityContext takes precedence. type: string type: object type: object serviceAccountName: - description: 'ServiceAccountName is the name - of the ServiceAccount to use to run this pod. - More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' type: string shareProcessNamespace: - description: 'Share a single process namespace - between all of the containers in a pod. When - this is set containers will be able to view - and signal processes from other containers - in the same pod, and the first process in - each container will not be assigned PID 1. - HostPID and ShareProcessNamespace cannot both - be set. Optional: Default to false.' type: boolean terminationGracePeriodSeconds: - description: Optional duration in seconds the - pod needs to terminate gracefully. May be - decreased in delete request. Value must be - non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity - to shut down). If this value is nil, the default - grace period will be used instead. The grace - period is the duration in seconds after the - processes running in the pod are sent a termination - signal and the time when the processes are - forcibly halted with a kill signal. Set this - value longer than the expected cleanup time - for your process. Defaults to 30 seconds. format: int64 type: integer tolerations: - description: If specified, the pod's tolerations. items: - description: The pod this Toleration is attached - to tolerates any taint that matches the - triple using the matching - operator . properties: effect: - description: Effect indicates the taint - effect to match. Empty means match all - taint effects. When specified, allowed - values are NoSchedule, PreferNoSchedule - and NoExecute. type: string key: - description: Key is the taint key that - the toleration applies to. Empty means - match all taint keys. If the key is - empty, operator must be Exists; this - combination means to match all values - and all keys. type: string operator: - description: Operator represents a key's - relationship to the value. Valid operators - are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for - value, so that a pod can tolerate all - taints of a particular category. type: string tolerationSeconds: - description: TolerationSeconds represents - the period of time the toleration (which - must be of effect NoExecute, otherwise - this field is ignored) tolerates the - taint. By default, it is not set, which - means tolerate the taint forever (do - not evict). Zero and negative values - will be treated as 0 (evict immediately) - by the system. format: int64 type: integer value: - description: Value is the taint value - the toleration matches to. If the operator - is Exists, the value should be empty, - otherwise just a regular string. type: string type: object type: array topologySpreadConstraints: - description: TopologySpreadConstraints describes - how a group of pods ought to spread across - topology domains. Scheduler will schedule - pods in a way which abides by the constraints. - All topologySpreadConstraints are ANDed. items: - description: TopologySpreadConstraint specifies - how to spread matching pods among the given - topology. properties: labelSelector: - description: LabelSelector is used to - find matching pods. Pods that match - this label selector are counted to determine - the number of pods in their corresponding - topology domain. properties: matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. properties: key: - description: key is the label - key that the selector applies - to. type: string operator: - description: operator represents - a key's relationship to a - set of values. Valid operators - are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an array - of string values. If the operator - is In or NotIn, the values - array must be non-empty. If - the operator is Exists or - DoesNotExist, the values array - must be empty. This array - is replaced during a strategic - merge patch. items: type: string type: array @@ -17079,176 +5995,27 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map - of {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are - ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: "MatchLabelKeys is a set - of pod label keys to select the pods - over which spreading will be calculated. - The keys are used to lookup values from - the incoming pod labels, those key-value - labels are ANDed with labelSelector - to select the group of existing pods - over which spreading will be calculated - for the incoming pod. The same key is - forbidden to exist in both MatchLabelKeys - and LabelSelector. MatchLabelKeys cannot - be set when LabelSelector isn't set. - Keys that don't exist in the incoming - pod labels will be ignored. A null or - empty list means only match against - labelSelector. \n This is a beta field - and requires the MatchLabelKeysInPodTopologySpread - feature gate to be enabled (enabled - by default)." items: type: string type: array x-kubernetes-list-type: atomic maxSkew: - description: 'MaxSkew describes the degree - to which pods may be unevenly distributed. - When `whenUnsatisfiable=DoNotSchedule`, - it is the maximum permitted difference - between the number of matching pods - in the target topology and the global - minimum. The global minimum is the minimum - number of matching pods in an eligible - domain or zero if the number of eligible - domains is less than MinDomains. For - example, in a 3-zone cluster, MaxSkew - is set to 1, and pods with the same - labelSelector spread as 2/2/1: In this - case, the global minimum is 1. | zone1 - | zone2 | zone3 | | P P | P P | P | - - if MaxSkew is 1, incoming pod can - only be scheduled to zone3 to become - 2/2/2; scheduling it onto zone1(zone2) - would make the ActualSkew(3-1) on zone1(zone2) - violate MaxSkew(1). - if MaxSkew is - 2, incoming pod can be scheduled onto - any zone. When `whenUnsatisfiable=ScheduleAnyway`, - it is used to give higher precedence - to topologies that satisfy it. It''s - a required field. Default value is 1 - and 0 is not allowed.' format: int32 type: integer minDomains: - description: "MinDomains indicates a minimum - number of eligible domains. When the - number of eligible domains with matching - topology keys is less than minDomains, - Pod Topology Spread treats \"global - minimum\" as 0, and then the calculation - of Skew is performed. And when the number - of eligible domains with matching topology - keys equals or greater than minDomains, - this value has no effect on scheduling. - As a result, when the number of eligible - domains is less than minDomains, scheduler - won't schedule more than maxSkew Pods - to those domains. If value is nil, the - constraint behaves as if MinDomains - is equal to 1. Valid values are integers - greater than 0. When value is not nil, - WhenUnsatisfiable must be DoNotSchedule. - \n For example, in a 3-zone cluster, - MaxSkew is set to 2, MinDomains is set - to 5 and pods with the same labelSelector - spread as 2/2/2: | zone1 | zone2 | zone3 - | | P P | P P | P P | The number - of domains is less than 5(MinDomains), - so \"global minimum\" is treated as - 0. In this situation, new pod with the - same labelSelector cannot be scheduled, - because computed skew will be 3(3 - - 0) if new Pod is scheduled to any of - the three zones, it will violate MaxSkew." format: int32 type: integer nodeAffinityPolicy: - description: "NodeAffinityPolicy indicates - how we will treat Pod's nodeAffinity/nodeSelector - when calculating pod topology spread - skew. Options are: - Honor: only nodes - matching nodeAffinity/nodeSelector are - included in the calculations. - Ignore: - nodeAffinity/nodeSelector are ignored. - All nodes are included in the calculations. - \n If this value is nil, the behavior - is equivalent to the Honor policy. This - is a beta-level feature default enabled - by the NodeInclusionPolicyInPodTopologySpread - feature flag." type: string nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates - how we will treat node taints when calculating - pod topology spread skew. Options are: - - Honor: nodes without taints, along - with tainted nodes for which the incoming - pod has a toleration, are included. - - Ignore: node taints are ignored. All - nodes are included. \n If this value - is nil, the behavior is equivalent to - the Ignore policy. This is a beta-level - feature default enabled by the NodeInclusionPolicyInPodTopologySpread - feature flag." type: string topologyKey: - description: TopologyKey is the key of - node labels. Nodes that have a label - with this key and identical values are - considered to be in the same topology. - We consider each as a "bucket", - and try to put balanced number of pods - into each bucket. We define a domain - as a particular instance of a topology. - Also, we define an eligible domain as - a domain whose nodes meet the requirements - of nodeAffinityPolicy and nodeTaintsPolicy. - e.g. If TopologyKey is "kubernetes.io/hostname", - each Node is a domain of that topology. - And, if TopologyKey is "topology.kubernetes.io/zone", - each zone is a domain of that topology. - It's a required field. type: string whenUnsatisfiable: - description: 'WhenUnsatisfiable indicates - how to deal with a pod if it doesn''t - satisfy the spread constraint. - DoNotSchedule - (default) tells the scheduler not to - schedule it. - ScheduleAnyway tells - the scheduler to schedule the pod in - any location, but giving higher precedence - to topologies that would help reduce - the skew. A constraint is considered - "Unsatisfiable" for an incoming pod - if and only if every possible node assignment - for that pod would violate "MaxSkew" - on some topology. For example, in a - 3-zone cluster, MaxSkew is set to 1, - and pods with the same labelSelector - spread as 3/1/1: | zone1 | zone2 | zone3 - | | P P P | P | P | If WhenUnsatisfiable - is set to DoNotSchedule, incoming pod - can only be scheduled to zone2(zone3) - to become 3/2/1(3/1/2) as ActualSkew(2-1) - on zone2(zone3) satisfies MaxSkew(1). - In other words, the cluster can still - be imbalanced, but scheduler won''t - make it *more* imbalanced. It''s a required - field.' type: string required: - maxSkew @@ -17261,75 +6028,21 @@ spec: - whenUnsatisfiable x-kubernetes-list-type: map volumeMounts: - description: Pod volumes to mount into the container's - filesystem. Cannot be updated. items: - description: VolumeMount describes a mounting - of a Volume within a container. properties: mountPath: - description: Path within the container - at which the volume should be mounted. Must - not contain ':'. type: string mountPropagation: - description: mountPropagation determines - how mounts are propagated from the host - to container and the other way around. - When not set, MountPropagationNone is - used. This field is beta in 1.10. When - RecursiveReadOnly is set to IfPossible - or to Enabled, MountPropagation must - be None or unspecified (which defaults - to None). type: string name: - description: This must match the Name - of a Volume. type: string readOnly: - description: Mounted read-only if true, - read-write otherwise (false or unspecified). - Defaults to false. type: boolean recursiveReadOnly: - description: "RecursiveReadOnly specifies - whether read-only mounts should be handled - recursively. \n If ReadOnly is false, - this field has no meaning and must be - unspecified. \n If ReadOnly is true, - and this field is set to Disabled, the - mount is not made recursively read-only. - \ If this field is set to IfPossible, - the mount is made recursively read-only, - if it is supported by the container - runtime. If this field is set to Enabled, - the mount is made recursively read-only - if it is supported by the container - runtime, otherwise the pod will not - be started and an error will be generated - to indicate the reason. \n If this field - is set to IfPossible or Enabled, MountPropagation - must be set to None (or be unspecified, - which defaults to None). \n If this - field is not specified, it is treated - as an equivalent of Disabled." type: string subPath: - description: Path within the volume from - which the container's volume should - be mounted. Defaults to "" (volume's - root). type: string subPathExpr: - description: Expanded path within the - volume from which the container's volume - should be mounted. Behaves similarly - to SubPath but environment variable - references $(VAR_NAME) are expanded - using the container's environment. Defaults - to "" (volume's root). SubPathExpr and - SubPath are mutually exclusive. type: string required: - mountPath @@ -17337,309 +6050,109 @@ spec: type: object type: array volumes: - description: 'List of volumes that can be mounted - by containers belonging to the pod. More info: - https://kubernetes.io/docs/concepts/storage/volumes' items: - description: Volume represents a named volume - in a pod that may be accessed by any container - in the pod. properties: awsElasticBlockStore: - description: 'awsElasticBlockStore represents - an AWS Disk resource that is attached - to a kubelet''s host machine and then - exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' properties: fsType: - description: 'fsType is the filesystem - type of the volume that you want - to mount. Tip: Ensure that the filesystem - type is supported by the host operating - system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be - "ext4" if unspecified. More info: - https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in - the filesystem from compromising - the machine' type: string partition: - description: 'partition is the partition - in the volume that you want to mount. - If omitted, the default is to mount - by volume name. Examples: For volume - /dev/sda1, you specify the partition - as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can - leave the property empty).' format: int32 type: integer readOnly: - description: 'readOnly value true - will force the readOnly setting - in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: boolean volumeID: - description: 'volumeID is unique ID - of the persistent disk resource - in AWS (Amazon EBS volume). More - info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: string required: - volumeID type: object azureDisk: - description: azureDisk represents an Azure - Data Disk mount on the host and bind - mount to the pod. properties: cachingMode: - description: 'cachingMode is the Host - Caching mode: None, Read Only, Read - Write.' type: string diskName: - description: diskName is the Name - of the data disk in the blob storage type: string diskURI: - description: diskURI is the URI of - data disk in the blob storage type: string fsType: - description: fsType is Filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. type: string kind: - description: 'kind expected values - are Shared: multiple blob disks - per storage account Dedicated: - single blob disk per storage account Managed: - azure managed data disk (only in - managed availability set). defaults - to shared' type: string readOnly: - description: readOnly Defaults to - false (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. type: boolean required: - diskName - diskURI type: object azureFile: - description: azureFile represents an Azure - File Service mount on the host and bind - mount to the pod. properties: readOnly: - description: readOnly defaults to - false (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. type: boolean secretName: - description: secretName is the name - of secret that contains Azure Storage - Account Name and Key type: string shareName: - description: shareName is the azure - share Name type: string required: - secretName - shareName type: object cephfs: - description: cephFS represents a Ceph - FS mount on the host that shares a pod's - lifetime properties: monitors: - description: 'monitors is Required: - Monitors is a collection of Ceph - monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' items: type: string type: array x-kubernetes-list-type: atomic path: - description: 'path is Optional: Used - as the mounted root, rather than - the full Ceph tree, default is /' type: string readOnly: - description: 'readOnly is Optional: - Defaults to false (read/write). - ReadOnly here will force the ReadOnly - setting in VolumeMounts. More info: - https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: boolean secretFile: - description: 'secretFile is Optional: - SecretFile is the path to key ring - for User, default is /etc/ceph/user.secret - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string secretRef: - description: 'secretRef is Optional: - SecretRef is reference to the authentication - secret for User, default is empty. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is optional: User - is the rados user name, default - is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string required: - monitors type: object cinder: - description: 'cinder represents a cinder - volume attached and mounted on kubelets - host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' properties: fsType: - description: 'fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be - "ext4" if unspecified. More info: - https://examples.k8s.io/mysql-cinder-pd/README.md' type: string readOnly: - description: 'readOnly defaults to - false (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: boolean secretRef: - description: 'secretRef is optional: - points to a secret object containing - parameters used to connect to OpenStack.' properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic volumeID: - description: 'volumeID used to identify - the volume in cinder. More info: - https://examples.k8s.io/mysql-cinder-pd/README.md' type: string required: - volumeID type: object configMap: - description: configMap represents a configMap - that should populate this volume properties: defaultMode: - description: 'defaultMode is optional: - mode bits used to set permissions - on created files by default. Must - be an octal value between 0000 and - 0777 or a decimal value between - 0 and 511. YAML accepts both octal - and decimal values, JSON requires - decimal values for mode bits. Defaults - to 0644. Directories within the - path are not affected by this setting. - This might be in conflict with other - options that affect the file mode, - like fsGroup, and the result can - be other mode bits set.' format: int32 type: integer items: - description: items if unspecified, - each key-value pair in the Data - field of the referenced ConfigMap - will be projected into the volume - as a file whose name is the key - and content is the value. If specified, - the listed keys will be projected - into the specified paths, and unlisted - keys will not be present. If a key - is specified which is not present - in the ConfigMap, the volume setup - will error unless it is marked optional. - Paths must be relative and may not - contain the '..' path or start with - '..'. items: - description: Maps a string key to - a path within a volume. properties: key: - description: key is the key - to project. type: string mode: - description: 'mode is Optional: - mode bits used to set permissions - on this file. Must be an octal - value between 0000 and 0777 - or a decimal value between - 0 and 511. YAML accepts both - octal and decimal values, - JSON requires decimal values - for mode bits. If not specified, - the volume defaultMode will - be used. This might be in - conflict with other options - that affect the file mode, - like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer path: - description: path is the relative - path of the file to map the - key to. May not be an absolute - path. May not contain the - path element '..'. May not - start with the string '..'. type: string required: - key @@ -17649,199 +6162,67 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional specify whether - the ConfigMap or its keys must be - defined type: boolean type: object x-kubernetes-map-type: atomic csi: - description: csi (Container Storage Interface) - represents ephemeral storage that is - handled by certain external CSI drivers - (Beta feature). properties: driver: - description: driver is the name of - the CSI driver that handles this - volume. Consult with your admin - for the correct name as registered - in the cluster. type: string fsType: - description: fsType to mount. Ex. - "ext4", "xfs", "ntfs". If not provided, - the empty value is passed to the - associated CSI driver which will - determine the default filesystem - to apply. type: string nodePublishSecretRef: - description: nodePublishSecretRef - is a reference to the secret object - containing sensitive information - to pass to the CSI driver to complete - the CSI NodePublishVolume and NodeUnpublishVolume - calls. This field is optional, and may - be empty if no secret is required. - If the secret object contains more - than one secret, all secret references - are passed. properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic readOnly: - description: readOnly specifies a - read-only configuration for the - volume. Defaults to false (read/write). type: boolean volumeAttributes: additionalProperties: type: string - description: volumeAttributes stores - driver-specific properties that - are passed to the CSI driver. Consult - your driver's documentation for - supported values. type: object required: - driver type: object downwardAPI: - description: downwardAPI represents downward - API about the pod that should populate - this volume properties: defaultMode: - description: 'Optional: mode bits - to use on created files by default. - Must be a Optional: mode bits used - to set permissions on created files - by default. Must be an octal value - between 0000 and 0777 or a decimal - value between 0 and 511. YAML accepts - both octal and decimal values, JSON - requires decimal values for mode - bits. Defaults to 0644. Directories - within the path are not affected - by this setting. This might be in - conflict with other options that - affect the file mode, like fsGroup, - and the result can be other mode - bits set.' format: int32 type: integer items: - description: Items is a list of downward - API volume file items: - description: DownwardAPIVolumeFile - represents information to create - the file containing the pod field properties: fieldRef: - description: 'Required: Selects - a field of the pod: only annotations, - labels, name, namespace and - uid are supported.' properties: apiVersion: - description: Version of - the schema the FieldPath - is written in terms of, - defaults to "v1". type: string fieldPath: - description: Path of the - field to select in the - specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: mode - bits used to set permissions - on this file, must be an octal - value between 0000 and 0777 - or a decimal value between - 0 and 511. YAML accepts both - octal and decimal values, - JSON requires decimal values - for mode bits. If not specified, - the volume defaultMode will - be used. This might be in - conflict with other options - that affect the file mode, - like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer path: - description: 'Required: Path - is the relative path name - of the file to be created. - Must not be absolute or contain - the ''..'' path. Must be utf-8 - encoded. The first item of - the relative path must not - start with ''..''' type: string resourceFieldRef: - description: 'Selects a resource - of the container: only resources - limits and requests (limits.cpu, - limits.memory, requests.cpu - and requests.memory) are currently - supported.' properties: containerName: - description: 'Container - name: required for volumes, - optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the - output format of the exposed - resources, defaults to - "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: - resource to select' type: string required: - resource @@ -17854,265 +6235,50 @@ spec: x-kubernetes-list-type: atomic type: object emptyDir: - description: 'emptyDir represents a temporary - directory that shares a pod''s lifetime. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' properties: medium: - description: 'medium represents what - type of storage medium should back - this directory. The default is "" - which means to use the node''s default - medium. Must be an empty string - (default) or Memory. More info: - https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: anyOf: - type: integer - type: string - description: 'sizeLimit is the total - amount of local storage required - for this EmptyDir volume. The size - limit is also applicable for memory - medium. The maximum usage on memory - medium EmptyDir would be the minimum - value between the SizeLimit specified - here and the sum of memory limits - of all containers in a pod. The - default is nil which means that - the limit is undefined. More info: - https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object ephemeral: - description: "ephemeral represents a volume - that is handled by a cluster storage - driver. The volume's lifecycle is tied - to the pod that defines it - it will - be created before the pod starts, and - deleted when the pod is removed. \n - Use this if: a) the volume is only needed - while the pod runs, b) features of normal - volumes like restoring from snapshot - or capacity tracking are needed, c) - the storage driver is specified through - a storage class, and d) the storage - driver supports dynamic volume provisioning - through a PersistentVolumeClaim (see - EphemeralVolumeSource for more information - on the connection between this volume - type and PersistentVolumeClaim). \n - Use PersistentVolumeClaim or one of - the vendor-specific APIs for volumes - that persist for longer than the lifecycle - of an individual pod. \n Use CSI for - light-weight local ephemeral volumes - if the CSI driver is meant to be used - that way - see the documentation of - the driver for more information. \n - A pod can use both types of ephemeral - volumes and persistent volumes at the - same time." properties: volumeClaimTemplate: - description: "Will be used to create - a stand-alone PVC to provision the - volume. The pod in which this EphemeralVolumeSource - is embedded will be the owner of - the PVC, i.e. the PVC will be deleted - together with the pod. The name - of the PVC will be `-` where `` is - the name from the `PodSpec.Volumes` - array entry. Pod validation will - reject the pod if the concatenated - name is not valid for a PVC (for - example, too long). \n An existing - PVC with that name that is not owned - by the pod will *not* be used for - the pod to avoid using an unrelated - volume by mistake. Starting the - pod is then blocked until the unrelated - PVC is removed. If such a pre-created - PVC is meant to be used by the pod, - the PVC has to updated with an owner - reference to the pod once the pod - exists. Normally this should not - be necessary, but it may be useful - when manually reconstructing a broken - cluster. \n This field is read-only - and no changes will be made by Kubernetes - to the PVC after it has been created. - \n Required, must not be nil." properties: metadata: - description: May contain labels - and annotations that will be - copied into the PVC when creating - it. No other fields are allowed - and will be rejected during - validation. properties: annotations: additionalProperties: type: string - description: 'Annotations - is an unstructured key value - map stored with a resource - that may be set by external - tools to store and retrieve - arbitrary metadata. They - are not queryable and should - be preserved when modifying - objects. More info: http://kubernetes.io/docs/user-guide/annotations' type: object generateName: - description: "GenerateName - is an optional prefix, used - by the server, to generate - a unique name ONLY IF the - Name field has not been - provided. If this field - is used, the name returned - to the client will be different - than the name passed. This - value will also be combined - with a unique suffix. The - provided value has the same - validation rules as the - Name field, and may be truncated - by the length of the suffix - required to make the value - unique on the server. \n - If this field is specified - and the generated name exists, - the server will NOT return - a 409 - instead, it will - either return 201 Created - or 500 with Reason ServerTimeout - indicating a unique name - could not be found in the - time allotted, and the client - should retry (optionally - after the time indicated - in the Retry-After header). - \n Applied only if Name - is not specified. More info: - https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" type: string labels: additionalProperties: type: string - description: 'Map of string - keys and values that can - be used to organize and - categorize (scope and select) - objects. May match selectors - of replication controllers - and services. More info: - http://kubernetes.io/docs/user-guide/labels' type: object name: - description: 'Name must be - unique within a namespace. - Is required when creating - resources, although some - resources may allow a client - to request the generation - of an appropriate name automatically. - Name is primarily intended - for creation idempotence - and configuration definition. - Cannot be updated. More - info: http://kubernetes.io/docs/user-guide/identifiers#names' type: string namespace: - description: "Namespace defines - the space within each name - must be unique. An empty - namespace is equivalent - to the \"default\" namespace, - but \"default\" is the canonical - representation. Not all - objects are required to - be scoped to a namespace - - the value of this field - for those objects will be - empty. \n Must be a DNS_LABEL. - Cannot be updated. More - info: http://kubernetes.io/docs/user-guide/namespaces" type: string ownerReferences: - description: List of objects - depended by this object. - If ALL objects in the list - have been deleted, this - object will be garbage collected. - If this object is managed - by a controller, then an - entry in this list will - point to this controller, - with the controller field - set to true. There cannot - be more than one managing - controller. items: - description: OwnerReference - contains enough information - to let you identify an - owning object. An owning - object must be in the - same namespace as the - dependent, or be cluster-scoped, - so there is no namespace - field. properties: apiVersion: - description: API version - of the referent. type: string blockOwnerDeletion: - description: If true, - AND if the owner has - the "foregroundDeletion" - finalizer, then the - owner cannot be deleted - from the key-value - store until this reference - is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion - for how the garbage - collector interacts - with this field and - enforces the foreground - deletion. Defaults - to false. To set this - field, a user needs - "delete" permission - of the owner, otherwise - 422 (Unprocessable - Entity) will be returned. type: boolean controller: - description: If true, - this reference points - to the managing controller. type: boolean kind: - description: 'Kind of - the referent. More - info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string name: - description: 'Name of - the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: - description: 'UID of - the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -18124,66 +6290,19 @@ spec: type: array type: object spec: - description: The specification - for the PersistentVolumeClaim. - The entire content is copied - unchanged into the PVC that - gets created from this template. - The same fields as in a PersistentVolumeClaim - are also valid here. properties: accessModes: - description: 'accessModes - contains the desired access - modes the volume should - have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array x-kubernetes-list-type: atomic dataSource: - description: 'dataSource field - can be used to specify either: - * An existing VolumeSnapshot - object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an - external controller can - support the specified data - source, it will create a - new volume based on the - contents of the specified - data source. When the AnyVolumeDataSource - feature gate is enabled, - dataSource contents will - be copied to dataSourceRef, - and dataSourceRef contents - will be copied to dataSource - when dataSourceRef.namespace - is not specified. If the - namespace is specified, - then dataSourceRef will - not be copied to dataSource.' properties: apiGroup: - description: APIGroup - is the group for the - resource being referenced. - If APIGroup is not specified, - the specified Kind must - be in the core API group. - For any other third-party - types, APIGroup is required. type: string kind: - description: Kind is the - type of resource being - referenced type: string name: - description: Name is the - name of resource being - referenced type: string required: - kind @@ -18191,114 +6310,20 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef - specifies the object from - which to populate the volume - with data, if a non-empty - volume is desired. This - may be any object from a - non-empty API group (non - core object) or a PersistentVolumeClaim - object. When this field - is specified, volume binding - will only succeed if the - type of the specified object - matches some installed volume - populator or dynamic provisioner. - This field will replace - the functionality of the - dataSource field and as - such if both fields are - non-empty, they must have - the same value. For backwards - compatibility, when namespace - isn''t specified in dataSourceRef, - both fields (dataSource - and dataSourceRef) will - be set to the same value - automatically if one of - them is empty and the other - is non-empty. When namespace - is specified in dataSourceRef, - dataSource isn''t set to - the same value and must - be empty. There are three - important differences between - dataSource and dataSourceRef: - * While dataSource only - allows two specific types - of objects, dataSourceRef - allows any non-core object, - as well as PersistentVolumeClaim - objects. * While dataSource - ignores disallowed values - (dropping them), dataSourceRef - preserves all values, and - generates an error if a - disallowed value is specified. - * While dataSource only - allows local objects, dataSourceRef - allows objects in any namespaces. - (Beta) Using this field - requires the AnyVolumeDataSource - feature gate to be enabled. - (Alpha) Using the namespace - field of dataSourceRef requires - the CrossNamespaceVolumeDataSource - feature gate to be enabled.' properties: apiGroup: - description: APIGroup - is the group for the - resource being referenced. - If APIGroup is not specified, - the specified Kind must - be in the core API group. - For any other third-party - types, APIGroup is required. type: string kind: - description: Kind is the - type of resource being - referenced type: string name: - description: Name is the - name of resource being - referenced type: string namespace: - description: Namespace - is the namespace of - resource being referenced - Note that when a namespace - is specified, a gateway.networking.k8s.io/ReferenceGrant - object is required in - the referent namespace - to allow that namespace's - owner to accept the - reference. See the ReferenceGrant - documentation for details. - (Alpha) This field requires - the CrossNamespaceVolumeDataSource - feature gate to be enabled. type: string required: - kind - name type: object resources: - description: 'resources represents - the minimum resources the - volume should have. If RecoverVolumeExpansionFailure - feature is enabled users - are allowed to specify resource - requirements that are lower - than previous value but - must still be higher than - capacity recorded in the - status field of the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: @@ -18307,10 +6332,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes - the maximum amount of - compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -18319,70 +6340,18 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests - describes the minimum - amount of compute resources - required. If Requests - is omitted for a container, - it defaults to Limits - if that is explicitly - specified, otherwise - to an implementation-defined - value. Requests cannot - exceed Limits. More - info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: - description: selector is a - label query over volumes - to consider for binding. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. properties: key: - description: key - is the label key - that the selector - applies to. type: string operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. items: type: string type: array @@ -18396,74 +6365,16 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName - is the name of the StorageClass - required by the claim. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeAttributesClassName: - description: 'volumeAttributesClassName - may be used to set the VolumeAttributesClass - used by this claim. If specified, - the CSI driver will create - or update the volume with - the attributes defined in - the corresponding VolumeAttributesClass. - This has a different purpose - than storageClassName, it - can be changed after the - claim is created. An empty - string value means that - no VolumeAttributesClass - will be applied to the claim - but it''s not allowed to - reset this field to empty - string once it is set. If - unspecified and the PersistentVolumeClaim - is unbound, the default - VolumeAttributesClass will - be set by the persistentvolume - controller if it exists. - If the resource referred - to by volumeAttributesClass - does not exist, this PersistentVolumeClaim - will be set to a Pending - state, as reflected by the - modifyVolumeStatus field, - until such as a resource - exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field - requires the VolumeAttributesClass - feature gate to be enabled.' type: string volumeMode: - description: volumeMode defines - what type of volume is required - by the claim. Value of Filesystem - is implied when not included - in claim spec. type: string volumeName: - description: volumeName is - the binding reference to - the PersistentVolume backing - this claim. type: string type: object required: @@ -18471,105 +6382,41 @@ spec: type: object type: object fc: - description: fc represents a Fibre Channel - resource that is attached to a kubelet's - host machine and then exposed to the - pod. properties: fsType: - description: 'fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. TODO: how do we - prevent errors in the filesystem - from compromising the machine' type: string lun: - description: 'lun is Optional: FC - target lun number' format: int32 type: integer readOnly: - description: 'readOnly is Optional: - Defaults to false (read/write). - ReadOnly here will force the ReadOnly - setting in VolumeMounts.' type: boolean targetWWNs: - description: 'targetWWNs is Optional: - FC target worldwide names (WWNs)' items: type: string type: array x-kubernetes-list-type: atomic wwids: - description: 'wwids Optional: FC volume - world wide identifiers (wwids) Either - wwids or combination of targetWWNs - and lun must be set, but not both - simultaneously.' items: type: string type: array x-kubernetes-list-type: atomic type: object flexVolume: - description: flexVolume represents a generic - volume resource that is provisioned/attached - using an exec based plugin. properties: driver: - description: driver is the name of - the driver to use for this volume. type: string fsType: - description: fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - The default filesystem depends on - FlexVolume script. type: string options: additionalProperties: type: string - description: 'options is Optional: - this field holds extra command options - if any.' type: object readOnly: - description: 'readOnly is Optional: - defaults to false (read/write). - ReadOnly here will force the ReadOnly - setting in VolumeMounts.' type: boolean secretRef: - description: 'secretRef is Optional: - secretRef is reference to the secret - object containing sensitive information - to pass to the plugin scripts. This - may be empty if no secret object - is specified. If the secret object - contains more than one secret, all - secrets are passed to the plugin - scripts.' properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic @@ -18577,214 +6424,79 @@ spec: - driver type: object flocker: - description: flocker represents a Flocker - volume attached to a kubelet's host - machine. This depends on the Flocker - control service being running properties: datasetName: - description: datasetName is Name of - the dataset stored as metadata -> - name on the dataset for Flocker - should be considered as deprecated type: string datasetUUID: - description: datasetUUID is the UUID - of the dataset. This is unique identifier - of a Flocker dataset type: string type: object gcePersistentDisk: - description: 'gcePersistentDisk represents - a GCE Disk resource that is attached - to a kubelet''s host machine and then - exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' properties: fsType: - description: 'fsType is filesystem - type of the volume that you want - to mount. Tip: Ensure that the filesystem - type is supported by the host operating - system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be - "ext4" if unspecified. More info: - https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in - the filesystem from compromising - the machine' type: string partition: - description: 'partition is the partition - in the volume that you want to mount. - If omitted, the default is to mount - by volume name. Examples: For volume - /dev/sda1, you specify the partition - as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can - leave the property empty). More - info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' format: int32 type: integer pdName: - description: 'pdName is unique name - of the PD resource in GCE. Used - to identify the disk in GCE. More - info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: string readOnly: - description: 'readOnly here will force - the ReadOnly setting in VolumeMounts. - Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: boolean required: - pdName type: object glusterfs: - description: 'glusterfs represents a Glusterfs - mount on the host that shares a pod''s - lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' properties: endpoints: - description: 'endpoints is the endpoint - name that details Glusterfs topology. - More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string path: - description: 'path is the Glusterfs - volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string readOnly: - description: 'readOnly here will force - the Glusterfs volume to be mounted - with read-only permissions. Defaults - to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: boolean required: - endpoints - path type: object hostPath: - description: 'hostPath represents a pre-existing - file or directory on the host machine - that is directly exposed to the container. - This is generally used for system agents - or other privileged things that are - allowed to see the host machine. Most - containers will NOT need this. More - info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict - who can use host directory mounts and - who can/can not mount host directories - as read/write.' properties: path: - description: 'path of the directory - on the host. If the path is a symlink, - it will follow the link to the real - path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string type: - description: 'type for HostPath Volume - Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string required: - path type: object iscsi: - description: 'iscsi represents an ISCSI - Disk resource that is attached to a - kubelet''s host machine and then exposed - to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' properties: chapAuthDiscovery: - description: chapAuthDiscovery defines - whether support iSCSI Discovery - CHAP authentication type: boolean chapAuthSession: - description: chapAuthSession defines - whether support iSCSI Session CHAP - authentication type: boolean fsType: - description: 'fsType is the filesystem - type of the volume that you want - to mount. Tip: Ensure that the filesystem - type is supported by the host operating - system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be - "ext4" if unspecified. More info: - https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in - the filesystem from compromising - the machine' type: string initiatorName: - description: initiatorName is the - custom iSCSI Initiator Name. If - initiatorName is specified with - iscsiInterface simultaneously, new - iSCSI interface : will be created for the connection. type: string iqn: - description: iqn is the target iSCSI - Qualified Name. type: string iscsiInterface: - description: iscsiInterface is the - interface Name that uses an iSCSI - transport. Defaults to 'default' - (tcp). type: string lun: - description: lun represents iSCSI - Target Lun number. format: int32 type: integer portals: - description: portals is the iSCSI - Target Portal List. The portal is - either an IP or ip_addr:port if - the port is other than default (typically - TCP ports 860 and 3260). items: type: string type: array x-kubernetes-list-type: atomic readOnly: - description: readOnly here will force - the ReadOnly setting in VolumeMounts. - Defaults to false. type: boolean secretRef: - description: secretRef is the CHAP - Secret for iSCSI target and initiator - authentication properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic targetPortal: - description: targetPortal is iSCSI - Target Portal. The Portal is either - an IP or ip_addr:port if the port - is other than default (typically - TCP ports 860 and 3260). type: string required: - iqn @@ -18792,214 +6504,68 @@ spec: - targetPortal type: object name: - description: 'name of the volume. Must - be a DNS_LABEL and unique within the - pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string nfs: - description: 'nfs represents an NFS mount - on the host that shares a pod''s lifetime - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' properties: path: - description: 'path that is exported - by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string readOnly: - description: 'readOnly here will force - the NFS export to be mounted with - read-only permissions. Defaults - to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: boolean server: - description: 'server is the hostname - or IP address of the NFS server. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string required: - path - server type: object persistentVolumeClaim: - description: 'persistentVolumeClaimVolumeSource - represents a reference to a PersistentVolumeClaim - in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: claimName: - description: 'claimName is the name - of a PersistentVolumeClaim in the - same namespace as the pod using - this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' type: string readOnly: - description: readOnly Will force the - ReadOnly setting in VolumeMounts. - Default false. type: boolean required: - claimName type: object photonPersistentDisk: - description: photonPersistentDisk represents - a PhotonController persistent disk attached - and mounted on kubelets host machine properties: fsType: - description: fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. type: string pdID: - description: pdID is the ID that identifies - Photon Controller persistent disk type: string required: - pdID type: object portworxVolume: - description: portworxVolume represents - a portworx volume attached and mounted - on kubelets host machine properties: fsType: - description: fSType represents the - filesystem type to mount Must be - a filesystem type supported by the - host operating system. Ex. "ext4", - "xfs". Implicitly inferred to be - "ext4" if unspecified. type: string readOnly: - description: readOnly defaults to - false (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. type: boolean volumeID: - description: volumeID uniquely identifies - a Portworx volume type: string required: - volumeID type: object projected: - description: projected items for all in - one resources secrets, configmaps, and - downward API properties: defaultMode: - description: defaultMode are the mode - bits used to set permissions on - created files by default. Must be - an octal value between 0000 and - 0777 or a decimal value between - 0 and 511. YAML accepts both octal - and decimal values, JSON requires - decimal values for mode bits. Directories - within the path are not affected - by this setting. This might be in - conflict with other options that - affect the file mode, like fsGroup, - and the result can be other mode - bits set. format: int32 type: integer sources: - description: sources is the list of - volume projections items: - description: Projection that may - be projected along with other - supported volume types properties: clusterTrustBundle: - description: "ClusterTrustBundle - allows a pod to access the - `.spec.trustBundle` field - of ClusterTrustBundle objects - in an auto-updating file. - \n Alpha, gated by the ClusterTrustBundleProjection - feature gate. \n ClusterTrustBundle - objects can either be selected - by name, or by the combination - of signer name and a label - selector. \n Kubelet performs - aggressive normalization of - the PEM contents written into - the pod filesystem. Esoteric - PEM features such as inter-block - comments and block headers - are stripped. Certificates - are deduplicated. The ordering - of certificates within the - file is arbitrary, and Kubelet - may change the order over - time." properties: labelSelector: - description: Select all - ClusterTrustBundles that - match this label selector. Only - has effect if signerName - is set. Mutually-exclusive - with name. If unset, - interpreted as "match - nothing". If set but - empty, interpreted as - "match everything". properties: matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements are - ANDed. items: - description: A label - selector requirement - is a selector that - contains values, - a key, and an operator - that relates the - key and values. properties: key: - description: key - is the label - key that the - selector applies - to. type: string operator: - description: operator - represents a - key's relationship - to a set of - values. Valid - operators are - In, NotIn, Exists - and DoesNotExist. type: string values: - description: values - is an array - of string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or - DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic - merge patch. items: type: string type: array @@ -19013,131 +6579,31 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels - map is equivalent - to an element of matchExpressions, - whose key field is - "key", the operator - is "In", and the values - array contains only - "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic name: - description: Select a single - ClusterTrustBundle by - object name. Mutually-exclusive - with signerName and labelSelector. type: string optional: - description: If true, don't - block pod startup if the - referenced ClusterTrustBundle(s) - aren't available. If - using name, then the named - ClusterTrustBundle is - allowed not to exist. If - using signerName, then - the combination of signerName - and labelSelector is allowed - to match zero ClusterTrustBundles. type: boolean path: - description: Relative path - from the volume root to - write the bundle. type: string signerName: - description: Select all - ClusterTrustBundles that - match this signer name. - Mutually-exclusive with - name. The contents of - all selected ClusterTrustBundles - will be unified and deduplicated. type: string required: - path type: object configMap: - description: configMap information - about the configMap data to - project properties: items: - description: items if unspecified, - each key-value pair in - the Data field of the - referenced ConfigMap will - be projected into the - volume as a file whose - name is the key and content - is the value. If specified, - the listed keys will be - projected into the specified - paths, and unlisted keys - will not be present. If - a key is specified which - is not present in the - ConfigMap, the volume - setup will error unless - it is marked optional. - Paths must be relative - and may not contain the - '..' path or start with - '..'. items: - description: Maps a string - key to a path within - a volume. properties: key: - description: key is - the key to project. type: string mode: - description: 'mode - is Optional: mode - bits used to set - permissions on this - file. Must be an - octal value between - 0000 and 0777 or - a decimal value - between 0 and 511. - YAML accepts both - octal and decimal - values, JSON requires - decimal values for - mode bits. If not - specified, the volume - defaultMode will - be used. This might - be in conflict with - other options that - affect the file - mode, like fsGroup, - and the result can - be other mode bits - set.' format: int32 type: integer path: - description: path - is the relative - path of the file - to map the key to. - May not be an absolute - path. May not contain - the path element - '..'. May not start - with the string - '..'. type: string required: - key @@ -19147,141 +6613,42 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of the - referent. This field is - effectively required, - but due to backwards compatibility - is allowed to be empty. - Instances of this type - with an empty value here - are almost certainly wrong. - TODO: Add other useful - fields. apiVersion, kind, - uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional specify - whether the ConfigMap - or its keys must be defined type: boolean type: object x-kubernetes-map-type: atomic downwardAPI: - description: downwardAPI information - about the downwardAPI data - to project properties: items: - description: Items is a - list of DownwardAPIVolume - file items: - description: DownwardAPIVolumeFile - represents information - to create the file containing - the pod field properties: fieldRef: - description: 'Required: - Selects a field - of the pod: only - annotations, labels, - name, namespace - and uid are supported.' properties: apiVersion: - description: Version - of the schema - the FieldPath - is written in - terms of, defaults - to "v1". type: string fieldPath: - description: Path - of the field - to select in - the specified - API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: - mode bits used to - set permissions - on this file, must - be an octal value - between 0000 and - 0777 or a decimal - value between 0 - and 511. YAML accepts - both octal and decimal - values, JSON requires - decimal values for - mode bits. If not - specified, the volume - defaultMode will - be used. This might - be in conflict with - other options that - affect the file - mode, like fsGroup, - and the result can - be other mode bits - set.' format: int32 type: integer path: - description: 'Required: - Path is the relative - path name of the - file to be created. - Must not be absolute - or contain the ''..'' - path. Must be utf-8 - encoded. The first - item of the relative - path must not start - with ''..''' type: string resourceFieldRef: - description: 'Selects - a resource of the - container: only - resources limits - and requests (limits.cpu, - limits.memory, requests.cpu - and requests.memory) - are currently supported.' properties: containerName: - description: 'Container - name: required - for volumes, - optional for - env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies - the output format - of the exposed - resources, defaults - to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: - resource to - select' type: string required: - resource @@ -19294,77 +6661,16 @@ spec: x-kubernetes-list-type: atomic type: object secret: - description: secret information - about the secret data to project properties: items: - description: items if unspecified, - each key-value pair in - the Data field of the - referenced Secret will - be projected into the - volume as a file whose - name is the key and content - is the value. If specified, - the listed keys will be - projected into the specified - paths, and unlisted keys - will not be present. If - a key is specified which - is not present in the - Secret, the volume setup - will error unless it is - marked optional. Paths - must be relative and may - not contain the '..' path - or start with '..'. items: - description: Maps a string - key to a path within - a volume. properties: key: - description: key is - the key to project. type: string mode: - description: 'mode - is Optional: mode - bits used to set - permissions on this - file. Must be an - octal value between - 0000 and 0777 or - a decimal value - between 0 and 511. - YAML accepts both - octal and decimal - values, JSON requires - decimal values for - mode bits. If not - specified, the volume - defaultMode will - be used. This might - be in conflict with - other options that - affect the file - mode, like fsGroup, - and the result can - be other mode bits - set.' format: int32 type: integer path: - description: path - is the relative - path of the file - to map the key to. - May not be an absolute - path. May not contain - the path element - '..'. May not start - with the string - '..'. type: string required: - key @@ -19374,71 +6680,19 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of the - referent. This field is - effectively required, - but due to backwards compatibility - is allowed to be empty. - Instances of this type - with an empty value here - are almost certainly wrong. - TODO: Add other useful - fields. apiVersion, kind, - uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional field - specify whether the Secret - or its key must be defined type: boolean type: object x-kubernetes-map-type: atomic serviceAccountToken: - description: serviceAccountToken - is information about the serviceAccountToken - data to project properties: audience: - description: audience is - the intended audience - of the token. A recipient - of a token must identify - itself with an identifier - specified in the audience - of the token, and otherwise - should reject the token. - The audience defaults - to the identifier of the - apiserver. type: string expirationSeconds: - description: expirationSeconds - is the requested duration - of validity of the service - account token. As the - token approaches expiration, - the kubelet volume plugin - will proactively rotate - the service account token. - The kubelet will start - trying to rotate the token - if the token is older - than 80 percent of its - time to live or if the - token is older than 24 - hours.Defaults to 1 hour - and must be at least 10 - minutes. format: int64 type: integer path: - description: path is the - path relative to the mount - point of the file to project - the token into. type: string required: - path @@ -19448,202 +6702,79 @@ spec: x-kubernetes-list-type: atomic type: object quobyte: - description: quobyte represents a Quobyte - mount on the host that shares a pod's - lifetime properties: group: - description: group to map volume access - to Default is no group type: string readOnly: - description: readOnly here will force - the Quobyte volume to be mounted - with read-only permissions. Defaults - to false. type: boolean registry: - description: registry represents a - single or multiple Quobyte Registry - services specified as a string as - host:port pair (multiple entries - are separated with commas) which - acts as the central registry for - volumes type: string tenant: - description: tenant owning the given - Quobyte volume in the Backend Used - with dynamically provisioned Quobyte - volumes, value is set by the plugin type: string user: - description: user to map volume access - to Defaults to serivceaccount user type: string volume: - description: volume is a string that - references an already created Quobyte - volume by name. type: string required: - registry - volume type: object rbd: - description: 'rbd represents a Rados Block - Device mount on the host that shares - a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' properties: fsType: - description: 'fsType is the filesystem - type of the volume that you want - to mount. Tip: Ensure that the filesystem - type is supported by the host operating - system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be - "ext4" if unspecified. More info: - https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in - the filesystem from compromising - the machine' type: string image: - description: 'image is the rados image - name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string keyring: - description: 'keyring is the path - to key ring for RBDUser. Default - is /etc/ceph/keyring. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string monitors: - description: 'monitors is a collection - of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' items: type: string type: array x-kubernetes-list-type: atomic pool: - description: 'pool is the rados pool - name. Default is rbd. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string readOnly: - description: 'readOnly here will force - the ReadOnly setting in VolumeMounts. - Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: boolean secretRef: - description: 'secretRef is name of - the authentication secret for RBDUser. - If provided overrides keyring. Default - is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is the rados user - name. Default is admin. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string required: - image - monitors type: object scaleIO: - description: scaleIO represents a ScaleIO - persistent volume attached and mounted - on Kubernetes nodes. properties: fsType: - description: fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Default is "xfs". type: string gateway: - description: gateway is the host address - of the ScaleIO API Gateway. type: string protectionDomain: - description: protectionDomain is the - name of the ScaleIO Protection Domain - for the configured storage. type: string readOnly: - description: readOnly Defaults to - false (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. type: boolean secretRef: - description: secretRef references - to the secret for ScaleIO user and - other sensitive information. If - this is not provided, Login operation - will fail. properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic sslEnabled: - description: sslEnabled Flag enable/disable - SSL communication with Gateway, - default false type: boolean storageMode: - description: storageMode indicates - whether the storage for a volume - should be ThickProvisioned or ThinProvisioned. - Default is ThinProvisioned. type: string storagePool: - description: storagePool is the ScaleIO - Storage Pool associated with the - protection domain. type: string system: - description: system is the name of - the storage system as configured - in ScaleIO. type: string volumeName: - description: volumeName is the name - of a volume already created in the - ScaleIO system that is associated - with this volume source. type: string required: - gateway @@ -19651,76 +6782,19 @@ spec: - system type: object secret: - description: 'secret represents a secret - that should populate this volume. More - info: https://kubernetes.io/docs/concepts/storage/volumes#secret' properties: defaultMode: - description: 'defaultMode is Optional: - mode bits used to set permissions - on created files by default. Must - be an octal value between 0000 and - 0777 or a decimal value between - 0 and 511. YAML accepts both octal - and decimal values, JSON requires - decimal values for mode bits. Defaults - to 0644. Directories within the - path are not affected by this setting. - This might be in conflict with other - options that affect the file mode, - like fsGroup, and the result can - be other mode bits set.' format: int32 type: integer items: - description: items If unspecified, - each key-value pair in the Data - field of the referenced Secret will - be projected into the volume as - a file whose name is the key and - content is the value. If specified, - the listed keys will be projected - into the specified paths, and unlisted - keys will not be present. If a key - is specified which is not present - in the Secret, the volume setup - will error unless it is marked optional. - Paths must be relative and may not - contain the '..' path or start with - '..'. items: - description: Maps a string key to - a path within a volume. properties: key: - description: key is the key - to project. type: string mode: - description: 'mode is Optional: - mode bits used to set permissions - on this file. Must be an octal - value between 0000 and 0777 - or a decimal value between - 0 and 511. YAML accepts both - octal and decimal values, - JSON requires decimal values - for mode bits. If not specified, - the volume defaultMode will - be used. This might be in - conflict with other options - that affect the file mode, - like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer path: - description: path is the relative - path of the file to map the - key to. May not be an absolute - path. May not contain the - path element '..'. May not - start with the string '..'. type: string required: - key @@ -19729,107 +6803,37 @@ spec: type: array x-kubernetes-list-type: atomic optional: - description: optional field specify - whether the Secret or its keys must - be defined type: boolean secretName: - description: 'secretName is the name - of the secret in the pod''s namespace - to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' type: string type: object storageos: - description: storageOS represents a StorageOS - volume attached and mounted on Kubernetes - nodes. properties: fsType: - description: fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. type: string readOnly: - description: readOnly defaults to - false (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. type: boolean secretRef: - description: secretRef specifies the - secret to use for obtaining the - StorageOS API credentials. If not - specified, default values will be - attempted. properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic volumeName: - description: volumeName is the human-readable - name of the StorageOS volume. Volume - names are only unique within a namespace. type: string volumeNamespace: - description: volumeNamespace specifies - the scope of the volume within StorageOS. If - no namespace is specified then the - Pod's namespace will be used. This - allows the Kubernetes name scoping - to be mirrored within StorageOS - for tighter integration. Set VolumeName - to any name to override the default - behaviour. Set to "default" if you - are not using namespaces within - StorageOS. Namespaces that do not - pre-exist within StorageOS will - be created. type: string type: object vsphereVolume: - description: vsphereVolume represents - a vSphere volume attached and mounted - on kubelets host machine properties: fsType: - description: fsType is filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. type: string storagePolicyID: - description: storagePolicyID is the - storage Policy Based Management - (SPBM) profile ID associated with - the StoragePolicyName. type: string storagePolicyName: - description: storagePolicyName is - the storage Policy Based Management - (SPBM) profile name. type: string volumePath: - description: volumePath is the path - that identifies vSphere volume vmdk type: string required: - volumePath @@ -19841,38 +6845,18 @@ spec: type: object type: object ttlSecondsAfterFinished: - description: ttlSecondsAfterFinished limits the lifetime - of a Job that has finished execution (either Complete - or Failed). If this field is set, ttlSecondsAfterFinished - after the Job finishes, it is eligible to be automatically - deleted. When the Job is being deleted, its lifecycle - guarantees (e.g. finalizers) will be honored. If this - field is unset, the Job won't be automatically deleted. - If this field is set to zero, the Job becomes eligible - to be deleted immediately after it finishes. This - field is alpha-level and is only honored by servers - that enable the TTLAfterFinished feature. format: int32 type: integer type: object schedule: - description: The schedule in Cron format, see https://en.wikipedia.org/wiki/Cron. type: string startingDeadlineSeconds: - description: Optional deadline in seconds for starting the - job if it misses scheduled time for any reason. Missed - jobs executions will be counted as failed ones. format: int64 type: integer successfulJobsHistoryLimit: - description: The number of successful finished jobs to retain. - Value must be non-negative integer. Defaults to 3. format: int32 type: integer suspend: - description: This flag tells the controller to suspend subsequent - executions, it does not apply to already started executions. Defaults - to false. type: boolean required: - jobTemplate @@ -19880,162 +6864,71 @@ spec: type: object sessionHistoryLimit: default: 1 - description: SessionHistoryLimit specifies how many backup Jobs - and associate resources KubeStash should keep for debugging - purpose. The default value is 1. format: int32 type: integer targets: - description: Targets specifies a list of target backup specification. items: - description: TargetBackupSpec specifies the information needed - to backup a target. properties: addon: - description: Addon specifies addon configuration that - will be used to backup this target. properties: containerRuntimeSettings: - description: ContainerRuntimeSettings specifies runtime - settings for the backup/restore executor container properties: env: - description: List of environment variables to - set in the container. Cannot be updated. items: - description: EnvVar represents an environment - variable present in a Container. properties: name: - description: Name of the environment variable. - Must be a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) - are expanded using the previously defined - environment variables in the container - and any service environment variables. - If a variable cannot be resolved, the - reference in the input string will be - unchanged. Double $$ are reduced to a - single $, which allows for escaping the - $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" - will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, - regardless of whether the variable exists - or not. Defaults to "".' type: string valueFrom: - description: Source for the environment - variable's value. Cannot be used if value - is not empty. properties: configMapKeyRef: - description: Selects a key of a ConfigMap. properties: key: - description: The key to select. type: string name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the - ConfigMap or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of the - pod: supports metadata.name, metadata.namespace, - `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, status.podIPs.' properties: apiVersion: - description: Version of the schema - the FieldPath is written in terms - of, defaults to "v1". type: string fieldPath: - description: Path of the field to - select in the specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource of - the container: only resources limits - and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' properties: containerName: - description: 'Container name: required - for volumes, optional for env - vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output - format of the exposed resources, - defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource - to select' type: string required: - resource type: object x-kubernetes-map-type: atomic secretKeyRef: - description: Selects a key of a secret - in the pod's namespace properties: key: - description: The key of the secret - to select from. Must be a valid - secret key. type: string name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the - Secret or its key must be defined type: boolean required: - key @@ -20047,74 +6940,31 @@ spec: type: object type: array envFrom: - description: List of sources to populate environment - variables in the container. The keys defined - within a source must be a C_IDENTIFIER. All - invalid keys will be reported as an event when - the container is starting. When a key exists - in multiple sources, the value associated with - the last source will take precedence. Values - defined by an Env with a duplicate key will - take precedence. Cannot be updated. items: - description: EnvFromSource represents the source - of a set of ConfigMaps properties: configMapRef: - description: The ConfigMap to select from properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value here - are almost certainly wrong. TODO: - Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the ConfigMap - must be defined type: boolean type: object x-kubernetes-map-type: atomic prefix: - description: An optional identifier to prepend - to each key in the ConfigMap. Must be - a C_IDENTIFIER. type: string secretRef: - description: The Secret to select from properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value here - are almost certainly wrong. TODO: - Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the Secret - must be defined type: boolean type: object x-kubernetes-map-type: atomic type: object type: array ionice: - description: 'Settings to configure `ionice` to - throttle the load on disk. More info: http://kennystechtalk.blogspot.com/2015/04/throttling-cpu-usage-with-linux-cgroups.html - More info: https://oakbytes.wordpress.com/2012/06/06/linux-scheduler-cfs-and-nice/' properties: class: format: int32 @@ -20124,68 +6974,27 @@ spec: type: integer type: object lifecycle: - description: Actions that the management system - should take in response to container lifecycle - events. Cannot be updated. properties: postStart: - description: 'PostStart is called immediately - after a container is created. If the handler - fails, the container is terminated and restarted - according to its restart policy. Other management - of the container blocks until the hook completes. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: Exec specifies the action - to take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it - is not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to - explicitly call out to that shell. - Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the http - request to perform. properties: host: - description: Host name to connect - to, defaults to the pod IP. You - probably want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers to set - in the request. HTTP allows repeated - headers. items: - description: HTTPHeader describes - a custom header to be used in - HTTP probes properties: name: - description: The header field - name. This will be canonicalized - upon output, so case-variant - names will be understood as - the same header. type: string value: - description: The header field - value type: string required: - name @@ -20194,131 +7003,58 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the - HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the - port to access on the container. - Number must be in the range 1 to - 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. type: string required: - port type: object sleep: - description: Sleep represents the duration - that the container should sleep before - being terminated. properties: seconds: - description: Seconds is the number - of seconds to sleep. format: int64 type: integer required: - seconds type: object tcpSocket: - description: Deprecated. TCPSocket is - NOT supported as a LifecycleHandler - and kept for the backward compatibility. - There are no validation of this field - and lifecycle hooks will fail in runtime - when tcp handler is specified. properties: host: - description: 'Optional: Host name - to connect to, defaults to the pod - IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the - port to access on the container. - Number must be in the range 1 to - 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: - description: 'PreStop is called immediately - before a container is terminated due to - an API request or management event such - as liveness/startup probe failure, preemption, - resource contention, etc. The handler is - not called if the container crashes or exits. - The Pod''s termination grace period countdown - begins before the PreStop hook is executed. - Regardless of the outcome of the handler, - the container will eventually terminate - within the Pod''s termination grace period - (unless delayed by finalizers). Other management - of the container blocks until the hook completes - or until the termination grace period is - reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: Exec specifies the action - to take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it - is not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to - explicitly call out to that shell. - Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the http - request to perform. properties: host: - description: Host name to connect - to, defaults to the pod IP. You - probably want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers to set - in the request. HTTP allows repeated - headers. items: - description: HTTPHeader describes - a custom header to be used in - HTTP probes properties: name: - description: The header field - name. This will be canonicalized - upon output, so case-variant - names will be understood as - the same header. type: string value: - description: The header field - value type: string required: - name @@ -20327,59 +7063,33 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the - HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the - port to access on the container. - Number must be in the range 1 to - 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. type: string required: - port type: object sleep: - description: Sleep represents the duration - that the container should sleep before - being terminated. properties: seconds: - description: Seconds is the number - of seconds to sleep. format: int64 type: integer required: - seconds type: object tcpSocket: - description: Deprecated. TCPSocket is - NOT supported as a LifecycleHandler - and kept for the backward compatibility. - There are no validation of this field - and lifecycle hooks will fail in runtime - when tcp handler is specified. properties: host: - description: 'Optional: Host name - to connect to, defaults to the pod - IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the - port to access on the container. - Number must be in the range 1 to - 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -20387,82 +7097,38 @@ spec: type: object type: object livenessProbe: - description: 'Periodic probe of container liveness. - Container will be restarted if the probe fails. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action to - take. properties: command: - description: Command is the command line - to execute inside the container, the - working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it is - not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to explicitly - call out to that shell. Exit status - of 0 is treated as live/healthy and - non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed after - having succeeded. Defaults to 3. Minimum - value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action involving - a GRPC port. properties: port: - description: Port number of the gRPC service. - Number must be in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name of the - service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default - behavior is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request - to perform. properties: host: - description: Host name to connect to, - defaults to the pod IP. You probably - want to set "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in - the request. HTTP allows repeated headers. items: - description: HTTPHeader describes a - custom header to be used in HTTP probes properties: name: - description: The header field name. - This will be canonicalized upon - output, so case-variant names - will be understood as the same - header. type: string value: - description: The header field value type: string required: - name @@ -20471,181 +7137,84 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the HTTP - server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the - container has started before liveness probes - are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform - the probe. Default to 10 seconds. Minimum - value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to 1. Must - be 1 for liveness and startup. Minimum value - is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action - involving a TCP port. properties: host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds - the pod needs to terminate gracefully upon - probe failure. The grace period is the duration - in seconds after the processes running in - the pod are sent a termination signal and - the time when the processes are forcibly - halted with a kill signal. Set this value - longer than the expected cleanup time for - your process. If this value is nil, the - pod's terminationGracePeriodSeconds will - be used. Otherwise, this value overrides - the value provided by the pod spec. Value - must be non-negative integer. The value - zero indicates stop immediately via the - kill signal (no opportunity to shut down). - This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which - the probe times out. Defaults to 1 second. - Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object nice: - description: 'Settings to configure `nice` to - throttle the load on cpu. More info: http://kennystechtalk.blogspot.com/2015/04/throttling-cpu-usage-with-linux-cgroups.html - More info: https://oakbytes.wordpress.com/2012/06/06/linux-scheduler-cfs-and-nice/' properties: adjustment: format: int32 type: integer type: object readinessProbe: - description: 'Periodic probe of container service - readiness. Container will be removed from service - endpoints if the probe fails. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action to - take. properties: command: - description: Command is the command line - to execute inside the container, the - working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it is - not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to explicitly - call out to that shell. Exit status - of 0 is treated as live/healthy and - non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed after - having succeeded. Defaults to 3. Minimum - value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action involving - a GRPC port. properties: port: - description: Port number of the gRPC service. - Number must be in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name of the - service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default - behavior is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request - to perform. properties: host: - description: Host name to connect to, - defaults to the pod IP. You probably - want to set "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in - the request. HTTP allows repeated headers. items: - description: HTTPHeader describes a - custom header to be used in HTTP probes properties: name: - description: The header field name. - This will be canonicalized upon - output, so case-variant names - will be understood as the same - header. type: string value: - description: The header field value type: string required: - name @@ -20654,115 +7223,51 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the HTTP - server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the - container has started before liveness probes - are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform - the probe. Default to 10 seconds. Minimum - value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to 1. Must - be 1 for liveness and startup. Minimum value - is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action - involving a TCP port. properties: host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds - the pod needs to terminate gracefully upon - probe failure. The grace period is the duration - in seconds after the processes running in - the pod are sent a termination signal and - the time when the processes are forcibly - halted with a kill signal. Set this value - longer than the expected cleanup time for - your process. If this value is nil, the - pod's terminationGracePeriodSeconds will - be used. Otherwise, this value overrides - the value provided by the pod spec. Value - must be non-negative integer. The value - zero indicates stop immediately via the - kill signal (no opportunity to shut down). - This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which - the probe times out. Defaults to 1 second. - Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object resources: - description: 'Compute Resources required by container. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' properties: claims: - description: "Claims lists the names of resources, - defined in spec.resourceClaims, that are - used by this container. \n This is an alpha - field and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. - It can only be set for containers." items: - description: ResourceClaim references one - entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name - of one entry in pod.spec.resourceClaims - of the Pod where this field is used. - It makes that resource available inside - a container. type: string required: - name @@ -20778,9 +7283,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum - amount of compute resources allowed. More - info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -20789,384 +7291,124 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum - amount of compute resources required. If - Requests is omitted for a container, it - defaults to Limits if that is explicitly - specified, otherwise to an implementation-defined - value. Requests cannot exceed Limits. More - info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: - description: 'Security options the pod should - run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls - whether a process can gain more privileges - than its parent process. This bool directly - controls if the no_new_privs flag will be - set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) - run as Privileged 2) has CAP_SYS_ADMIN Note - that this field cannot be set when spec.os.name - is windows.' type: boolean appArmorProfile: - description: appArmorProfile is the AppArmor - options to use by this container. If set, - this profile overrides the pod's appArmorProfile. - Note that this field cannot be set when - spec.os.name is windows. properties: localhostProfile: - description: localhostProfile indicates - a profile loaded on the node that should - be used. The profile must be preconfigured - on the node to work. Must match the - loaded name of the profile. Must be - set if and only if type is "Localhost". type: string type: - description: 'type indicates which kind - of AppArmor profile will be applied. - Valid options are: Localhost - a profile - pre-loaded on the node. RuntimeDefault - - the container runtime''s default profile. - Unconfined - no AppArmor enforcement.' type: string required: - type type: object capabilities: - description: The capabilities to add/drop - when running containers. Defaults to the - default set of capabilities granted by the - container runtime. Note that this field - cannot be set when spec.os.name is windows. properties: add: - description: Added capabilities items: - description: Capability represent POSIX - capabilities type type: string type: array x-kubernetes-list-type: atomic drop: - description: Removed capabilities items: - description: Capability represent POSIX - capabilities type type: string type: array x-kubernetes-list-type: atomic type: object privileged: - description: Run container in privileged mode. - Processes in privileged containers are essentially - equivalent to root on the host. Defaults - to false. Note that this field cannot be - set when spec.os.name is windows. type: boolean procMount: - description: procMount denotes the type of - proc mount to use for the containers. The - default is DefaultProcMount which uses the - container runtime defaults for readonly - paths and masked paths. This requires the - ProcMountType feature flag to be enabled. - Note that this field cannot be set when - spec.os.name is windows. type: string readOnlyRootFilesystem: - description: Whether this container has a - read-only root filesystem. Default is false. - Note that this field cannot be set when - spec.os.name is windows. type: boolean runAsGroup: - description: The GID to run the entrypoint - of the container process. Uses runtime default - if unset. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes - precedence. Note that this field cannot - be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: - description: Indicates that the container - must run as a non-root user. If true, the - Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 - (root) and fail to start the container if - it does. If unset or false, no such validation - will be performed. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes - precedence. type: boolean runAsUser: - description: The UID to run the entrypoint - of the container process. Defaults to user - specified in image metadata if unspecified. - May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes - precedence. Note that this field cannot - be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be applied - to the container. If unspecified, the container - runtime will allocate a random SELinux context - for each container. May also be set in - PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified - in SecurityContext takes precedence. Note - that this field cannot be set when spec.os.name - is windows. properties: level: - description: Level is SELinux level label - that applies to the container. type: string role: - description: Role is a SELinux role label - that applies to the container. type: string type: - description: Type is a SELinux type label - that applies to the container. type: string user: - description: User is a SELinux user label - that applies to the container. type: string type: object seccompProfile: - description: The seccomp options to use by - this container. If seccomp options are provided - at both the pod & container level, the container - options override the pod options. Note that - this field cannot be set when spec.os.name - is windows. properties: localhostProfile: - description: localhostProfile indicates - a profile defined in a file on the node - should be used. The profile must be - preconfigured on the node to work. Must - be a descending path, relative to the - kubelet's configured seccomp profile - location. Must be set if type is "Localhost". - Must NOT be set for any other type. type: string type: - description: "type indicates which kind - of seccomp profile will be applied. - Valid options are: \n Localhost - a - profile defined in a file on the node - should be used. RuntimeDefault - the - container runtime default profile should - be used. Unconfined - no profile should - be applied." type: string required: - type type: object windowsOptions: - description: The Windows specific settings - applied to all containers. If unspecified, - the options from the PodSecurityContext - will be used. If set in both SecurityContext - and PodSecurityContext, the value specified - in SecurityContext takes precedence. Note - that this field cannot be set when spec.os.name - is linux. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is where - the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential - spec named by the GMSACredentialSpecName - field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName is - the name of the GMSA credential spec - to use. type: string hostProcess: - description: HostProcess determines if - a container should be run as a 'Host - Process' container. All of a Pod's containers - must have the same effective HostProcess - value (it is not allowed to have a mix - of HostProcess containers and non-HostProcess - containers). In addition, if HostProcess - is true then HostNetwork must also be - set to true. type: boolean runAsUserName: - description: The UserName in Windows to - run the entrypoint of the container - process. Defaults to the user specified - in image metadata if unspecified. May - also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. type: string type: object type: object type: object jobTemplate: - description: JobTemplate specifies runtime configurations - for the backup/restore Job properties: controller: - description: 'Workload controller''s metadata. - More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' properties: annotations: additionalProperties: type: string - description: 'Annotations is an unstructured - key value map stored with a resource that - may be set by external tools to store and - retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying - objects. More info: http://kubernetes.io/docs/user-guide/annotations' type: object labels: additionalProperties: type: string - description: 'Map of string keys and values - that can be used to organize and categorize - (scope and select) objects. May match selectors - of replication controllers and services. - More info: http://kubernetes.io/docs/user-guide/labels' type: object type: object metadata: - description: 'Standard object''s metadata. More - info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' properties: annotations: additionalProperties: type: string - description: 'Annotations is an unstructured - key value map stored with a resource that - may be set by external tools to store and - retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying - objects. More info: http://kubernetes.io/docs/user-guide/annotations' type: object labels: additionalProperties: type: string - description: 'Map of string keys and values - that can be used to organize and categorize - (scope and select) objects. May match selectors - of replication controllers and services. - More info: http://kubernetes.io/docs/user-guide/labels' type: object type: object spec: - description: 'Specification of the desired behavior - of the pod. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status' properties: affinity: - description: If specified, the pod's scheduling - constraints properties: nodeAffinity: - description: Describes node affinity scheduling - rules for the pod. properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer - to schedule pods to nodes that satisfy - the affinity expressions specified - by this field, but it may choose - a node that violates one or more - of the expressions. The node that - is most preferred is the one with - the greatest sum of weights, i.e. - for each node that meets all of - the scheduling requirements (resource - request, requiredDuringScheduling - affinity expressions, etc.), compute - a sum by iterating through the elements - of this field and adding "weight" - to the sum if the node matches the - corresponding matchExpressions; - the node(s) with the highest sum - are the most preferred. items: - description: An empty preferred - scheduling term matches all objects - with implicit weight 0 (i.e. it's - a no-op). A null preferred scheduling - term matches no objects (i.e. - is also a no-op). properties: preference: - description: A node selector - term, associated with the - corresponding weight. properties: matchExpressions: - description: A list of node - selector requirements - by node's labels. items: - description: A node selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key - and values. properties: key: - description: The label - key that the selector - applies to. type: string operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, Exists, - DoesNotExist. Gt, - and Lt. type: string values: - description: An array - of string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. If - the operator is - Gt or Lt, the values - array must have - a single element, - which will be interpreted - as an integer. This - array is replaced - during a strategic - merge patch. items: type: string type: array @@ -21178,51 +7420,13 @@ spec: type: array x-kubernetes-list-type: atomic matchFields: - description: A list of node - selector requirements - by node's fields. items: - description: A node selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key - and values. properties: key: - description: The label - key that the selector - applies to. type: string operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, Exists, - DoesNotExist. Gt, - and Lt. type: string values: - description: An array - of string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. If - the operator is - Gt or Lt, the values - array must have - a single element, - which will be interpreted - as an integer. This - array is replaced - during a strategic - merge patch. items: type: string type: array @@ -21236,10 +7440,6 @@ spec: type: object x-kubernetes-map-type: atomic weight: - description: Weight associated - with matching the corresponding - nodeSelectorTerm, in the range - 1-100. format: int32 type: integer required: @@ -21249,75 +7449,18 @@ spec: type: array x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements - specified by this field are not - met at scheduling time, the pod - will not be scheduled onto the node. - If the affinity requirements specified - by this field cease to be met at - some point during pod execution - (e.g. due to an update), the system - may or may not try to eventually - evict the pod from its node. properties: nodeSelectorTerms: - description: Required. A list - of node selector terms. The - terms are ORed. items: - description: A null or empty - node selector term matches - no objects. The requirements - of them are ANDed. The TopologySelectorTerm - type implements a subset of - the NodeSelectorTerm. properties: matchExpressions: - description: A list of node - selector requirements - by node's labels. items: - description: A node selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key - and values. properties: key: - description: The label - key that the selector - applies to. type: string operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, Exists, - DoesNotExist. Gt, - and Lt. type: string values: - description: An array - of string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. If - the operator is - Gt or Lt, the values - array must have - a single element, - which will be interpreted - as an integer. This - array is replaced - during a strategic - merge patch. items: type: string type: array @@ -21329,51 +7472,13 @@ spec: type: array x-kubernetes-list-type: atomic matchFields: - description: A list of node - selector requirements - by node's fields. items: - description: A node selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key - and values. properties: key: - description: The label - key that the selector - applies to. type: string operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, Exists, - DoesNotExist. Gt, - and Lt. type: string values: - description: An array - of string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. If - the operator is - Gt or Lt, the values - array must have - a single element, - which will be interpreted - as an integer. This - array is replaced - during a strategic - merge patch. items: type: string type: array @@ -21394,97 +7499,22 @@ spec: x-kubernetes-map-type: atomic type: object podAffinity: - description: Describes pod affinity scheduling - rules (e.g. co-locate this pod in the - same node, zone, etc. as some other - pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer - to schedule pods to nodes that satisfy - the affinity expressions specified - by this field, but it may choose - a node that violates one or more - of the expressions. The node that - is most preferred is the one with - the greatest sum of weights, i.e. - for each node that meets all of - the scheduling requirements (resource - request, requiredDuringScheduling - affinity expressions, etc.), compute - a sum by iterating through the elements - of this field and adding "weight" - to the sum if the node has pods - which matches the corresponding - podAffinityTerm; the node(s) with - the highest sum are the most preferred. items: - description: The weights of all - of the matched WeightedPodAffinityTerm - fields are added per-node to find - the most preferred node(s) properties: podAffinityTerm: - description: Required. A pod - affinity term, associated - with the corresponding weight. properties: labelSelector: - description: A label query - over a set of resources, - in this case pods. If - it's null, this PodAffinityTerm - matches with no Pods. properties: matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements are - ANDed. items: - description: A label - selector requirement - is a selector that - contains values, - a key, and an operator - that relates the - key and values. properties: key: - description: key - is the label - key that the - selector applies - to. type: string operator: - description: operator - represents a - key's relationship - to a set of - values. Valid - operators are - In, NotIn, Exists - and DoesNotExist. type: string values: - description: values - is an array - of string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or - DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic - merge patch. items: type: string type: array @@ -21498,151 +7528,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels - map is equivalent - to an element of matchExpressions, - whose key field is - "key", the operator - is "In", and the values - array contains only - "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys - is a set of pod label - keys to select which pods - will be taken into consideration. - The keys are used to lookup - values from the incoming - pod labels, those key-value - labels are merged with - `labelSelector` as `key - in (value)` to select - the group of existing - pods which pods will be - taken into consideration - for the incoming pod's - pod (anti) affinity. Keys - that don't exist in the - incoming pod labels will - be ignored. The default - value is empty. The same - key is forbidden to exist - in both matchLabelKeys - and labelSelector. Also, - matchLabelKeys cannot - be set when labelSelector - isn't set. This is an - alpha field and requires - enabling MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys - is a set of pod label - keys to select which pods - will be taken into consideration. - The keys are used to lookup - values from the incoming - pod labels, those key-value - labels are merged with - `labelSelector` as `key - notin (value)` to select - the group of existing - pods which pods will be - taken into consideration - for the incoming pod's - pod (anti) affinity. Keys - that don't exist in the - incoming pod labels will - be ignored. The default - value is empty. The same - key is forbidden to exist - in both mismatchLabelKeys - and labelSelector. Also, - mismatchLabelKeys cannot - be set when labelSelector - isn't set. This is an - alpha field and requires - enabling MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query - over the set of namespaces - that the term applies - to. The term is applied - to the union of the namespaces - selected by this field - and the ones listed in - the namespaces field. - null selector and null - or empty namespaces list - means "this pod's namespace". - An empty selector ({}) - matches all namespaces. properties: matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements are - ANDed. items: - description: A label - selector requirement - is a selector that - contains values, - a key, and an operator - that relates the - key and values. properties: key: - description: key - is the label - key that the - selector applies - to. type: string operator: - description: operator - represents a - key's relationship - to a set of - values. Valid - operators are - In, NotIn, Exists - and DoesNotExist. type: string values: - description: values - is an array - of string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or - DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic - merge patch. items: type: string type: array @@ -21656,61 +7564,20 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels - map is equivalent - to an element of matchExpressions, - whose key field is - "key", the operator - is "In", and the values - array contains only - "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces - specifies a static list - of namespace names that - the term applies to. The - term is applied to the - union of the namespaces - listed in this field and - the ones selected by namespaceSelector. - null or empty namespaces - list and null namespaceSelector - means "this pod's namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: - description: This pod should - be co-located (affinity) - or not co-located (anti-affinity) - with the pods matching - the labelSelector in the - specified namespaces, - where co-located is defined - as running on a node whose - value of the label with - key topologyKey matches - that of any node on which - any of the selected pods - is running. Empty topologyKey - is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated - with matching the corresponding - podAffinityTerm, in the range - 1-100. format: int32 type: integer required: @@ -21720,81 +7587,18 @@ spec: type: array x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements - specified by this field are not - met at scheduling time, the pod - will not be scheduled onto the node. - If the affinity requirements specified - by this field cease to be met at - some point during pod execution - (e.g. due to a pod label update), - the system may or may not try to - eventually evict the pod from its - node. When there are multiple elements, - the lists of nodes corresponding - to each podAffinityTerm are intersected, - i.e. all terms must be satisfied. items: - description: Defines a set of pods - (namely those matching the labelSelector - relative to the given namespace(s)) - that this pod should be co-located - (affinity) or not co-located (anti-affinity) - with, where co-located is defined - as running on a node whose value - of the label with key - matches that of any node on which - a pod of the set of pods is running properties: labelSelector: - description: A label query over - a set of resources, in this - case pods. If it's null, this - PodAffinityTerm matches with - no Pods. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key - and values. properties: key: - description: key is - the label key that - the selector applies - to. type: string operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values - is an array of string - values. If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. This - array is replaced - during a strategic - merge patch. items: type: string type: array @@ -21808,136 +7612,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an element - of matchExpressions, whose - key field is "key", the - operator is "In", and - the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys - is a set of pod label keys - to select which pods will - be taken into consideration. - The keys are used to lookup - values from the incoming pod - labels, those key-value labels - are merged with `labelSelector` - as `key in (value)` to select - the group of existing pods - which pods will be taken into - consideration for the incoming - pod's pod (anti) affinity. - Keys that don't exist in the - incoming pod labels will be - ignored. The default value - is empty. The same key is - forbidden to exist in both - matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot - be set when labelSelector - isn't set. This is an alpha - field and requires enabling - MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys - is a set of pod label keys - to select which pods will - be taken into consideration. - The keys are used to lookup - values from the incoming pod - labels, those key-value labels - are merged with `labelSelector` - as `key notin (value)` to - select the group of existing - pods which pods will be taken - into consideration for the - incoming pod's pod (anti) - affinity. Keys that don't - exist in the incoming pod - labels will be ignored. The - default value is empty. The - same key is forbidden to exist - in both mismatchLabelKeys - and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector - isn't set. This is an alpha - field and requires enabling - MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over - the set of namespaces that - the term applies to. The term - is applied to the union of - the namespaces selected by - this field and the ones listed - in the namespaces field. null - selector and null or empty - namespaces list means "this - pod's namespace". An empty - selector ({}) matches all - namespaces. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key - and values. properties: key: - description: key is - the label key that - the selector applies - to. type: string operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values - is an array of string - values. If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. This - array is replaced - during a strategic - merge patch. items: type: string type: array @@ -21951,49 +7648,15 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an element - of matchExpressions, whose - key field is "key", the - operator is "In", and - the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies - a static list of namespace - names that the term applies - to. The term is applied to - the union of the namespaces - listed in this field and the - ones selected by namespaceSelector. - null or empty namespaces list - and null namespaceSelector - means "this pod's namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: - description: This pod should - be co-located (affinity) or - not co-located (anti-affinity) - with the pods matching the - labelSelector in the specified - namespaces, where co-located - is defined as running on a - node whose value of the label - with key topologyKey matches - that of any node on which - any of the selected pods is - running. Empty topologyKey - is not allowed. type: string required: - topologyKey @@ -22002,97 +7665,22 @@ spec: x-kubernetes-list-type: atomic type: object podAntiAffinity: - description: Describes pod anti-affinity - scheduling rules (e.g. avoid putting - this pod in the same node, zone, etc. - as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer - to schedule pods to nodes that satisfy - the anti-affinity expressions specified - by this field, but it may choose - a node that violates one or more - of the expressions. The node that - is most preferred is the one with - the greatest sum of weights, i.e. - for each node that meets all of - the scheduling requirements (resource - request, requiredDuringScheduling - anti-affinity expressions, etc.), - compute a sum by iterating through - the elements of this field and adding - "weight" to the sum if the node - has pods which matches the corresponding - podAffinityTerm; the node(s) with - the highest sum are the most preferred. items: - description: The weights of all - of the matched WeightedPodAffinityTerm - fields are added per-node to find - the most preferred node(s) properties: podAffinityTerm: - description: Required. A pod - affinity term, associated - with the corresponding weight. properties: labelSelector: - description: A label query - over a set of resources, - in this case pods. If - it's null, this PodAffinityTerm - matches with no Pods. properties: matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements are - ANDed. items: - description: A label - selector requirement - is a selector that - contains values, - a key, and an operator - that relates the - key and values. properties: key: - description: key - is the label - key that the - selector applies - to. type: string operator: - description: operator - represents a - key's relationship - to a set of - values. Valid - operators are - In, NotIn, Exists - and DoesNotExist. type: string values: - description: values - is an array - of string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or - DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic - merge patch. items: type: string type: array @@ -22106,151 +7694,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels - map is equivalent - to an element of matchExpressions, - whose key field is - "key", the operator - is "In", and the values - array contains only - "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys - is a set of pod label - keys to select which pods - will be taken into consideration. - The keys are used to lookup - values from the incoming - pod labels, those key-value - labels are merged with - `labelSelector` as `key - in (value)` to select - the group of existing - pods which pods will be - taken into consideration - for the incoming pod's - pod (anti) affinity. Keys - that don't exist in the - incoming pod labels will - be ignored. The default - value is empty. The same - key is forbidden to exist - in both matchLabelKeys - and labelSelector. Also, - matchLabelKeys cannot - be set when labelSelector - isn't set. This is an - alpha field and requires - enabling MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys - is a set of pod label - keys to select which pods - will be taken into consideration. - The keys are used to lookup - values from the incoming - pod labels, those key-value - labels are merged with - `labelSelector` as `key - notin (value)` to select - the group of existing - pods which pods will be - taken into consideration - for the incoming pod's - pod (anti) affinity. Keys - that don't exist in the - incoming pod labels will - be ignored. The default - value is empty. The same - key is forbidden to exist - in both mismatchLabelKeys - and labelSelector. Also, - mismatchLabelKeys cannot - be set when labelSelector - isn't set. This is an - alpha field and requires - enabling MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query - over the set of namespaces - that the term applies - to. The term is applied - to the union of the namespaces - selected by this field - and the ones listed in - the namespaces field. - null selector and null - or empty namespaces list - means "this pod's namespace". - An empty selector ({}) - matches all namespaces. properties: matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements are - ANDed. items: - description: A label - selector requirement - is a selector that - contains values, - a key, and an operator - that relates the - key and values. properties: key: - description: key - is the label - key that the - selector applies - to. type: string operator: - description: operator - represents a - key's relationship - to a set of - values. Valid - operators are - In, NotIn, Exists - and DoesNotExist. type: string values: - description: values - is an array - of string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or - DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic - merge patch. items: type: string type: array @@ -22264,61 +7730,20 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels - map is equivalent - to an element of matchExpressions, - whose key field is - "key", the operator - is "In", and the values - array contains only - "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces - specifies a static list - of namespace names that - the term applies to. The - term is applied to the - union of the namespaces - listed in this field and - the ones selected by namespaceSelector. - null or empty namespaces - list and null namespaceSelector - means "this pod's namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: - description: This pod should - be co-located (affinity) - or not co-located (anti-affinity) - with the pods matching - the labelSelector in the - specified namespaces, - where co-located is defined - as running on a node whose - value of the label with - key topologyKey matches - that of any node on which - any of the selected pods - is running. Empty topologyKey - is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated - with matching the corresponding - podAffinityTerm, in the range - 1-100. format: int32 type: integer required: @@ -22328,81 +7753,18 @@ spec: type: array x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity - requirements specified by this field - are not met at scheduling time, - the pod will not be scheduled onto - the node. If the anti-affinity requirements - specified by this field cease to - be met at some point during pod - execution (e.g. due to a pod label - update), the system may or may not - try to eventually evict the pod - from its node. When there are multiple - elements, the lists of nodes corresponding - to each podAffinityTerm are intersected, - i.e. all terms must be satisfied. items: - description: Defines a set of pods - (namely those matching the labelSelector - relative to the given namespace(s)) - that this pod should be co-located - (affinity) or not co-located (anti-affinity) - with, where co-located is defined - as running on a node whose value - of the label with key - matches that of any node on which - a pod of the set of pods is running properties: labelSelector: - description: A label query over - a set of resources, in this - case pods. If it's null, this - PodAffinityTerm matches with - no Pods. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key - and values. properties: key: - description: key is - the label key that - the selector applies - to. type: string operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values - is an array of string - values. If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. This - array is replaced - during a strategic - merge patch. items: type: string type: array @@ -22416,136 +7778,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an element - of matchExpressions, whose - key field is "key", the - operator is "In", and - the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys - is a set of pod label keys - to select which pods will - be taken into consideration. - The keys are used to lookup - values from the incoming pod - labels, those key-value labels - are merged with `labelSelector` - as `key in (value)` to select - the group of existing pods - which pods will be taken into - consideration for the incoming - pod's pod (anti) affinity. - Keys that don't exist in the - incoming pod labels will be - ignored. The default value - is empty. The same key is - forbidden to exist in both - matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot - be set when labelSelector - isn't set. This is an alpha - field and requires enabling - MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys - is a set of pod label keys - to select which pods will - be taken into consideration. - The keys are used to lookup - values from the incoming pod - labels, those key-value labels - are merged with `labelSelector` - as `key notin (value)` to - select the group of existing - pods which pods will be taken - into consideration for the - incoming pod's pod (anti) - affinity. Keys that don't - exist in the incoming pod - labels will be ignored. The - default value is empty. The - same key is forbidden to exist - in both mismatchLabelKeys - and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector - isn't set. This is an alpha - field and requires enabling - MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over - the set of namespaces that - the term applies to. The term - is applied to the union of - the namespaces selected by - this field and the ones listed - in the namespaces field. null - selector and null or empty - namespaces list means "this - pod's namespace". An empty - selector ({}) matches all - namespaces. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key - and values. properties: key: - description: key is - the label key that - the selector applies - to. type: string operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values - is an array of string - values. If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. This - array is replaced - during a strategic - merge patch. items: type: string type: array @@ -22559,49 +7814,15 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an element - of matchExpressions, whose - key field is "key", the - operator is "In", and - the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies - a static list of namespace - names that the term applies - to. The term is applied to - the union of the namespaces - listed in this field and the - ones selected by namespaceSelector. - null or empty namespaces list - and null namespaceSelector - means "this pod's namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: - description: This pod should - be co-located (affinity) or - not co-located (anti-affinity) - with the pods matching the - labelSelector in the specified - namespaces, where co-located - is defined as running on a - node whose value of the label - with key topologyKey matches - that of any node on which - any of the selected pods is - running. Empty topologyKey - is not allowed. type: string required: - topologyKey @@ -22611,285 +7832,92 @@ spec: type: object type: object args: - description: 'Arguments to the entrypoint. - The docker image''s CMD is used if this - is not provided. Variable references $(VAR_NAME) - are expanded using the container''s environment. - If a variable cannot be resolved, the reference - in the input string will be unchanged. The - $(VAR_NAME) syntax can be escaped with a - double $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless of whether - the variable exists or not. Cannot be updated. - More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array containerSecurityContext: - description: 'Security options the pod should - run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation - controls whether a process can gain - more privileges than its parent process. - This bool directly controls if the no_new_privs - flag will be set on the container process. - AllowPrivilegeEscalation is true always - when the container is: 1) run as Privileged - 2) has CAP_SYS_ADMIN Note that this - field cannot be set when spec.os.name - is windows.' type: boolean appArmorProfile: - description: appArmorProfile is the AppArmor - options to use by this container. If - set, this profile overrides the pod's - appArmorProfile. Note that this field - cannot be set when spec.os.name is windows. properties: localhostProfile: - description: localhostProfile indicates - a profile loaded on the node that - should be used. The profile must - be preconfigured on the node to - work. Must match the loaded name - of the profile. Must be set if and - only if type is "Localhost". type: string type: - description: 'type indicates which - kind of AppArmor profile will be - applied. Valid options are: Localhost - - a profile pre-loaded on the node. - RuntimeDefault - the container runtime''s - default profile. Unconfined - no - AppArmor enforcement.' type: string required: - type type: object capabilities: - description: The capabilities to add/drop - when running containers. Defaults to - the default set of capabilities granted - by the container runtime. Note that - this field cannot be set when spec.os.name - is windows. properties: add: - description: Added capabilities items: - description: Capability represent - POSIX capabilities type type: string type: array x-kubernetes-list-type: atomic drop: - description: Removed capabilities items: - description: Capability represent - POSIX capabilities type type: string type: array x-kubernetes-list-type: atomic type: object privileged: - description: Run container in privileged - mode. Processes in privileged containers - are essentially equivalent to root on - the host. Defaults to false. Note that - this field cannot be set when spec.os.name - is windows. type: boolean procMount: - description: procMount denotes the type - of proc mount to use for the containers. - The default is DefaultProcMount which - uses the container runtime defaults - for readonly paths and masked paths. - This requires the ProcMountType feature - flag to be enabled. Note that this field - cannot be set when spec.os.name is windows. type: string readOnlyRootFilesystem: - description: Whether this container has - a read-only root filesystem. Default - is false. Note that this field cannot - be set when spec.os.name is windows. type: boolean runAsGroup: - description: The GID to run the entrypoint - of the container process. Uses runtime - default if unset. May also be set in - PodSecurityContext. If set in both - SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this field - cannot be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: - description: Indicates that the container - must run as a non-root user. If true, - the Kubelet will validate the image - at runtime to ensure that it does not - run as UID 0 (root) and fail to start - the container if it does. If unset or - false, no such validation will be performed. - May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint - of the container process. Defaults to - user specified in image metadata if - unspecified. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this field - cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be - applied to the container. If unspecified, - the container runtime will allocate - a random SELinux context for each container. May - also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this field - cannot be set when spec.os.name is windows. properties: level: - description: Level is SELinux level - label that applies to the container. type: string role: - description: Role is a SELinux role - label that applies to the container. type: string type: - description: Type is a SELinux type - label that applies to the container. type: string user: - description: User is a SELinux user - label that applies to the container. type: string type: object seccompProfile: - description: The seccomp options to use - by this container. If seccomp options - are provided at both the pod & container - level, the container options override - the pod options. Note that this field - cannot be set when spec.os.name is windows. properties: localhostProfile: - description: localhostProfile indicates - a profile defined in a file on the - node should be used. The profile - must be preconfigured on the node - to work. Must be a descending path, - relative to the kubelet's configured - seccomp profile location. Must be - set if type is "Localhost". Must - NOT be set for any other type. type: string type: - description: "type indicates which - kind of seccomp profile will be - applied. Valid options are: \n Localhost - - a profile defined in a file on - the node should be used. RuntimeDefault - - the container runtime default - profile should be used. Unconfined - - no profile should be applied." type: string required: - type type: object windowsOptions: - description: The Windows specific settings - applied to all containers. If unspecified, - the options from the PodSecurityContext - will be used. If set in both SecurityContext - and PodSecurityContext, the value specified - in SecurityContext takes precedence. - Note that this field cannot be set when - spec.os.name is linux. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is - where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA - credential spec named by the GMSACredentialSpecName - field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName - is the name of the GMSA credential - spec to use. type: string hostProcess: - description: HostProcess determines - if a container should be run as - a 'Host Process' container. All - of a Pod's containers must have - the same effective HostProcess value - (it is not allowed to have a mix - of HostProcess containers and non-HostProcess - containers). In addition, if HostProcess - is true then HostNetwork must also - be set to true. type: boolean runAsUserName: - description: The UserName in Windows - to run the entrypoint of the container - process. Defaults to the user specified - in image metadata if unspecified. - May also be set in PodSecurityContext. - If set in both SecurityContext and - PodSecurityContext, the value specified - in SecurityContext takes precedence. type: string type: object type: object dnsConfig: - description: Specifies the DNS parameters - of a pod. Parameters specified here will - be merged to the generated DNS configuration - based on DNSPolicy. properties: nameservers: - description: A list of DNS name server - IP addresses. This will be appended - to the base nameservers generated from - DNSPolicy. Duplicated nameservers will - be removed. items: type: string type: array x-kubernetes-list-type: atomic options: - description: A list of DNS resolver options. - This will be merged with the base options - generated from DNSPolicy. Duplicated - entries will be removed. Resolution - options given in Options will override - those that appear in the base DNSPolicy. items: - description: PodDNSConfigOption defines - DNS resolver options of a pod. properties: name: - description: Required. type: string value: type: string @@ -22897,179 +7925,71 @@ spec: type: array x-kubernetes-list-type: atomic searches: - description: A list of DNS search domains - for host-name lookup. This will be appended - to the base search paths generated from - DNSPolicy. Duplicated search paths will - be removed. items: type: string type: array x-kubernetes-list-type: atomic type: object dnsPolicy: - description: Set DNS policy for the pod. Defaults - to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', - 'ClusterFirst', 'Default' or 'None'. DNS - parameters given in DNSConfig will be merged - with the policy selected with DNSPolicy. - To have DNS options set along with hostNetwork, - you have to specify DNS policy explicitly - to 'ClusterFirstWithHostNet'. type: string enableServiceLinks: - description: 'EnableServiceLinks indicates - whether information about services should - be injected into pod''s environment variables, - matching the syntax of Docker links. Optional: - Defaults to true.' type: boolean env: - description: List of environment variables - to set in the container. Cannot be updated. items: - description: EnvVar represents an environment - variable present in a Container. properties: name: - description: Name of the environment - variable. Must be a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) - are expanded using the previously - defined environment variables in the - container and any service environment - variables. If a variable cannot be - resolved, the reference in the input - string will be unchanged. Double $$ - are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: - i.e. "$$(VAR_NAME)" will produce the - string literal "$(VAR_NAME)". Escaped - references will never be expanded, - regardless of whether the variable - exists or not. Defaults to "".' type: string valueFrom: - description: Source for the environment - variable's value. Cannot be used if - value is not empty. properties: configMapKeyRef: - description: Selects a key of a - ConfigMap. properties: key: - description: The key to select. type: string name: default: "" - description: 'Name of the referent. - This field is effectively - required, but due to backwards - compatibility is allowed to - be empty. Instances of this - type with an empty value here - are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether - the ConfigMap or its key must - be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of - the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, status.podIPs.' properties: apiVersion: - description: Version of the - schema the FieldPath is written - in terms of, defaults to "v1". type: string fieldPath: - description: Path of the field - to select in the specified - API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource - of the container: only resources - limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, - requests.cpu, requests.memory - and requests.ephemeral-storage) - are currently supported.' properties: containerName: - description: 'Container name: - required for volumes, optional - for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output - format of the exposed resources, - defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource - to select' type: string required: - resource type: object x-kubernetes-map-type: atomic secretKeyRef: - description: Selects a key of a - secret in the pod's namespace properties: key: - description: The key of the - secret to select from. Must - be a valid secret key. type: string name: default: "" - description: 'Name of the referent. - This field is effectively - required, but due to backwards - compatibility is allowed to - be empty. Instances of this - type with an empty value here - are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether - the Secret or its key must - be defined type: boolean required: - key @@ -23081,275 +8001,89 @@ spec: type: object type: array hostIPC: - description: 'Use the host''s ipc namespace. - Optional: Default to false.' type: boolean hostNetwork: - description: Host networking requested for - this pod. Use the host's network namespace. - If this option is set, the ports that will - be used must be specified. Default to false. type: boolean hostPID: - description: 'Use the host''s pid namespace. - Optional: Default to false.' type: boolean imagePullSecrets: - description: 'ImagePullSecrets is an optional - list of references to secrets in the same - namespace to use for pulling any of the - images used by this PodSpec. If specified, - these secrets will be passed to individual - puller implementations for them to use. - More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' items: - description: LocalObjectReference contains - enough information to let you locate the - referenced object inside the same namespace. properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value here - are almost certainly wrong. TODO: - Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic type: array initContainers: - description: 'List of initialization containers - belonging to the pod. Init containers are - executed in order prior to containers being - started. If any init container fails, the - pod is considered to have failed and is - handled according to its restartPolicy. - The name for an init container or normal - container must be unique among all containers. - Init containers may not have Lifecycle actions, - Readiness probes, or Liveness probes. The - resourceRequirements of an init container - are taken into account during scheduling - by finding the highest request/limit for - each resource type, and then using the max - of of that value or the sum of the normal - containers. Limits are applied to init containers - in a similar fashion. Init containers cannot - currently be added or removed. Cannot be - updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' items: - description: A single application container - that you want to run within a pod. properties: args: - description: 'Arguments to the entrypoint. - The container image''s CMD is used - if this is not provided. Variable - references $(VAR_NAME) are expanded - using the container''s environment. - If a variable cannot be resolved, - the reference in the input string - will be unchanged. Double $$ are reduced - to a single $, which allows for escaping - the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" - will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, - regardless of whether the variable - exists or not. Cannot be updated. - More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array x-kubernetes-list-type: atomic command: - description: 'Entrypoint array. Not - executed within a shell. The container - image''s ENTRYPOINT is used if this - is not provided. Variable references - $(VAR_NAME) are expanded using the - container''s environment. If a variable - cannot be resolved, the reference - in the input string will be unchanged. - Double $$ are reduced to a single - $, which allows for escaping the $(VAR_NAME) - syntax: i.e. "$$(VAR_NAME)" will produce - the string literal "$(VAR_NAME)". - Escaped references will never be expanded, - regardless of whether the variable - exists or not. Cannot be updated. - More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array x-kubernetes-list-type: atomic env: - description: List of environment variables - to set in the container. Cannot be - updated. items: - description: EnvVar represents an - environment variable present in - a Container. properties: name: - description: Name of the environment - variable. Must be a C_IDENTIFIER. type: string value: - description: 'Variable references - $(VAR_NAME) are expanded using - the previously defined environment - variables in the container and - any service environment variables. - If a variable cannot be resolved, - the reference in the input string - will be unchanged. Double $$ - are reduced to a single $, which - allows for escaping the $(VAR_NAME) - syntax: i.e. "$$(VAR_NAME)" - will produce the string literal - "$(VAR_NAME)". Escaped references - will never be expanded, regardless - of whether the variable exists - or not. Defaults to "".' type: string valueFrom: - description: Source for the environment - variable's value. Cannot be - used if value is not empty. properties: configMapKeyRef: - description: Selects a key - of a ConfigMap. properties: key: - description: The key to - select. type: string name: default: "" - description: 'Name of - the referent. This field - is effectively required, - but due to backwards - compatibility is allowed - to be empty. Instances - of this type with an - empty value here are - almost certainly wrong. - TODO: Add other useful - fields. apiVersion, - kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether - the ConfigMap or its - key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field - of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, - status.podIPs.' properties: apiVersion: - description: Version of - the schema the FieldPath - is written in terms - of, defaults to "v1". type: string fieldPath: - description: Path of the - field to select in the - specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource - of the container: only resources - limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, - requests.cpu, requests.memory - and requests.ephemeral-storage) - are currently supported.' properties: containerName: - description: 'Container - name: required for volumes, - optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies - the output format of - the exposed resources, - defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: - resource to select' type: string required: - resource type: object x-kubernetes-map-type: atomic secretKeyRef: - description: Selects a key - of a secret in the pod's - namespace properties: key: - description: The key of - the secret to select - from. Must be a valid - secret key. type: string name: default: "" - description: 'Name of - the referent. This field - is effectively required, - but due to backwards - compatibility is allowed - to be empty. Instances - of this type with an - empty value here are - almost certainly wrong. - TODO: Add other useful - fields. apiVersion, - kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether - the Secret or its key - must be defined type: boolean required: - key @@ -23364,77 +8098,25 @@ spec: - name x-kubernetes-list-type: map envFrom: - description: List of sources to populate - environment variables in the container. - The keys defined within a source must - be a C_IDENTIFIER. All invalid keys - will be reported as an event when - the container is starting. When a - key exists in multiple sources, the - value associated with the last source - will take precedence. Values defined - by an Env with a duplicate key will - take precedence. Cannot be updated. items: - description: EnvFromSource represents - the source of a set of ConfigMaps properties: configMapRef: - description: The ConfigMap to - select from properties: name: default: "" - description: 'Name of the - referent. This field is - effectively required, but - due to backwards compatibility - is allowed to be empty. - Instances of this type with - an empty value here are - almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether - the ConfigMap must be defined type: boolean type: object x-kubernetes-map-type: atomic prefix: - description: An optional identifier - to prepend to each key in the - ConfigMap. Must be a C_IDENTIFIER. type: string secretRef: - description: The Secret to select - from properties: name: default: "" - description: 'Name of the - referent. This field is - effectively required, but - due to backwards compatibility - is allowed to be empty. - Instances of this type with - an empty value here are - almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether - the Secret must be defined type: boolean type: object x-kubernetes-map-type: atomic @@ -23442,94 +8124,31 @@ spec: type: array x-kubernetes-list-type: atomic image: - description: 'Container image name. - More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher - level config management to default - or override container images in workload - controllers like Deployments and StatefulSets.' type: string imagePullPolicy: - description: 'Image pull policy. One - of Always, Never, IfNotPresent. Defaults - to Always if :latest tag is specified, - or IfNotPresent otherwise. Cannot - be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' type: string lifecycle: - description: Actions that the management - system should take in response to - container lifecycle events. Cannot - be updated. properties: postStart: - description: 'PostStart is called - immediately after a container - is created. If the handler fails, - the container is terminated and - restarted according to its restart - policy. Other management of the - container blocks until the hook - completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: Exec specifies - the action to take. properties: command: - description: Command is - the command line to execute - inside the container, - the working directory - for the command is root - ('/') in the container's - filesystem. The command - is simply exec'd, it is - not run inside a shell, - so traditional shell instructions - ('|', etc) won't work. - To use a shell, you need - to explicitly call out - to that shell. Exit status - of 0 is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies - the http request to perform. properties: host: - description: Host name to - connect to, defaults to - the pod IP. You probably - want to set "Host" in - httpHeaders instead. type: string httpHeaders: - description: Custom headers - to set in the request. - HTTP allows repeated headers. items: - description: HTTPHeader - describes a custom header - to be used in HTTP probes properties: name: - description: The header - field name. This - will be canonicalized - upon output, so - case-variant names - will be understood - as the same header. type: string value: - description: The header - field value type: string required: - name @@ -23538,152 +8157,58 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access - on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number - of the port to access - on the container. Number - must be in the range 1 - to 65535. Name must be - an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use - for connecting to the - host. Defaults to HTTP. type: string required: - port type: object sleep: - description: Sleep represents - the duration that the container - should sleep before being - terminated. properties: seconds: - description: Seconds is - the number of seconds - to sleep. format: int64 type: integer required: - seconds type: object tcpSocket: - description: Deprecated. TCPSocket - is NOT supported as a LifecycleHandler - and kept for the backward - compatibility. There are no - validation of this field and - lifecycle hooks will fail - in runtime when tcp handler - is specified. properties: host: - description: 'Optional: - Host name to connect to, - defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name - of the port to access - on the container. Number - must be in the range 1 - to 65535. Name must be - an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: - description: 'PreStop is called - immediately before a container - is terminated due to an API request - or management event such as liveness/startup - probe failure, preemption, resource - contention, etc. The handler is - not called if the container crashes - or exits. The Pod''s termination - grace period countdown begins - before the PreStop hook is executed. - Regardless of the outcome of the - handler, the container will eventually - terminate within the Pod''s termination - grace period (unless delayed by - finalizers). Other management - of the container blocks until - the hook completes or until the - termination grace period is reached. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: Exec specifies - the action to take. properties: command: - description: Command is - the command line to execute - inside the container, - the working directory - for the command is root - ('/') in the container's - filesystem. The command - is simply exec'd, it is - not run inside a shell, - so traditional shell instructions - ('|', etc) won't work. - To use a shell, you need - to explicitly call out - to that shell. Exit status - of 0 is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies - the http request to perform. properties: host: - description: Host name to - connect to, defaults to - the pod IP. You probably - want to set "Host" in - httpHeaders instead. type: string httpHeaders: - description: Custom headers - to set in the request. - HTTP allows repeated headers. items: - description: HTTPHeader - describes a custom header - to be used in HTTP probes properties: name: - description: The header - field name. This - will be canonicalized - upon output, so - case-variant names - will be understood - as the same header. type: string value: - description: The header - field value type: string required: - name @@ -23692,68 +8217,33 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access - on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number - of the port to access - on the container. Number - must be in the range 1 - to 65535. Name must be - an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use - for connecting to the - host. Defaults to HTTP. type: string required: - port type: object sleep: - description: Sleep represents - the duration that the container - should sleep before being - terminated. properties: seconds: - description: Seconds is - the number of seconds - to sleep. format: int64 type: integer required: - seconds type: object tcpSocket: - description: Deprecated. TCPSocket - is NOT supported as a LifecycleHandler - and kept for the backward - compatibility. There are no - validation of this field and - lifecycle hooks will fail - in runtime when tcp handler - is specified. properties: host: - description: 'Optional: - Host name to connect to, - defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name - of the port to access - on the container. Number - must be in the range 1 - to 65535. Name must be - an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -23761,95 +8251,38 @@ spec: type: object type: object livenessProbe: - description: 'Periodic probe of container - liveness. Container will be restarted - if the probe fails. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the - action to take. properties: command: - description: Command is the - command line to execute inside - the container, the working - directory for the command is - root ('/') in the container's - filesystem. The command is - simply exec'd, it is not run - inside a shell, so traditional - shell instructions ('|', etc) - won't work. To use a shell, - you need to explicitly call - out to that shell. Exit status - of 0 is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive - failures for the probe to be considered - failed after having succeeded. - Defaults to 3. Minimum value is - 1. format: int32 type: integer grpc: - description: GRPC specifies an action - involving a GRPC port. properties: port: - description: Port number of - the gRPC service. Number must - be in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the - name of the service to place - in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, - the default behavior is defined - by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the - http request to perform. properties: host: - description: Host name to connect - to, defaults to the pod IP. - You probably want to set "Host" - in httpHeaders instead. type: string httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. items: - description: HTTPHeader describes - a custom header to be used - in HTTP probes properties: name: - description: The header - field name. This will - be canonicalized upon - output, so case-variant - names will be understood - as the same header. type: string value: - description: The header - field value type: string required: - name @@ -23858,164 +8291,62 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access - on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number - of the port to access on the - container. Number must be - in the range 1 to 65535. Name - must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for - connecting to the host. Defaults - to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds - after the container has started - before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) - to perform the probe. Default - to 10 seconds. Minimum value is - 1. format: int32 type: integer successThreshold: - description: Minimum consecutive - successes for the probe to be - considered successful after having - failed. Defaults to 1. Must be - 1 for liveness and startup. Minimum - value is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies - an action involving a TCP port. properties: host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name - of the port to access on the - container. Number must be - in the range 1 to 65535. Name - must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in - seconds the pod needs to terminate - gracefully upon probe failure. - The grace period is the duration - in seconds after the processes - running in the pod are sent a - termination signal and the time - when the processes are forcibly - halted with a kill signal. Set - this value longer than the expected - cleanup time for your process. - If this value is nil, the pod's - terminationGracePeriodSeconds - will be used. Otherwise, this - value overrides the value provided - by the pod spec. Value must be - non-negative integer. The value - zero indicates stop immediately - via the kill signal (no opportunity - to shut down). This is a beta - field and requires enabling ProbeTerminationGracePeriod - feature gate. Minimum value is - 1. spec.terminationGracePeriodSeconds - is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds - after which the probe times out. - Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object name: - description: Name of the container specified - as a DNS_LABEL. Each container in - a pod must have a unique name (DNS_LABEL). - Cannot be updated. type: string ports: - description: List of ports to expose - from the container. Not specifying - a port here DOES NOT prevent that - port from being exposed. Any port - which is listening on the default - "0.0.0.0" address inside a container - will be accessible from the network. - Modifying this array with strategic - merge patch may corrupt the data. - For more information See https://github.com/kubernetes/kubernetes/issues/108255. - Cannot be updated. items: - description: ContainerPort represents - a network port in a single container. properties: containerPort: - description: Number of port to - expose on the pod's IP address. - This must be a valid port number, - 0 < x < 65536. format: int32 type: integer hostIP: - description: What host IP to bind - the external port to. type: string hostPort: - description: Number of port to - expose on the host. If specified, - this must be a valid port number, - 0 < x < 65536. If HostNetwork - is specified, this must match - ContainerPort. Most containers - do not need this. format: int32 type: integer name: - description: If specified, this - must be an IANA_SVC_NAME and - unique within the pod. Each - named port in a pod must have - a unique name. Name for the - port that can be referred to - by services. type: string protocol: default: TCP - description: Protocol for port. - Must be UDP, TCP, or SCTP. Defaults - to "TCP". type: string required: - containerPort @@ -24026,96 +8357,38 @@ spec: - protocol x-kubernetes-list-type: map readinessProbe: - description: 'Periodic probe of container - service readiness. Container will - be removed from service endpoints - if the probe fails. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the - action to take. properties: command: - description: Command is the - command line to execute inside - the container, the working - directory for the command is - root ('/') in the container's - filesystem. The command is - simply exec'd, it is not run - inside a shell, so traditional - shell instructions ('|', etc) - won't work. To use a shell, - you need to explicitly call - out to that shell. Exit status - of 0 is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive - failures for the probe to be considered - failed after having succeeded. - Defaults to 3. Minimum value is - 1. format: int32 type: integer grpc: - description: GRPC specifies an action - involving a GRPC port. properties: port: - description: Port number of - the gRPC service. Number must - be in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the - name of the service to place - in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, - the default behavior is defined - by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the - http request to perform. properties: host: - description: Host name to connect - to, defaults to the pod IP. - You probably want to set "Host" - in httpHeaders instead. type: string httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. items: - description: HTTPHeader describes - a custom header to be used - in HTTP probes properties: name: - description: The header - field name. This will - be canonicalized upon - output, so case-variant - names will be understood - as the same header. type: string value: - description: The header - field value type: string required: - name @@ -24124,126 +8397,51 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access - on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number - of the port to access on the - container. Number must be - in the range 1 to 65535. Name - must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for - connecting to the host. Defaults - to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds - after the container has started - before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) - to perform the probe. Default - to 10 seconds. Minimum value is - 1. format: int32 type: integer successThreshold: - description: Minimum consecutive - successes for the probe to be - considered successful after having - failed. Defaults to 1. Must be - 1 for liveness and startup. Minimum - value is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies - an action involving a TCP port. properties: host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name - of the port to access on the - container. Number must be - in the range 1 to 65535. Name - must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in - seconds the pod needs to terminate - gracefully upon probe failure. - The grace period is the duration - in seconds after the processes - running in the pod are sent a - termination signal and the time - when the processes are forcibly - halted with a kill signal. Set - this value longer than the expected - cleanup time for your process. - If this value is nil, the pod's - terminationGracePeriodSeconds - will be used. Otherwise, this - value overrides the value provided - by the pod spec. Value must be - non-negative integer. The value - zero indicates stop immediately - via the kill signal (no opportunity - to shut down). This is a beta - field and requires enabling ProbeTerminationGracePeriod - feature gate. Minimum value is - 1. spec.terminationGracePeriodSeconds - is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds - after which the probe times out. - Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object resizePolicy: - description: Resources resize policy - for the container. items: - description: ContainerResizePolicy - represents resource resize policy - for the container. properties: resourceName: - description: 'Name of the resource - to which this resource resize - policy applies. Supported values: - cpu, memory.' type: string restartPolicy: - description: Restart policy to - apply when specified resource - is resized. If not specified, - it defaults to NotRequired. type: string required: - resourceName @@ -24252,30 +8450,11 @@ spec: type: array x-kubernetes-list-type: atomic resources: - description: 'Compute Resources required - by this container. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' properties: claims: - description: "Claims lists the names - of resources, defined in spec.resourceClaims, - that are used by this container. - \n This is an alpha field and - requires enabling the DynamicResourceAllocation - feature gate. \n This field is - immutable. It can only be set - for containers." items: - description: ResourceClaim references - one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match - the name of one entry in - pod.spec.resourceClaims - of the Pod where this field - is used. It makes that resource - available inside a container. type: string required: - name @@ -24291,9 +8470,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the - maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -24302,421 +8478,115 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes - the minimum amount of compute - resources required. If Requests - is omitted for a container, it - defaults to Limits if that is - explicitly specified, otherwise - to an implementation-defined value. - Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object restartPolicy: - description: 'RestartPolicy defines - the restart behavior of individual - containers in a pod. This field may - only be set for init containers, and - the only allowed value is "Always". - For non-init containers or when this - field is not specified, the restart - behavior is defined by the Pod''s - restart policy and the container type. - Setting the RestartPolicy as "Always" - for the init container will have the - following effect: this init container - will be continually restarted on exit - until all regular containers have - terminated. Once all regular containers - have completed, all init containers - with restartPolicy "Always" will be - shut down. This lifecycle differs - from normal init containers and is - often referred to as a "sidecar" container. - Although this init container still - starts in the init container sequence, - it does not wait for the container - to complete before proceeding to the - next init container. Instead, the - next init container starts immediately - after this init container is started, - or after any startupProbe has successfully - completed.' type: string securityContext: - description: 'SecurityContext defines - the security options the container - should be run with. If set, the fields - of SecurityContext override the equivalent - fields of PodSecurityContext. More - info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation - controls whether a process can - gain more privileges than its - parent process. This bool directly - controls if the no_new_privs flag - will be set on the container process. - AllowPrivilegeEscalation is true - always when the container is: - 1) run as Privileged 2) has CAP_SYS_ADMIN - Note that this field cannot be - set when spec.os.name is windows.' type: boolean appArmorProfile: - description: appArmorProfile is - the AppArmor options to use by - this container. If set, this profile - overrides the pod's appArmorProfile. - Note that this field cannot be - set when spec.os.name is windows. properties: localhostProfile: - description: localhostProfile - indicates a profile loaded - on the node that should be - used. The profile must be - preconfigured on the node - to work. Must match the loaded - name of the profile. Must - be set if and only if type - is "Localhost". type: string type: - description: 'type indicates - which kind of AppArmor profile - will be applied. Valid options - are: Localhost - a profile - pre-loaded on the node. RuntimeDefault - - the container runtime''s - default profile. Unconfined - - no AppArmor enforcement.' type: string required: - type type: object capabilities: - description: The capabilities to - add/drop when running containers. - Defaults to the default set of - capabilities granted by the container - runtime. Note that this field - cannot be set when spec.os.name - is windows. properties: add: - description: Added capabilities items: - description: Capability represent - POSIX capabilities type type: string type: array x-kubernetes-list-type: atomic drop: - description: Removed capabilities items: - description: Capability represent - POSIX capabilities type type: string type: array x-kubernetes-list-type: atomic type: object privileged: - description: Run container in privileged - mode. Processes in privileged - containers are essentially equivalent - to root on the host. Defaults - to false. Note that this field - cannot be set when spec.os.name - is windows. type: boolean procMount: - description: procMount denotes the - type of proc mount to use for - the containers. The default is - DefaultProcMount which uses the - container runtime defaults for - readonly paths and masked paths. - This requires the ProcMountType - feature flag to be enabled. Note - that this field cannot be set - when spec.os.name is windows. type: string readOnlyRootFilesystem: - description: Whether this container - has a read-only root filesystem. - Default is false. Note that this - field cannot be set when spec.os.name - is windows. type: boolean runAsGroup: - description: The GID to run the - entrypoint of the container process. - Uses runtime default if unset. - May also be set in PodSecurityContext. If - set in both SecurityContext and - PodSecurityContext, the value - specified in SecurityContext takes - precedence. Note that this field - cannot be set when spec.os.name - is windows. format: int64 type: integer runAsNonRoot: - description: Indicates that the - container must run as a non-root - user. If true, the Kubelet will - validate the image at runtime - to ensure that it does not run - as UID 0 (root) and fail to start - the container if it does. If unset - or false, no such validation will - be performed. May also be set - in PodSecurityContext. If set - in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. type: boolean runAsUser: - description: The UID to run the - entrypoint of the container process. - Defaults to user specified in - image metadata if unspecified. - May also be set in PodSecurityContext. If - set in both SecurityContext and - PodSecurityContext, the value - specified in SecurityContext takes - precedence. Note that this field - cannot be set when spec.os.name - is windows. format: int64 type: integer seLinuxOptions: - description: The SELinux context - to be applied to the container. - If unspecified, the container - runtime will allocate a random - SELinux context for each container. May - also be set in PodSecurityContext. If - set in both SecurityContext and - PodSecurityContext, the value - specified in SecurityContext takes - precedence. Note that this field - cannot be set when spec.os.name - is windows. properties: level: - description: Level is SELinux - level label that applies to - the container. type: string role: - description: Role is a SELinux - role label that applies to - the container. type: string type: - description: Type is a SELinux - type label that applies to - the container. type: string user: - description: User is a SELinux - user label that applies to - the container. type: string type: object seccompProfile: - description: The seccomp options - to use by this container. If seccomp - options are provided at both the - pod & container level, the container - options override the pod options. - Note that this field cannot be - set when spec.os.name is windows. properties: localhostProfile: - description: localhostProfile - indicates a profile defined - in a file on the node should - be used. The profile must - be preconfigured on the node - to work. Must be a descending - path, relative to the kubelet's - configured seccomp profile - location. Must be set if type - is "Localhost". Must NOT be - set for any other type. type: string type: - description: "type indicates - which kind of seccomp profile - will be applied. Valid options - are: \n Localhost - a profile - defined in a file on the node - should be used. RuntimeDefault - - the container runtime default - profile should be used. Unconfined - - no profile should be applied." type: string required: - type type: object windowsOptions: - description: The Windows specific - settings applied to all containers. - If unspecified, the options from - the PodSecurityContext will be - used. If set in both SecurityContext - and PodSecurityContext, the value - specified in SecurityContext takes - precedence. Note that this field - cannot be set when spec.os.name - is linux. properties: gmsaCredentialSpec: - description: GMSACredentialSpec - is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the - GMSA credential spec named - by the GMSACredentialSpecName - field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName - is the name of the GMSA credential - spec to use. type: string hostProcess: - description: HostProcess determines - if a container should be run - as a 'Host Process' container. - All of a Pod's containers - must have the same effective - HostProcess value (it is not - allowed to have a mix of HostProcess - containers and non-HostProcess - containers). In addition, - if HostProcess is true then - HostNetwork must also be set - to true. type: boolean runAsUserName: - description: The UserName in - Windows to run the entrypoint - of the container process. - Defaults to the user specified - in image metadata if unspecified. - May also be set in PodSecurityContext. - If set in both SecurityContext - and PodSecurityContext, the - value specified in SecurityContext - takes precedence. type: string type: object type: object startupProbe: - description: 'StartupProbe indicates - that the Pod has successfully initialized. - If specified, no other probes are - executed until this completes successfully. - If this probe fails, the Pod will - be restarted, just as if the livenessProbe - failed. This can be used to provide - different probe parameters at the - beginning of a Pod''s lifecycle, when - it might take a long time to load - data or warm a cache, than during - steady-state operation. This cannot - be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the - action to take. properties: command: - description: Command is the - command line to execute inside - the container, the working - directory for the command is - root ('/') in the container's - filesystem. The command is - simply exec'd, it is not run - inside a shell, so traditional - shell instructions ('|', etc) - won't work. To use a shell, - you need to explicitly call - out to that shell. Exit status - of 0 is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive - failures for the probe to be considered - failed after having succeeded. - Defaults to 3. Minimum value is - 1. format: int32 type: integer grpc: - description: GRPC specifies an action - involving a GRPC port. properties: port: - description: Port number of - the gRPC service. Number must - be in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the - name of the service to place - in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, - the default behavior is defined - by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the - http request to perform. properties: host: - description: Host name to connect - to, defaults to the pod IP. - You probably want to set "Host" - in httpHeaders instead. type: string httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. items: - description: HTTPHeader describes - a custom header to be used - in HTTP probes properties: name: - description: The header - field name. This will - be canonicalized upon - output, so case-variant - names will be understood - as the same header. type: string value: - description: The header - field value type: string required: - name @@ -24725,186 +8595,61 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access - on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number - of the port to access on the - container. Number must be - in the range 1 to 65535. Name - must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for - connecting to the host. Defaults - to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds - after the container has started - before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) - to perform the probe. Default - to 10 seconds. Minimum value is - 1. format: int32 type: integer successThreshold: - description: Minimum consecutive - successes for the probe to be - considered successful after having - failed. Defaults to 1. Must be - 1 for liveness and startup. Minimum - value is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies - an action involving a TCP port. properties: host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name - of the port to access on the - container. Number must be - in the range 1 to 65535. Name - must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in - seconds the pod needs to terminate - gracefully upon probe failure. - The grace period is the duration - in seconds after the processes - running in the pod are sent a - termination signal and the time - when the processes are forcibly - halted with a kill signal. Set - this value longer than the expected - cleanup time for your process. - If this value is nil, the pod's - terminationGracePeriodSeconds - will be used. Otherwise, this - value overrides the value provided - by the pod spec. Value must be - non-negative integer. The value - zero indicates stop immediately - via the kill signal (no opportunity - to shut down). This is a beta - field and requires enabling ProbeTerminationGracePeriod - feature gate. Minimum value is - 1. spec.terminationGracePeriodSeconds - is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds - after which the probe times out. - Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object stdin: - description: Whether this container - should allocate a buffer for stdin - in the container runtime. If this - is not set, reads from stdin in the - container will always result in EOF. - Default is false. type: boolean stdinOnce: - description: Whether the container runtime - should close the stdin channel after - it has been opened by a single attach. - When stdin is true the stdin stream - will remain open across multiple attach - sessions. If stdinOnce is set to true, - stdin is opened on container start, - is empty until the first client attaches - to stdin, and then remains open and - accepts data until the client disconnects, - at which time stdin is closed and - remains closed until the container - is restarted. If this flag is false, - a container processes that reads from - stdin will never receive an EOF. Default - is false type: boolean terminationMessagePath: - description: 'Optional: Path at which - the file to which the container''s - termination message will be written - is mounted into the container''s filesystem. - Message written is intended to be - brief final status, such as an assertion - failure message. Will be truncated - by the node if greater than 4096 bytes. - The total message length across all - containers will be limited to 12kb. - Defaults to /dev/termination-log. - Cannot be updated.' type: string terminationMessagePolicy: - description: Indicate how the termination - message should be populated. File - will use the contents of terminationMessagePath - to populate the container status message - on both success and failure. FallbackToLogsOnError - will use the last chunk of container - log output if the termination message - file is empty and the container exited - with an error. The log output is limited - to 2048 bytes or 80 lines, whichever - is smaller. Defaults to File. Cannot - be updated. type: string tty: - description: Whether this container - should allocate a TTY for itself, - also requires 'stdin' to be true. - Default is false. type: boolean volumeDevices: - description: volumeDevices is the list - of block devices to be used by the - container. items: - description: volumeDevice describes - a mapping of a raw block device - within a container. properties: devicePath: - description: devicePath is the - path inside of the container - that the device will be mapped - to. type: string name: - description: name must match the - name of a persistentVolumeClaim - in the pod type: string required: - devicePath @@ -24915,87 +8660,21 @@ spec: - devicePath x-kubernetes-list-type: map volumeMounts: - description: Pod volumes to mount into - the container's filesystem. Cannot - be updated. items: - description: VolumeMount describes - a mounting of a Volume within a - container. properties: mountPath: - description: Path within the container - at which the volume should be - mounted. Must not contain ':'. type: string mountPropagation: - description: mountPropagation - determines how mounts are propagated - from the host to container and - the other way around. When not - set, MountPropagationNone is - used. This field is beta in - 1.10. When RecursiveReadOnly - is set to IfPossible or to Enabled, - MountPropagation must be None - or unspecified (which defaults - to None). type: string name: - description: This must match the - Name of a Volume. type: string readOnly: - description: Mounted read-only - if true, read-write otherwise - (false or unspecified). Defaults - to false. type: boolean recursiveReadOnly: - description: "RecursiveReadOnly - specifies whether read-only - mounts should be handled recursively. - \n If ReadOnly is false, this - field has no meaning and must - be unspecified. \n If ReadOnly - is true, and this field is set - to Disabled, the mount is not - made recursively read-only. - \ If this field is set to IfPossible, - the mount is made recursively - read-only, if it is supported - by the container runtime. If - this field is set to Enabled, - the mount is made recursively - read-only if it is supported - by the container runtime, otherwise - the pod will not be started - and an error will be generated - to indicate the reason. \n If - this field is set to IfPossible - or Enabled, MountPropagation - must be set to None (or be unspecified, - which defaults to None). \n - If this field is not specified, - it is treated as an equivalent - of Disabled." type: string subPath: - description: Path within the volume - from which the container's volume - should be mounted. Defaults - to "" (volume's root). type: string subPathExpr: - description: Expanded path within - the volume from which the container's - volume should be mounted. Behaves - similarly to SubPath but environment - variable references $(VAR_NAME) - are expanded using the container's - environment. Defaults to "" - (volume's root). SubPathExpr - and SubPath are mutually exclusive. type: string required: - mountPath @@ -25006,83 +8685,33 @@ spec: - mountPath x-kubernetes-list-type: map workingDir: - description: Container's working directory. - If not specified, the container runtime's - default will be used, which might - be configured in the container image. - Cannot be updated. type: string required: - name type: object type: array lifecycle: - description: Actions that the management system - should take in response to container lifecycle - events. Cannot be updated. properties: postStart: - description: 'PostStart is called immediately - after a container is created. If the - handler fails, the container is terminated - and restarted according to its restart - policy. Other management of the container - blocks until the hook completes. More - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: Exec specifies the action - to take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the - command is root ('/') in the - container's filesystem. The - command is simply exec'd, it - is not run inside a shell, so - traditional shell instructions - ('|', etc) won't work. To use - a shell, you need to explicitly - call out to that shell. Exit - status of 0 is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the - http request to perform. properties: host: - description: Host name to connect - to, defaults to the pod IP. - You probably want to set "Host" - in httpHeaders instead. type: string httpHeaders: - description: Custom headers to - set in the request. HTTP allows - repeated headers. items: - description: HTTPHeader describes - a custom header to be used - in HTTP probes properties: name: - description: The header - field name. This will - be canonicalized upon - output, so case-variant - names will be understood - as the same header. type: string value: - description: The header - field value type: string required: - name @@ -25091,138 +8720,58 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on - the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for - connecting to the host. Defaults - to HTTP. type: string required: - port type: object sleep: - description: Sleep represents the - duration that the container should - sleep before being terminated. properties: seconds: - description: Seconds is the number - of seconds to sleep. format: int64 type: integer required: - seconds type: object tcpSocket: - description: Deprecated. TCPSocket - is NOT supported as a LifecycleHandler - and kept for the backward compatibility. - There are no validation of this - field and lifecycle hooks will fail - in runtime when tcp handler is specified. properties: host: - description: 'Optional: Host name - to connect to, defaults to the - pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: - description: 'PreStop is called immediately - before a container is terminated due - to an API request or management event - such as liveness/startup probe failure, - preemption, resource contention, etc. - The handler is not called if the container - crashes or exits. The Pod''s termination - grace period countdown begins before - the PreStop hook is executed. Regardless - of the outcome of the handler, the container - will eventually terminate within the - Pod''s termination grace period (unless - delayed by finalizers). Other management - of the container blocks until the hook - completes or until the termination grace - period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: Exec specifies the action - to take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the - command is root ('/') in the - container's filesystem. The - command is simply exec'd, it - is not run inside a shell, so - traditional shell instructions - ('|', etc) won't work. To use - a shell, you need to explicitly - call out to that shell. Exit - status of 0 is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the - http request to perform. properties: host: - description: Host name to connect - to, defaults to the pod IP. - You probably want to set "Host" - in httpHeaders instead. type: string httpHeaders: - description: Custom headers to - set in the request. HTTP allows - repeated headers. items: - description: HTTPHeader describes - a custom header to be used - in HTTP probes properties: name: - description: The header - field name. This will - be canonicalized upon - output, so case-variant - names will be understood - as the same header. type: string value: - description: The header - field value type: string required: - name @@ -25231,62 +8780,33 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on - the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for - connecting to the host. Defaults - to HTTP. type: string required: - port type: object sleep: - description: Sleep represents the - duration that the container should - sleep before being terminated. properties: seconds: - description: Seconds is the number - of seconds to sleep. format: int64 type: integer required: - seconds type: object tcpSocket: - description: Deprecated. TCPSocket - is NOT supported as a LifecycleHandler - and kept for the backward compatibility. - There are no validation of this - field and lifecycle hooks will fail - in runtime when tcp handler is specified. properties: host: - description: 'Optional: Host name - to connect to, defaults to the - pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -25294,91 +8814,38 @@ spec: type: object type: object livenessProbe: - description: 'Periodic probe of container - liveness. Container will be restarted if - the probe fails. Controllers may set default - LivenessProbe if no liveness probe is provided. - To ignore defaulting, set the value to empty - LivenessProbe "{}". Cannot be updated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action - to take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it - is not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to - explicitly call out to that shell. - Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults to - 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action - involving a GRPC port. properties: port: - description: Port number of the gRPC - service. Number must be in the range - 1 to 65535. format: int32 type: integer service: - description: "Service is the name - of the service to place in the gRPC - HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the - default behavior is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http - request to perform. properties: host: - description: Host name to connect - to, defaults to the pod IP. You - probably want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers to set - in the request. HTTP allows repeated - headers. items: - description: HTTPHeader describes - a custom header to be used in - HTTP probes properties: name: - description: The header field - name. This will be canonicalized - upon output, so case-variant - names will be understood as - the same header. type: string value: - description: The header field - value type: string required: - name @@ -25387,234 +8854,95 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the - HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the - port to access on the container. - Number must be in the range 1 to - 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after - the container has started before liveness - probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to - perform the probe. Default to 10 seconds. - Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to 1. - Must be 1 for liveness and startup. - Minimum value is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action - involving a TCP port. properties: host: - description: 'Optional: Host name - to connect to, defaults to the pod - IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the - port to access on the container. - Number must be in the range 1 to - 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds - the pod needs to terminate gracefully - upon probe failure. The grace period - is the duration in seconds after the - processes running in the pod are sent - a termination signal and the time when - the processes are forcibly halted with - a kill signal. Set this value longer - than the expected cleanup time for your - process. If this value is nil, the pod's - terminationGracePeriodSeconds will be - used. Otherwise, this value overrides - the value provided by the pod spec. - Value must be non-negative integer. - The value zero indicates stop immediately - via the kill signal (no opportunity - to shut down). This is a beta field - and requires enabling ProbeTerminationGracePeriod - feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after - which the probe times out. Defaults - to 1 second. Minimum value is 1. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object nodeSelector: additionalProperties: type: string - description: 'NodeSelector is a selector which - must be true for the pod to fit on a node. - Selector which must match a node''s labels - for the pod to be scheduled on that node. - More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' type: object x-kubernetes-map-type: atomic podPlacementPolicy: - description: PodPlacementPolicy is the reference - of the podPlacementPolicy properties: name: default: "" - description: 'Name of the referent. This - field is effectively required, but due - to backwards compatibility is allowed - to be empty. Instances of this type - with an empty value here are almost - certainly wrong. TODO: Add other useful - fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic priority: - description: The priority value. Various system - components use this field to find the priority - of the pod. When Priority Admission Controller - is enabled, it prevents users from setting - this field. The admission controller populates - this field from PriorityClassName. The higher - the value, the higher the priority. format: int32 type: integer priorityClassName: - description: If specified, indicates the pod's - priority. "system-node-critical" and "system-cluster-critical" - are two special keywords which indicate - the highest priorities with the former being - the highest priority. Any other name must - be defined by creating a PriorityClass object - with that name. If not specified, the pod - priority will be default or zero if there - is no default. type: string readinessProbe: - description: 'Periodic probe of container - service readiness. Container will be removed - from service endpoints if the probe fails. - Cannot be updated. Controllers may set default - ReadinessProbe if no readyness probe is - provided. To ignore defaulting, set the - value to empty ReadynessProbe "{}". More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action - to take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it - is not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to - explicitly call out to that shell. - Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults to - 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action - involving a GRPC port. properties: port: - description: Port number of the gRPC - service. Number must be in the range - 1 to 65535. format: int32 type: integer service: - description: "Service is the name - of the service to place in the gRPC - HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the - default behavior is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http - request to perform. properties: host: - description: Host name to connect - to, defaults to the pod IP. You - probably want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers to set - in the request. HTTP allows repeated - headers. items: - description: HTTPHeader describes - a custom header to be used in - HTTP probes properties: name: - description: The header field - name. This will be canonicalized - upon output, so case-variant - names will be understood as - the same header. type: string value: - description: The header field - value type: string required: - name @@ -25623,119 +8951,51 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the - HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the - port to access on the container. - Number must be in the range 1 to - 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after - the container has started before liveness - probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to - perform the probe. Default to 10 seconds. - Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to 1. - Must be 1 for liveness and startup. - Minimum value is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action - involving a TCP port. properties: host: - description: 'Optional: Host name - to connect to, defaults to the pod - IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the - port to access on the container. - Number must be in the range 1 to - 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds - the pod needs to terminate gracefully - upon probe failure. The grace period - is the duration in seconds after the - processes running in the pod are sent - a termination signal and the time when - the processes are forcibly halted with - a kill signal. Set this value longer - than the expected cleanup time for your - process. If this value is nil, the pod's - terminationGracePeriodSeconds will be - used. Otherwise, this value overrides - the value provided by the pod spec. - Value must be non-negative integer. - The value zero indicates stop immediately - via the kill signal (no opportunity - to shut down). This is a beta field - and requires enabling ProbeTerminationGracePeriod - feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after - which the probe times out. Defaults - to 1 second. Minimum value is 1. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object resources: - description: Compute Resources required by - the sidecar container. properties: claims: - description: "Claims lists the names of - resources, defined in spec.resourceClaims, - that are used by this container. \n - This is an alpha field and requires - enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. - It can only be set for containers." items: - description: ResourceClaim references - one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the - name of one entry in pod.spec.resourceClaims - of the Pod where this field is - used. It makes that resource available - inside a container. type: string required: - name @@ -25751,9 +9011,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum - amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -25762,229 +9019,68 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum - amount of compute resources required. - If Requests is omitted for a container, - it defaults to Limits if that is explicitly - specified, otherwise to an implementation-defined - value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object runtimeClassName: - description: 'RuntimeClassName refers to a - RuntimeClass object in the node.k8s.io group, - which should be used to run this pod. If - no RuntimeClass resource matches the named - class, the pod will not be run. If unset - or empty, the "legacy" RuntimeClass will - be used, which is an implicit class with - an empty definition that uses the default - runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class' type: string schedulerName: - description: If specified, the pod will be - dispatched by specified scheduler. If not - specified, the pod will be dispatched by - default scheduler. type: string securityContext: - description: 'SecurityContext holds pod-level - security attributes and common container - settings. Optional: Defaults to empty. See - type description for default values of each - field.' properties: appArmorProfile: - description: appArmorProfile is the AppArmor - options to use by the containers in - this pod. Note that this field cannot - be set when spec.os.name is windows. properties: localhostProfile: - description: localhostProfile indicates - a profile loaded on the node that - should be used. The profile must - be preconfigured on the node to - work. Must match the loaded name - of the profile. Must be set if and - only if type is "Localhost". type: string type: - description: 'type indicates which - kind of AppArmor profile will be - applied. Valid options are: Localhost - - a profile pre-loaded on the node. - RuntimeDefault - the container runtime''s - default profile. Unconfined - no - AppArmor enforcement.' type: string required: - type type: object fsGroup: - description: "A special supplemental group - that applies to all containers in a - pod. Some volume types allow the Kubelet - to change the ownership of that volume - to be owned by the pod: \n 1. The owning - GID will be the FSGroup 2. The setgid - bit is set (new files created in the - volume will be owned by FSGroup) 3. - The permission bits are OR'd with rw-rw---- - \n If unset, the Kubelet will not modify - the ownership and permissions of any - volume. Note that this field cannot - be set when spec.os.name is windows." format: int64 type: integer fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines - behavior of changing ownership and permission - of the volume before being exposed inside - Pod. This field will only apply to volume - types which support fsGroup based ownership(and - permissions). It will have no effect - on ephemeral volume types such as: secret, - configmaps and emptydir. Valid values - are "OnRootMismatch" and "Always". If - not specified, "Always" is used. Note - that this field cannot be set when spec.os.name - is windows.' type: string runAsGroup: - description: The GID to run the entrypoint - of the container process. Uses runtime - default if unset. May also be set in - SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified - in SecurityContext takes precedence - for that container. Note that this field - cannot be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: - description: Indicates that the container - must run as a non-root user. If true, - the Kubelet will validate the image - at runtime to ensure that it does not - run as UID 0 (root) and fail to start - the container if it does. If unset or - false, no such validation will be performed. - May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint - of the container process. Defaults to - user specified in image metadata if - unspecified. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence for that container. - Note that this field cannot be set when - spec.os.name is windows. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be - applied to all containers. If unspecified, - the container runtime will allocate - a random SELinux context for each container. May - also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence for that container. - Note that this field cannot be set when - spec.os.name is windows. properties: level: - description: Level is SELinux level - label that applies to the container. type: string role: - description: Role is a SELinux role - label that applies to the container. type: string type: - description: Type is a SELinux type - label that applies to the container. type: string user: - description: User is a SELinux user - label that applies to the container. type: string type: object seccompProfile: - description: The seccomp options to use - by the containers in this pod. Note - that this field cannot be set when spec.os.name - is windows. properties: localhostProfile: - description: localhostProfile indicates - a profile defined in a file on the - node should be used. The profile - must be preconfigured on the node - to work. Must be a descending path, - relative to the kubelet's configured - seccomp profile location. Must be - set if type is "Localhost". Must - NOT be set for any other type. type: string type: - description: "type indicates which - kind of seccomp profile will be - applied. Valid options are: \n Localhost - - a profile defined in a file on - the node should be used. RuntimeDefault - - the container runtime default - profile should be used. Unconfined - - no profile should be applied." type: string required: - type type: object supplementalGroups: - description: A list of groups applied - to the first process run in each container, - in addition to the container's primary - GID, the fsGroup (if specified), and - group memberships defined in the container - image for the uid of the container process. - If unspecified, no additional groups - are added to any container. Note that - group memberships defined in the container - image for the uid of the container process - are still effective, even if they are - not included in this list. Note that - this field cannot be set when spec.os.name - is windows. items: format: int64 type: integer type: array x-kubernetes-list-type: atomic sysctls: - description: Sysctls hold a list of namespaced - sysctls used for the pod. Pods with - unsupported sysctls (by the container - runtime) might fail to launch. Note - that this field cannot be set when spec.os.name - is windows. items: - description: Sysctl defines a kernel - parameter to be set properties: name: - description: Name of a property - to set type: string value: - description: Value of a property - to set type: string required: - name @@ -25993,189 +9089,53 @@ spec: type: array x-kubernetes-list-type: atomic windowsOptions: - description: The Windows specific settings - applied to all containers. If unspecified, - the options within a container's SecurityContext - will be used. If set in both SecurityContext - and PodSecurityContext, the value specified - in SecurityContext takes precedence. - Note that this field cannot be set when - spec.os.name is linux. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is - where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA - credential spec named by the GMSACredentialSpecName - field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName - is the name of the GMSA credential - spec to use. type: string hostProcess: - description: HostProcess determines - if a container should be run as - a 'Host Process' container. All - of a Pod's containers must have - the same effective HostProcess value - (it is not allowed to have a mix - of HostProcess containers and non-HostProcess - containers). In addition, if HostProcess - is true then HostNetwork must also - be set to true. type: boolean runAsUserName: - description: The UserName in Windows - to run the entrypoint of the container - process. Defaults to the user specified - in image metadata if unspecified. - May also be set in PodSecurityContext. - If set in both SecurityContext and - PodSecurityContext, the value specified - in SecurityContext takes precedence. type: string type: object type: object serviceAccountName: - description: 'ServiceAccountName is the name - of the ServiceAccount to use to run this - pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' type: string shareProcessNamespace: - description: 'Share a single process namespace - between all of the containers in a pod. - When this is set containers will be able - to view and signal processes from other - containers in the same pod, and the first - process in each container will not be assigned - PID 1. HostPID and ShareProcessNamespace - cannot both be set. Optional: Default to - false.' type: boolean terminationGracePeriodSeconds: - description: Optional duration in seconds - the pod needs to terminate gracefully. May - be decreased in delete request. Value must - be non-negative integer. The value zero - indicates stop immediately via the kill - signal (no opportunity to shut down). If - this value is nil, the default grace period - will be used instead. The grace period is - the duration in seconds after the processes - running in the pod are sent a termination - signal and the time when the processes are - forcibly halted with a kill signal. Set - this value longer than the expected cleanup - time for your process. Defaults to 30 seconds. format: int64 type: integer tolerations: - description: If specified, the pod's tolerations. items: - description: The pod this Toleration is - attached to tolerates any taint that matches - the triple using the - matching operator . properties: effect: - description: Effect indicates the taint - effect to match. Empty means match - all taint effects. When specified, - allowed values are NoSchedule, PreferNoSchedule - and NoExecute. type: string key: - description: Key is the taint key that - the toleration applies to. Empty means - match all taint keys. If the key is - empty, operator must be Exists; this - combination means to match all values - and all keys. type: string operator: - description: Operator represents a key's - relationship to the value. Valid operators - are Exists and Equal. Defaults to - Equal. Exists is equivalent to wildcard - for value, so that a pod can tolerate - all taints of a particular category. type: string tolerationSeconds: - description: TolerationSeconds represents - the period of time the toleration - (which must be of effect NoExecute, - otherwise this field is ignored) tolerates - the taint. By default, it is not set, - which means tolerate the taint forever - (do not evict). Zero and negative - values will be treated as 0 (evict - immediately) by the system. format: int64 type: integer value: - description: Value is the taint value - the toleration matches to. If the - operator is Exists, the value should - be empty, otherwise just a regular - string. type: string type: object type: array topologySpreadConstraints: - description: TopologySpreadConstraints describes - how a group of pods ought to spread across - topology domains. Scheduler will schedule - pods in a way which abides by the constraints. - All topologySpreadConstraints are ANDed. items: - description: TopologySpreadConstraint specifies - how to spread matching pods among the - given topology. properties: labelSelector: - description: LabelSelector is used to - find matching pods. Pods that match - this label selector are counted to - determine the number of pods in their - corresponding topology domain. properties: matchExpressions: - description: matchExpressions is - a list of label selector requirements. - The requirements are ANDed. items: - description: A label selector - requirement is a selector that - contains values, a key, and - an operator that relates the - key and values. properties: key: - description: key is the label - key that the selector applies - to. type: string operator: - description: operator represents - a key's relationship to - a set of values. Valid operators - are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an - array of string values. - If the operator is In or - NotIn, the values array - must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be - empty. This array is replaced - during a strategic merge - patch. items: type: string type: array @@ -26189,183 +9149,27 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map - of {key,value} pairs. A single - {key,value} in the matchLabels - map is equivalent to an element - of matchExpressions, whose key - field is "key", the operator is - "In", and the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: "MatchLabelKeys is a set - of pod label keys to select the pods - over which spreading will be calculated. - The keys are used to lookup values - from the incoming pod labels, those - key-value labels are ANDed with labelSelector - to select the group of existing pods - over which spreading will be calculated - for the incoming pod. The same key - is forbidden to exist in both MatchLabelKeys - and LabelSelector. MatchLabelKeys - cannot be set when LabelSelector isn't - set. Keys that don't exist in the - incoming pod labels will be ignored. - A null or empty list means only match - against labelSelector. \n This is - a beta field and requires the MatchLabelKeysInPodTopologySpread - feature gate to be enabled (enabled - by default)." items: type: string type: array x-kubernetes-list-type: atomic maxSkew: - description: 'MaxSkew describes the - degree to which pods may be unevenly - distributed. When `whenUnsatisfiable=DoNotSchedule`, - it is the maximum permitted difference - between the number of matching pods - in the target topology and the global - minimum. The global minimum is the - minimum number of matching pods in - an eligible domain or zero if the - number of eligible domains is less - than MinDomains. For example, in a - 3-zone cluster, MaxSkew is set to - 1, and pods with the same labelSelector - spread as 2/2/1: In this case, the - global minimum is 1. | zone1 | zone2 - | zone3 | | P P | P P | P | - - if MaxSkew is 1, incoming pod can - only be scheduled to zone3 to become - 2/2/2; scheduling it onto zone1(zone2) - would make the ActualSkew(3-1) on - zone1(zone2) violate MaxSkew(1). - - if MaxSkew is 2, incoming pod can - be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, - it is used to give higher precedence - to topologies that satisfy it. It''s - a required field. Default value is - 1 and 0 is not allowed.' format: int32 type: integer minDomains: - description: "MinDomains indicates a - minimum number of eligible domains. - When the number of eligible domains - with matching topology keys is less - than minDomains, Pod Topology Spread - treats \"global minimum\" as 0, and - then the calculation of Skew is performed. - And when the number of eligible domains - with matching topology keys equals - or greater than minDomains, this value - has no effect on scheduling. As a - result, when the number of eligible - domains is less than minDomains, scheduler - won't schedule more than maxSkew Pods - to those domains. If value is nil, - the constraint behaves as if MinDomains - is equal to 1. Valid values are integers - greater than 0. When value is not - nil, WhenUnsatisfiable must be DoNotSchedule. - \n For example, in a 3-zone cluster, - MaxSkew is set to 2, MinDomains is - set to 5 and pods with the same labelSelector - spread as 2/2/2: | zone1 | zone2 | - zone3 | | P P | P P | P P | - The number of domains is less than - 5(MinDomains), so \"global minimum\" - is treated as 0. In this situation, - new pod with the same labelSelector - cannot be scheduled, because computed - skew will be 3(3 - 0) if new Pod is - scheduled to any of the three zones, - it will violate MaxSkew." format: int32 type: integer nodeAffinityPolicy: - description: "NodeAffinityPolicy indicates - how we will treat Pod's nodeAffinity/nodeSelector - when calculating pod topology spread - skew. Options are: - Honor: only nodes - matching nodeAffinity/nodeSelector - are included in the calculations. - - Ignore: nodeAffinity/nodeSelector - are ignored. All nodes are included - in the calculations. \n If this value - is nil, the behavior is equivalent - to the Honor policy. This is a beta-level - feature default enabled by the NodeInclusionPolicyInPodTopologySpread - feature flag." type: string nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates - how we will treat node taints when - calculating pod topology spread skew. - Options are: - Honor: nodes without - taints, along with tainted nodes for - which the incoming pod has a toleration, - are included. - Ignore: node taints - are ignored. All nodes are included. - \n If this value is nil, the behavior - is equivalent to the Ignore policy. - This is a beta-level feature default - enabled by the NodeInclusionPolicyInPodTopologySpread - feature flag." type: string topologyKey: - description: TopologyKey is the key - of node labels. Nodes that have a - label with this key and identical - values are considered to be in the - same topology. We consider each as a "bucket", and try to put - balanced number of pods into each - bucket. We define a domain as a particular - instance of a topology. Also, we define - an eligible domain as a domain whose - nodes meet the requirements of nodeAffinityPolicy - and nodeTaintsPolicy. e.g. If TopologyKey - is "kubernetes.io/hostname", each - Node is a domain of that topology. - And, if TopologyKey is "topology.kubernetes.io/zone", - each zone is a domain of that topology. - It's a required field. type: string whenUnsatisfiable: - description: 'WhenUnsatisfiable indicates - how to deal with a pod if it doesn''t - satisfy the spread constraint. - DoNotSchedule - (default) tells the scheduler not - to schedule it. - ScheduleAnyway tells - the scheduler to schedule the pod - in any location, but giving higher - precedence to topologies that would - help reduce the skew. A constraint - is considered "Unsatisfiable" for - an incoming pod if and only if every - possible node assignment for that - pod would violate "MaxSkew" on some - topology. For example, in a 3-zone - cluster, MaxSkew is set to 1, and - pods with the same labelSelector spread - as 3/1/1: | zone1 | zone2 | zone3 - | | P P P | P | P | If WhenUnsatisfiable - is set to DoNotSchedule, incoming - pod can only be scheduled to zone2(zone3) - to become 3/2/1(3/1/2) as ActualSkew(2-1) - on zone2(zone3) satisfies MaxSkew(1). - In other words, the cluster can still - be imbalanced, but scheduler won''t - make it *more* imbalanced. It''s a - required field.' type: string required: - maxSkew @@ -26378,76 +9182,21 @@ spec: - whenUnsatisfiable x-kubernetes-list-type: map volumeMounts: - description: Pod volumes to mount into the - container's filesystem. Cannot be updated. items: - description: VolumeMount describes a mounting - of a Volume within a container. properties: mountPath: - description: Path within the container - at which the volume should be mounted. Must - not contain ':'. type: string mountPropagation: - description: mountPropagation determines - how mounts are propagated from the - host to container and the other way - around. When not set, MountPropagationNone - is used. This field is beta in 1.10. - When RecursiveReadOnly is set to IfPossible - or to Enabled, MountPropagation must - be None or unspecified (which defaults - to None). type: string name: - description: This must match the Name - of a Volume. type: string readOnly: - description: Mounted read-only if true, - read-write otherwise (false or unspecified). - Defaults to false. type: boolean recursiveReadOnly: - description: "RecursiveReadOnly specifies - whether read-only mounts should be - handled recursively. \n If ReadOnly - is false, this field has no meaning - and must be unspecified. \n If ReadOnly - is true, and this field is set to - Disabled, the mount is not made recursively - read-only. If this field is set to - IfPossible, the mount is made recursively - read-only, if it is supported by the - container runtime. If this field - is set to Enabled, the mount is made - recursively read-only if it is supported - by the container runtime, otherwise - the pod will not be started and an - error will be generated to indicate - the reason. \n If this field is set - to IfPossible or Enabled, MountPropagation - must be set to None (or be unspecified, - which defaults to None). \n If this - field is not specified, it is treated - as an equivalent of Disabled." type: string subPath: - description: Path within the volume - from which the container's volume - should be mounted. Defaults to "" - (volume's root). type: string subPathExpr: - description: Expanded path within the - volume from which the container's - volume should be mounted. Behaves - similarly to SubPath but environment - variable references $(VAR_NAME) are - expanded using the container's environment. - Defaults to "" (volume's root). SubPathExpr - and SubPath are mutually exclusive. type: string required: - mountPath @@ -26455,318 +9204,109 @@ spec: type: object type: array volumes: - description: 'List of volumes that can be - mounted by containers belonging to the pod. - More info: https://kubernetes.io/docs/concepts/storage/volumes' items: - description: Volume represents a named volume - in a pod that may be accessed by any container - in the pod. properties: awsElasticBlockStore: - description: 'awsElasticBlockStore represents - an AWS Disk resource that is attached - to a kubelet''s host machine and then - exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' properties: fsType: - description: 'fsType is the filesystem - type of the volume that you want - to mount. Tip: Ensure that the - filesystem type is supported by - the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors - in the filesystem from compromising - the machine' type: string partition: - description: 'partition is the partition - in the volume that you want to - mount. If omitted, the default - is to mount by volume name. Examples: - For volume /dev/sda1, you specify - the partition as "1". Similarly, - the volume partition for /dev/sda - is "0" (or you can leave the property - empty).' format: int32 type: integer readOnly: - description: 'readOnly value true - will force the readOnly setting - in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: boolean volumeID: - description: 'volumeID is unique - ID of the persistent disk resource - in AWS (Amazon EBS volume). More - info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: string required: - volumeID type: object azureDisk: - description: azureDisk represents an - Azure Data Disk mount on the host - and bind mount to the pod. properties: cachingMode: - description: 'cachingMode is the - Host Caching mode: None, Read - Only, Read Write.' type: string diskName: - description: diskName is the Name - of the data disk in the blob storage type: string diskURI: - description: diskURI is the URI - of data disk in the blob storage type: string fsType: - description: fsType is Filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. type: string kind: - description: 'kind expected values - are Shared: multiple blob disks - per storage account Dedicated: - single blob disk per storage account Managed: - azure managed data disk (only - in managed availability set). - defaults to shared' type: string readOnly: - description: readOnly Defaults to - false (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. type: boolean required: - diskName - diskURI type: object azureFile: - description: azureFile represents an - Azure File Service mount on the host - and bind mount to the pod. properties: readOnly: - description: readOnly defaults to - false (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. type: boolean secretName: - description: secretName is the name - of secret that contains Azure - Storage Account Name and Key type: string shareName: - description: shareName is the azure - share Name type: string required: - secretName - shareName type: object cephfs: - description: cephFS represents a Ceph - FS mount on the host that shares a - pod's lifetime properties: monitors: - description: 'monitors is Required: - Monitors is a collection of Ceph - monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' items: type: string type: array x-kubernetes-list-type: atomic path: - description: 'path is Optional: - Used as the mounted root, rather - than the full Ceph tree, default - is /' type: string readOnly: - description: 'readOnly is Optional: - Defaults to false (read/write). - ReadOnly here will force the ReadOnly - setting in VolumeMounts. More - info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: boolean secretFile: - description: 'secretFile is Optional: - SecretFile is the path to key - ring for User, default is /etc/ceph/user.secret - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string secretRef: - description: 'secretRef is Optional: - SecretRef is reference to the - authentication secret for User, - default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' properties: name: default: "" - description: 'Name of the referent. - This field is effectively - required, but due to backwards - compatibility is allowed to - be empty. Instances of this - type with an empty value here - are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is optional: - User is the rados user name, default - is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string required: - monitors type: object cinder: - description: 'cinder represents a cinder - volume attached and mounted on kubelets - host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' properties: fsType: - description: 'fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to - be "ext4" if unspecified. More - info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string readOnly: - description: 'readOnly defaults - to false (read/write). ReadOnly - here will force the ReadOnly setting - in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: boolean secretRef: - description: 'secretRef is optional: - points to a secret object containing - parameters used to connect to - OpenStack.' properties: name: default: "" - description: 'Name of the referent. - This field is effectively - required, but due to backwards - compatibility is allowed to - be empty. Instances of this - type with an empty value here - are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic volumeID: - description: 'volumeID used to identify - the volume in cinder. More info: - https://examples.k8s.io/mysql-cinder-pd/README.md' type: string required: - volumeID type: object configMap: - description: configMap represents a - configMap that should populate this - volume properties: defaultMode: - description: 'defaultMode is optional: - mode bits used to set permissions - on created files by default. Must - be an octal value between 0000 - and 0777 or a decimal value between - 0 and 511. YAML accepts both octal - and decimal values, JSON requires - decimal values for mode bits. - Defaults to 0644. Directories - within the path are not affected - by this setting. This might be - in conflict with other options - that affect the file mode, like - fsGroup, and the result can be - other mode bits set.' format: int32 type: integer items: - description: items if unspecified, - each key-value pair in the Data - field of the referenced ConfigMap - will be projected into the volume - as a file whose name is the key - and content is the value. If specified, - the listed keys will be projected - into the specified paths, and - unlisted keys will not be present. - If a key is specified which is - not present in the ConfigMap, - the volume setup will error unless - it is marked optional. Paths must - be relative and may not contain - the '..' path or start with '..'. items: - description: Maps a string key - to a path within a volume. properties: key: - description: key is the key - to project. type: string mode: - description: 'mode is Optional: - mode bits used to set permissions - on this file. Must be an - octal value between 0000 - and 0777 or a decimal value - between 0 and 511. YAML - accepts both octal and decimal - values, JSON requires decimal - values for mode bits. If - not specified, the volume - defaultMode will be used. - This might be in conflict - with other options that - affect the file mode, like - fsGroup, and the result - can be other mode bits set.' format: int32 type: integer path: - description: path is the relative - path of the file to map - the key to. May not be an - absolute path. May not contain - the path element '..'. May - not start with the string - '..'. type: string required: - key @@ -26776,207 +9316,67 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional specify whether - the ConfigMap or its keys must - be defined type: boolean type: object x-kubernetes-map-type: atomic csi: - description: csi (Container Storage - Interface) represents ephemeral storage - that is handled by certain external - CSI drivers (Beta feature). properties: driver: - description: driver is the name - of the CSI driver that handles - this volume. Consult with your - admin for the correct name as - registered in the cluster. type: string fsType: - description: fsType to mount. Ex. - "ext4", "xfs", "ntfs". If not - provided, the empty value is passed - to the associated CSI driver which - will determine the default filesystem - to apply. type: string nodePublishSecretRef: - description: nodePublishSecretRef - is a reference to the secret object - containing sensitive information - to pass to the CSI driver to complete - the CSI NodePublishVolume and - NodeUnpublishVolume calls. This - field is optional, and may be - empty if no secret is required. - If the secret object contains - more than one secret, all secret - references are passed. properties: name: default: "" - description: 'Name of the referent. - This field is effectively - required, but due to backwards - compatibility is allowed to - be empty. Instances of this - type with an empty value here - are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic readOnly: - description: readOnly specifies - a read-only configuration for - the volume. Defaults to false - (read/write). type: boolean volumeAttributes: additionalProperties: type: string - description: volumeAttributes stores - driver-specific properties that - are passed to the CSI driver. - Consult your driver's documentation - for supported values. type: object required: - driver type: object downwardAPI: - description: downwardAPI represents - downward API about the pod that should - populate this volume properties: defaultMode: - description: 'Optional: mode bits - to use on created files by default. - Must be a Optional: mode bits - used to set permissions on created - files by default. Must be an octal - value between 0000 and 0777 or - a decimal value between 0 and - 511. YAML accepts both octal and - decimal values, JSON requires - decimal values for mode bits. - Defaults to 0644. Directories - within the path are not affected - by this setting. This might be - in conflict with other options - that affect the file mode, like - fsGroup, and the result can be - other mode bits set.' format: int32 type: integer items: - description: Items is a list of - downward API volume file items: - description: DownwardAPIVolumeFile - represents information to create - the file containing the pod - field properties: fieldRef: - description: 'Required: Selects - a field of the pod: only - annotations, labels, name, - namespace and uid are supported.' properties: apiVersion: - description: Version of - the schema the FieldPath - is written in terms - of, defaults to "v1". type: string fieldPath: - description: Path of the - field to select in the - specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: mode - bits used to set permissions - on this file, must be an - octal value between 0000 - and 0777 or a decimal value - between 0 and 511. YAML - accepts both octal and decimal - values, JSON requires decimal - values for mode bits. If - not specified, the volume - defaultMode will be used. - This might be in conflict - with other options that - affect the file mode, like - fsGroup, and the result - can be other mode bits set.' format: int32 type: integer path: - description: 'Required: Path - is the relative path name - of the file to be created. - Must not be absolute or - contain the ''..'' path. - Must be utf-8 encoded. The - first item of the relative - path must not start with - ''..''' type: string resourceFieldRef: - description: 'Selects a resource - of the container: only resources - limits and requests (limits.cpu, - limits.memory, requests.cpu - and requests.memory) are - currently supported.' properties: containerName: - description: 'Container - name: required for volumes, - optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies - the output format of - the exposed resources, - defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: - resource to select' type: string required: - resource @@ -26989,279 +9389,50 @@ spec: x-kubernetes-list-type: atomic type: object emptyDir: - description: 'emptyDir represents a - temporary directory that shares a - pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' properties: medium: - description: 'medium represents - what type of storage medium should - back this directory. The default - is "" which means to use the node''s - default medium. Must be an empty - string (default) or Memory. More - info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: anyOf: - type: integer - type: string - description: 'sizeLimit is the total - amount of local storage required - for this EmptyDir volume. The - size limit is also applicable - for memory medium. The maximum - usage on memory medium EmptyDir - would be the minimum value between - the SizeLimit specified here and - the sum of memory limits of all - containers in a pod. The default - is nil which means that the limit - is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object ephemeral: - description: "ephemeral represents a - volume that is handled by a cluster - storage driver. The volume's lifecycle - is tied to the pod that defines it - - it will be created before the pod - starts, and deleted when the pod is - removed. \n Use this if: a) the volume - is only needed while the pod runs, - b) features of normal volumes like - restoring from snapshot or capacity - tracking are needed, c) the storage - driver is specified through a storage - class, and d) the storage driver supports - dynamic volume provisioning through - a PersistentVolumeClaim (see EphemeralVolumeSource - for more information on the connection - between this volume type and PersistentVolumeClaim). - \n Use PersistentVolumeClaim or one - of the vendor-specific APIs for volumes - that persist for longer than the lifecycle - of an individual pod. \n Use CSI for - light-weight local ephemeral volumes - if the CSI driver is meant to be used - that way - see the documentation of - the driver for more information. \n - A pod can use both types of ephemeral - volumes and persistent volumes at - the same time." properties: volumeClaimTemplate: - description: "Will be used to create - a stand-alone PVC to provision - the volume. The pod in which this - EphemeralVolumeSource is embedded - will be the owner of the PVC, - i.e. the PVC will be deleted together - with the pod. The name of the - PVC will be `-` where `` is - the name from the `PodSpec.Volumes` - array entry. Pod validation will - reject the pod if the concatenated - name is not valid for a PVC (for - example, too long). \n An existing - PVC with that name that is not - owned by the pod will *not* be - used for the pod to avoid using - an unrelated volume by mistake. - Starting the pod is then blocked - until the unrelated PVC is removed. - If such a pre-created PVC is meant - to be used by the pod, the PVC - has to updated with an owner reference - to the pod once the pod exists. - Normally this should not be necessary, - but it may be useful when manually - reconstructing a broken cluster. - \n This field is read-only and - no changes will be made by Kubernetes - to the PVC after it has been created. - \n Required, must not be nil." properties: metadata: - description: May contain labels - and annotations that will - be copied into the PVC when - creating it. No other fields - are allowed and will be rejected - during validation. properties: annotations: additionalProperties: type: string - description: 'Annotations - is an unstructured key - value map stored with - a resource that may be - set by external tools - to store and retrieve - arbitrary metadata. They - are not queryable and - should be preserved when - modifying objects. More - info: http://kubernetes.io/docs/user-guide/annotations' type: object generateName: - description: "GenerateName - is an optional prefix, - used by the server, to - generate a unique name - ONLY IF the Name field - has not been provided. - If this field is used, - the name returned to the - client will be different - than the name passed. - This value will also be - combined with a unique - suffix. The provided value - has the same validation - rules as the Name field, - and may be truncated by - the length of the suffix - required to make the value - unique on the server. - \n If this field is specified - and the generated name - exists, the server will - NOT return a 409 - instead, - it will either return - 201 Created or 500 with - Reason ServerTimeout indicating - a unique name could not - be found in the time allotted, - and the client should - retry (optionally after - the time indicated in - the Retry-After header). - \n Applied only if Name - is not specified. More - info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" type: string labels: additionalProperties: type: string - description: 'Map of string - keys and values that can - be used to organize and - categorize (scope and - select) objects. May match - selectors of replication - controllers and services. - More info: http://kubernetes.io/docs/user-guide/labels' type: object name: - description: 'Name must - be unique within a namespace. - Is required when creating - resources, although some - resources may allow a - client to request the - generation of an appropriate - name automatically. Name - is primarily intended - for creation idempotence - and configuration definition. - Cannot be updated. More - info: http://kubernetes.io/docs/user-guide/identifiers#names' type: string namespace: - description: "Namespace - defines the space within - each name must be unique. - An empty namespace is - equivalent to the \"default\" - namespace, but \"default\" - is the canonical representation. - Not all objects are required - to be scoped to a namespace - - the value of this field - for those objects will - be empty. \n Must be a - DNS_LABEL. Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/namespaces" type: string ownerReferences: - description: List of objects - depended by this object. - If ALL objects in the - list have been deleted, - this object will be garbage - collected. If this object - is managed by a controller, - then an entry in this - list will point to this - controller, with the controller - field set to true. There - cannot be more than one - managing controller. items: - description: OwnerReference - contains enough information - to let you identify - an owning object. An - owning object must be - in the same namespace - as the dependent, or - be cluster-scoped, so - there is no namespace - field. properties: apiVersion: - description: API version - of the referent. type: string blockOwnerDeletion: - description: If true, - AND if the owner - has the "foregroundDeletion" - finalizer, then - the owner cannot - be deleted from - the key-value store - until this reference - is removed. See - https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion - for how the garbage - collector interacts - with this field - and enforces the - foreground deletion. - Defaults to false. - To set this field, - a user needs "delete" - permission of the - owner, otherwise - 422 (Unprocessable - Entity) will be - returned. type: boolean controller: - description: If true, - this reference points - to the managing - controller. type: boolean kind: - description: 'Kind - of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string name: - description: 'Name - of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: - description: 'UID - of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -27273,70 +9444,19 @@ spec: type: array type: object spec: - description: The specification - for the PersistentVolumeClaim. - The entire content is copied - unchanged into the PVC that - gets created from this template. - The same fields as in a PersistentVolumeClaim - are also valid here. properties: accessModes: - description: 'accessModes - contains the desired access - modes the volume should - have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array x-kubernetes-list-type: atomic dataSource: - description: 'dataSource - field can be used to specify - either: * An existing - VolumeSnapshot object - (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or - an external controller - can support the specified - data source, it will create - a new volume based on - the contents of the specified - data source. When the - AnyVolumeDataSource feature - gate is enabled, dataSource - contents will be copied - to dataSourceRef, and - dataSourceRef contents - will be copied to dataSource - when dataSourceRef.namespace - is not specified. If the - namespace is specified, - then dataSourceRef will - not be copied to dataSource.' properties: apiGroup: - description: APIGroup - is the group for the - resource being referenced. - If APIGroup is not - specified, the specified - Kind must be in the - core API group. For - any other third-party - types, APIGroup is - required. type: string kind: - description: Kind is - the type of resource - being referenced type: string name: - description: Name is - the name of resource - being referenced type: string required: - kind @@ -27344,125 +9464,20 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef - specifies the object from - which to populate the - volume with data, if a - non-empty volume is desired. - This may be any object - from a non-empty API group - (non core object) or a - PersistentVolumeClaim - object. When this field - is specified, volume binding - will only succeed if the - type of the specified - object matches some installed - volume populator or dynamic - provisioner. This field - will replace the functionality - of the dataSource field - and as such if both fields - are non-empty, they must - have the same value. For - backwards compatibility, - when namespace isn''t - specified in dataSourceRef, - both fields (dataSource - and dataSourceRef) will - be set to the same value - automatically if one of - them is empty and the - other is non-empty. When - namespace is specified - in dataSourceRef, dataSource - isn''t set to the same - value and must be empty. - There are three important - differences between dataSource - and dataSourceRef: * While - dataSource only allows - two specific types of - objects, dataSourceRef - allows any non-core object, - as well as PersistentVolumeClaim - objects. * While dataSource - ignores disallowed values - (dropping them), dataSourceRef - preserves all values, - and generates an error - if a disallowed value - is specified. * While - dataSource only allows - local objects, dataSourceRef - allows objects in any - namespaces. (Beta) Using - this field requires the - AnyVolumeDataSource feature - gate to be enabled. (Alpha) - Using the namespace field - of dataSourceRef requires - the CrossNamespaceVolumeDataSource - feature gate to be enabled.' properties: apiGroup: - description: APIGroup - is the group for the - resource being referenced. - If APIGroup is not - specified, the specified - Kind must be in the - core API group. For - any other third-party - types, APIGroup is - required. type: string kind: - description: Kind is - the type of resource - being referenced type: string name: - description: Name is - the name of resource - being referenced type: string namespace: - description: Namespace - is the namespace of - resource being referenced - Note that when a namespace - is specified, a gateway.networking.k8s.io/ReferenceGrant - object is required - in the referent namespace - to allow that namespace's - owner to accept the - reference. See the - ReferenceGrant documentation - for details. (Alpha) - This field requires - the CrossNamespaceVolumeDataSource - feature gate to be - enabled. type: string required: - kind - name type: object resources: - description: 'resources - represents the minimum - resources the volume should - have. If RecoverVolumeExpansionFailure - feature is enabled users - are allowed to specify - resource requirements - that are lower than previous - value but must still be - higher than capacity recorded - in the status field of - the claim. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: @@ -27471,11 +9486,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits - describes the maximum - amount of compute - resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -27484,75 +9494,18 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests - describes the minimum - amount of compute - resources required. - If Requests is omitted - for a container, it - defaults to Limits - if that is explicitly - specified, otherwise - to an implementation-defined - value. Requests cannot - exceed Limits. More - info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: - description: selector is - a label query over volumes - to consider for binding. properties: matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements are - ANDed. items: - description: A label - selector requirement - is a selector that - contains values, - a key, and an operator - that relates the - key and values. properties: key: - description: key - is the label - key that the - selector applies - to. type: string operator: - description: operator - represents a - key's relationship - to a set of - values. Valid - operators are - In, NotIn, Exists - and DoesNotExist. type: string values: - description: values - is an array - of string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or - DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic - merge patch. items: type: string type: array @@ -27566,79 +9519,16 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels - map is equivalent - to an element of matchExpressions, - whose key field is - "key", the operator - is "In", and the values - array contains only - "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName - is the name of the StorageClass - required by the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeAttributesClassName: - description: 'volumeAttributesClassName - may be used to set the - VolumeAttributesClass - used by this claim. If - specified, the CSI driver - will create or update - the volume with the attributes - defined in the corresponding - VolumeAttributesClass. - This has a different purpose - than storageClassName, - it can be changed after - the claim is created. - An empty string value - means that no VolumeAttributesClass - will be applied to the - claim but it''s not allowed - to reset this field to - empty string once it is - set. If unspecified and - the PersistentVolumeClaim - is unbound, the default - VolumeAttributesClass - will be set by the persistentvolume - controller if it exists. - If the resource referred - to by volumeAttributesClass - does not exist, this PersistentVolumeClaim - will be set to a Pending - state, as reflected by - the modifyVolumeStatus - field, until such as a - resource exists. More - info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field - requires the VolumeAttributesClass - feature gate to be enabled.' type: string volumeMode: - description: volumeMode - defines what type of volume - is required by the claim. - Value of Filesystem is - implied when not included - in claim spec. type: string volumeName: - description: volumeName - is the binding reference - to the PersistentVolume - backing this claim. type: string type: object required: @@ -27646,107 +9536,41 @@ spec: type: object type: object fc: - description: fc represents a Fibre Channel - resource that is attached to a kubelet's - host machine and then exposed to the - pod. properties: fsType: - description: 'fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. TODO: how do we - prevent errors in the filesystem - from compromising the machine' type: string lun: - description: 'lun is Optional: FC - target lun number' format: int32 type: integer readOnly: - description: 'readOnly is Optional: - Defaults to false (read/write). - ReadOnly here will force the ReadOnly - setting in VolumeMounts.' type: boolean targetWWNs: - description: 'targetWWNs is Optional: - FC target worldwide names (WWNs)' items: type: string type: array x-kubernetes-list-type: atomic wwids: - description: 'wwids Optional: FC - volume world wide identifiers - (wwids) Either wwids or combination - of targetWWNs and lun must be - set, but not both simultaneously.' items: type: string type: array x-kubernetes-list-type: atomic type: object flexVolume: - description: flexVolume represents a - generic volume resource that is provisioned/attached - using an exec based plugin. properties: driver: - description: driver is the name - of the driver to use for this - volume. type: string fsType: - description: fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - The default filesystem depends - on FlexVolume script. type: string options: additionalProperties: type: string - description: 'options is Optional: - this field holds extra command - options if any.' type: object readOnly: - description: 'readOnly is Optional: - defaults to false (read/write). - ReadOnly here will force the ReadOnly - setting in VolumeMounts.' type: boolean secretRef: - description: 'secretRef is Optional: - secretRef is reference to the - secret object containing sensitive - information to pass to the plugin - scripts. This may be empty if - no secret object is specified. - If the secret object contains - more than one secret, all secrets - are passed to the plugin scripts.' properties: name: default: "" - description: 'Name of the referent. - This field is effectively - required, but due to backwards - compatibility is allowed to - be empty. Instances of this - type with an empty value here - are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic @@ -27754,219 +9578,79 @@ spec: - driver type: object flocker: - description: flocker represents a Flocker - volume attached to a kubelet's host - machine. This depends on the Flocker - control service being running properties: datasetName: - description: datasetName is Name - of the dataset stored as metadata - -> name on the dataset for Flocker - should be considered as deprecated type: string datasetUUID: - description: datasetUUID is the - UUID of the dataset. This is unique - identifier of a Flocker dataset type: string type: object gcePersistentDisk: - description: 'gcePersistentDisk represents - a GCE Disk resource that is attached - to a kubelet''s host machine and then - exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' properties: fsType: - description: 'fsType is filesystem - type of the volume that you want - to mount. Tip: Ensure that the - filesystem type is supported by - the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors - in the filesystem from compromising - the machine' type: string partition: - description: 'partition is the partition - in the volume that you want to - mount. If omitted, the default - is to mount by volume name. Examples: - For volume /dev/sda1, you specify - the partition as "1". Similarly, - the volume partition for /dev/sda - is "0" (or you can leave the property - empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' format: int32 type: integer pdName: - description: 'pdName is unique name - of the PD resource in GCE. Used - to identify the disk in GCE. More - info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: string readOnly: - description: 'readOnly here will - force the ReadOnly setting in - VolumeMounts. Defaults to false. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: boolean required: - pdName type: object glusterfs: - description: 'glusterfs represents a - Glusterfs mount on the host that shares - a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' properties: endpoints: - description: 'endpoints is the endpoint - name that details Glusterfs topology. - More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string path: - description: 'path is the Glusterfs - volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string readOnly: - description: 'readOnly here will - force the Glusterfs volume to - be mounted with read-only permissions. - Defaults to false. More info: - https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: boolean required: - endpoints - path type: object hostPath: - description: 'hostPath represents a - pre-existing file or directory on - the host machine that is directly - exposed to the container. This is - generally used for system agents or - other privileged things that are allowed - to see the host machine. Most containers - will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict - who can use host directory mounts - and who can/can not mount host directories - as read/write.' properties: path: - description: 'path of the directory - on the host. If the path is a - symlink, it will follow the link - to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string type: - description: 'type for HostPath - Volume Defaults to "" More info: - https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string required: - path type: object iscsi: - description: 'iscsi represents an ISCSI - Disk resource that is attached to - a kubelet''s host machine and then - exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' properties: chapAuthDiscovery: - description: chapAuthDiscovery defines - whether support iSCSI Discovery - CHAP authentication type: boolean chapAuthSession: - description: chapAuthSession defines - whether support iSCSI Session - CHAP authentication type: boolean fsType: - description: 'fsType is the filesystem - type of the volume that you want - to mount. Tip: Ensure that the - filesystem type is supported by - the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors - in the filesystem from compromising - the machine' type: string initiatorName: - description: initiatorName is the - custom iSCSI Initiator Name. If - initiatorName is specified with - iscsiInterface simultaneously, - new iSCSI interface : will be created for the - connection. type: string iqn: - description: iqn is the target iSCSI - Qualified Name. type: string iscsiInterface: - description: iscsiInterface is the - interface Name that uses an iSCSI - transport. Defaults to 'default' - (tcp). type: string lun: - description: lun represents iSCSI - Target Lun number. format: int32 type: integer portals: - description: portals is the iSCSI - Target Portal List. The portal - is either an IP or ip_addr:port - if the port is other than default - (typically TCP ports 860 and 3260). items: type: string type: array x-kubernetes-list-type: atomic readOnly: - description: readOnly here will - force the ReadOnly setting in - VolumeMounts. Defaults to false. type: boolean secretRef: - description: secretRef is the CHAP - Secret for iSCSI target and initiator - authentication properties: name: default: "" - description: 'Name of the referent. - This field is effectively - required, but due to backwards - compatibility is allowed to - be empty. Instances of this - type with an empty value here - are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic targetPortal: - description: targetPortal is iSCSI - Target Portal. The Portal is either - an IP or ip_addr:port if the port - is other than default (typically - TCP ports 860 and 3260). type: string required: - iqn @@ -27974,226 +9658,68 @@ spec: - targetPortal type: object name: - description: 'name of the volume. Must - be a DNS_LABEL and unique within the - pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string nfs: - description: 'nfs represents an NFS - mount on the host that shares a pod''s - lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' properties: path: - description: 'path that is exported - by the NFS server. More info: - https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string readOnly: - description: 'readOnly here will - force the NFS export to be mounted - with read-only permissions. Defaults - to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: boolean server: - description: 'server is the hostname - or IP address of the NFS server. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string required: - path - server type: object persistentVolumeClaim: - description: 'persistentVolumeClaimVolumeSource - represents a reference to a PersistentVolumeClaim - in the same namespace. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: claimName: - description: 'claimName is the name - of a PersistentVolumeClaim in - the same namespace as the pod - using this volume. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' type: string readOnly: - description: readOnly Will force - the ReadOnly setting in VolumeMounts. - Default false. type: boolean required: - claimName type: object photonPersistentDisk: - description: photonPersistentDisk represents - a PhotonController persistent disk - attached and mounted on kubelets host - machine properties: fsType: - description: fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. type: string pdID: - description: pdID is the ID that - identifies Photon Controller persistent - disk type: string required: - pdID type: object portworxVolume: - description: portworxVolume represents - a portworx volume attached and mounted - on kubelets host machine properties: fsType: - description: fSType represents the - filesystem type to mount Must - be a filesystem type supported - by the host operating system. - Ex. "ext4", "xfs". Implicitly - inferred to be "ext4" if unspecified. type: string readOnly: - description: readOnly defaults to - false (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. type: boolean volumeID: - description: volumeID uniquely identifies - a Portworx volume type: string required: - volumeID type: object projected: - description: projected items for all - in one resources secrets, configmaps, - and downward API properties: defaultMode: - description: defaultMode are the - mode bits used to set permissions - on created files by default. Must - be an octal value between 0000 - and 0777 or a decimal value between - 0 and 511. YAML accepts both octal - and decimal values, JSON requires - decimal values for mode bits. - Directories within the path are - not affected by this setting. - This might be in conflict with - other options that affect the - file mode, like fsGroup, and the - result can be other mode bits - set. format: int32 type: integer sources: - description: sources is the list - of volume projections items: - description: Projection that may - be projected along with other - supported volume types properties: clusterTrustBundle: - description: "ClusterTrustBundle - allows a pod to access the - `.spec.trustBundle` field - of ClusterTrustBundle objects - in an auto-updating file. - \n Alpha, gated by the ClusterTrustBundleProjection - feature gate. \n ClusterTrustBundle - objects can either be selected - by name, or by the combination - of signer name and a label - selector. \n Kubelet performs - aggressive normalization - of the PEM contents written - into the pod filesystem. - \ Esoteric PEM features - such as inter-block comments - and block headers are stripped. - \ Certificates are deduplicated. - The ordering of certificates - within the file is arbitrary, - and Kubelet may change the - order over time." properties: labelSelector: - description: Select all - ClusterTrustBundles - that match this label - selector. Only has - effect if signerName - is set. Mutually-exclusive - with name. If unset, - interpreted as "match - nothing". If set but - empty, interpreted as - "match everything". properties: matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements - are ANDed. items: - description: A label - selector requirement - is a selector - that contains - values, a key, - and an operator - that relates the - key and values. properties: key: - description: key - is the label - key that the - selector applies - to. type: string operator: - description: operator - represents - a key's relationship - to a set of - values. Valid - operators - are In, NotIn, - Exists and - DoesNotExist. type: string values: - description: values - is an array - of string - values. If - the operator - is In or NotIn, - the values - array must - be non-empty. - If the operator - is Exists - or DoesNotExist, - the values - array must - be empty. - This array - is replaced - during a strategic - merge patch. items: type: string type: array @@ -28207,142 +9733,31 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single - {key,value} in the - matchLabels map - is equivalent to - an element of matchExpressions, - whose key field - is "key", the operator - is "In", and the - values array contains - only "value". The - requirements are - ANDed. type: object type: object x-kubernetes-map-type: atomic name: - description: Select a - single ClusterTrustBundle - by object name. Mutually-exclusive - with signerName and - labelSelector. type: string optional: - description: If true, - don't block pod startup - if the referenced ClusterTrustBundle(s) - aren't available. If - using name, then the - named ClusterTrustBundle - is allowed not to exist. If - using signerName, then - the combination of signerName - and labelSelector is - allowed to match zero - ClusterTrustBundles. type: boolean path: - description: Relative - path from the volume - root to write the bundle. type: string signerName: - description: Select all - ClusterTrustBundles - that match this signer - name. Mutually-exclusive - with name. The contents - of all selected ClusterTrustBundles - will be unified and - deduplicated. type: string required: - path type: object configMap: - description: configMap information - about the configMap data - to project properties: items: - description: items if - unspecified, each key-value - pair in the Data field - of the referenced ConfigMap - will be projected into - the volume as a file - whose name is the key - and content is the value. - If specified, the listed - keys will be projected - into the specified paths, - and unlisted keys will - not be present. If a - key is specified which - is not present in the - ConfigMap, the volume - setup will error unless - it is marked optional. - Paths must be relative - and may not contain - the '..' path or start - with '..'. items: - description: Maps a - string key to a path - within a volume. properties: key: - description: key - is the key to - project. type: string mode: - description: 'mode - is Optional: mode - bits used to set - permissions on - this file. Must - be an octal value - between 0000 and - 0777 or a decimal - value between - 0 and 511. YAML - accepts both octal - and decimal values, - JSON requires - decimal values - for mode bits. - If not specified, - the volume defaultMode - will be used. - This might be - in conflict with - other options - that affect the - file mode, like - fsGroup, and the - result can be - other mode bits - set.' format: int32 type: integer path: - description: path - is the relative - path of the file - to map the key - to. May not be - an absolute path. - May not contain - the path element - '..'. May not - start with the - string '..'. type: string required: - key @@ -28352,155 +9767,42 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of - the referent. This field - is effectively required, - but due to backwards - compatibility is allowed - to be empty. Instances - of this type with an - empty value here are - almost certainly wrong. - TODO: Add other useful - fields. apiVersion, - kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional - specify whether the - ConfigMap or its keys - must be defined type: boolean type: object x-kubernetes-map-type: atomic downwardAPI: - description: downwardAPI information - about the downwardAPI data - to project properties: items: - description: Items is - a list of DownwardAPIVolume - file items: - description: DownwardAPIVolumeFile - represents information - to create the file - containing the pod - field properties: fieldRef: - description: 'Required: - Selects a field - of the pod: only - annotations, labels, - name, namespace - and uid are supported.' properties: apiVersion: - description: Version - of the schema - the FieldPath - is written - in terms of, - defaults to - "v1". type: string fieldPath: - description: Path - of the field - to select - in the specified - API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: - mode bits used - to set permissions - on this file, - must be an octal - value between - 0000 and 0777 - or a decimal value - between 0 and - 511. YAML accepts - both octal and - decimal values, - JSON requires - decimal values - for mode bits. - If not specified, - the volume defaultMode - will be used. - This might be - in conflict with - other options - that affect the - file mode, like - fsGroup, and the - result can be - other mode bits - set.' format: int32 type: integer path: - description: 'Required: - Path is the relative - path name of the - file to be created. - Must not be absolute - or contain the - ''..'' path. Must - be utf-8 encoded. - The first item - of the relative - path must not - start with ''..''' type: string resourceFieldRef: - description: 'Selects - a resource of - the container: - only resources - limits and requests - (limits.cpu, limits.memory, - requests.cpu and - requests.memory) - are currently - supported.' properties: containerName: - description: 'Container - name: required - for volumes, - optional for - env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies - the output - format of - the exposed - resources, - defaults to - "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: - resource to - select' type: string required: - resource @@ -28513,85 +9815,16 @@ spec: x-kubernetes-list-type: atomic type: object secret: - description: secret information - about the secret data to - project properties: items: - description: items if - unspecified, each key-value - pair in the Data field - of the referenced Secret - will be projected into - the volume as a file - whose name is the key - and content is the value. - If specified, the listed - keys will be projected - into the specified paths, - and unlisted keys will - not be present. If a - key is specified which - is not present in the - Secret, the volume setup - will error unless it - is marked optional. - Paths must be relative - and may not contain - the '..' path or start - with '..'. items: - description: Maps a - string key to a path - within a volume. properties: key: - description: key - is the key to - project. type: string mode: - description: 'mode - is Optional: mode - bits used to set - permissions on - this file. Must - be an octal value - between 0000 and - 0777 or a decimal - value between - 0 and 511. YAML - accepts both octal - and decimal values, - JSON requires - decimal values - for mode bits. - If not specified, - the volume defaultMode - will be used. - This might be - in conflict with - other options - that affect the - file mode, like - fsGroup, and the - result can be - other mode bits - set.' format: int32 type: integer path: - description: path - is the relative - path of the file - to map the key - to. May not be - an absolute path. - May not contain - the path element - '..'. May not - start with the - string '..'. type: string required: - key @@ -28601,76 +9834,19 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of - the referent. This field - is effectively required, - but due to backwards - compatibility is allowed - to be empty. Instances - of this type with an - empty value here are - almost certainly wrong. - TODO: Add other useful - fields. apiVersion, - kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional - field specify whether - the Secret or its key - must be defined type: boolean type: object x-kubernetes-map-type: atomic serviceAccountToken: - description: serviceAccountToken - is information about the - serviceAccountToken data - to project properties: audience: - description: audience - is the intended audience - of the token. A recipient - of a token must identify - itself with an identifier - specified in the audience - of the token, and otherwise - should reject the token. - The audience defaults - to the identifier of - the apiserver. type: string expirationSeconds: - description: expirationSeconds - is the requested duration - of validity of the service - account token. As the - token approaches expiration, - the kubelet volume plugin - will proactively rotate - the service account - token. The kubelet will - start trying to rotate - the token if the token - is older than 80 percent - of its time to live - or if the token is older - than 24 hours.Defaults - to 1 hour and must be - at least 10 minutes. format: int64 type: integer path: - description: path is the - path relative to the - mount point of the file - to project the token - into. type: string required: - path @@ -28680,209 +9856,79 @@ spec: x-kubernetes-list-type: atomic type: object quobyte: - description: quobyte represents a Quobyte - mount on the host that shares a pod's - lifetime properties: group: - description: group to map volume - access to Default is no group type: string readOnly: - description: readOnly here will - force the Quobyte volume to be - mounted with read-only permissions. - Defaults to false. type: boolean registry: - description: registry represents - a single or multiple Quobyte Registry - services specified as a string - as host:port pair (multiple entries - are separated with commas) which - acts as the central registry for - volumes type: string tenant: - description: tenant owning the given - Quobyte volume in the Backend - Used with dynamically provisioned - Quobyte volumes, value is set - by the plugin type: string user: - description: user to map volume - access to Defaults to serivceaccount - user type: string volume: - description: volume is a string - that references an already created - Quobyte volume by name. type: string required: - registry - volume type: object rbd: - description: 'rbd represents a Rados - Block Device mount on the host that - shares a pod''s lifetime. More info: - https://examples.k8s.io/volumes/rbd/README.md' properties: fsType: - description: 'fsType is the filesystem - type of the volume that you want - to mount. Tip: Ensure that the - filesystem type is supported by - the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors - in the filesystem from compromising - the machine' type: string image: - description: 'image is the rados - image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string keyring: - description: 'keyring is the path - to key ring for RBDUser. Default - is /etc/ceph/keyring. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string monitors: - description: 'monitors is a collection - of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' items: type: string type: array x-kubernetes-list-type: atomic pool: - description: 'pool is the rados - pool name. Default is rbd. More - info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string readOnly: - description: 'readOnly here will - force the ReadOnly setting in - VolumeMounts. Defaults to false. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: boolean secretRef: - description: 'secretRef is name - of the authentication secret for - RBDUser. If provided overrides - keyring. Default is nil. More - info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' properties: name: default: "" - description: 'Name of the referent. - This field is effectively - required, but due to backwards - compatibility is allowed to - be empty. Instances of this - type with an empty value here - are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is the rados - user name. Default is admin. More - info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string required: - image - monitors type: object scaleIO: - description: scaleIO represents a ScaleIO - persistent volume attached and mounted - on Kubernetes nodes. properties: fsType: - description: fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Default is "xfs". type: string gateway: - description: gateway is the host - address of the ScaleIO API Gateway. type: string protectionDomain: - description: protectionDomain is - the name of the ScaleIO Protection - Domain for the configured storage. type: string readOnly: - description: readOnly Defaults to - false (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. type: boolean secretRef: - description: secretRef references - to the secret for ScaleIO user - and other sensitive information. - If this is not provided, Login - operation will fail. properties: name: default: "" - description: 'Name of the referent. - This field is effectively - required, but due to backwards - compatibility is allowed to - be empty. Instances of this - type with an empty value here - are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic sslEnabled: - description: sslEnabled Flag enable/disable - SSL communication with Gateway, - default false type: boolean storageMode: - description: storageMode indicates - whether the storage for a volume - should be ThickProvisioned or - ThinProvisioned. Default is ThinProvisioned. type: string storagePool: - description: storagePool is the - ScaleIO Storage Pool associated - with the protection domain. type: string system: - description: system is the name - of the storage system as configured - in ScaleIO. type: string volumeName: - description: volumeName is the name - of a volume already created in - the ScaleIO system that is associated - with this volume source. type: string required: - gateway @@ -28890,79 +9936,19 @@ spec: - system type: object secret: - description: 'secret represents a secret - that should populate this volume. - More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' properties: defaultMode: - description: 'defaultMode is Optional: - mode bits used to set permissions - on created files by default. Must - be an octal value between 0000 - and 0777 or a decimal value between - 0 and 511. YAML accepts both octal - and decimal values, JSON requires - decimal values for mode bits. - Defaults to 0644. Directories - within the path are not affected - by this setting. This might be - in conflict with other options - that affect the file mode, like - fsGroup, and the result can be - other mode bits set.' format: int32 type: integer items: - description: items If unspecified, - each key-value pair in the Data - field of the referenced Secret - will be projected into the volume - as a file whose name is the key - and content is the value. If specified, - the listed keys will be projected - into the specified paths, and - unlisted keys will not be present. - If a key is specified which is - not present in the Secret, the - volume setup will error unless - it is marked optional. Paths must - be relative and may not contain - the '..' path or start with '..'. items: - description: Maps a string key - to a path within a volume. properties: key: - description: key is the key - to project. type: string mode: - description: 'mode is Optional: - mode bits used to set permissions - on this file. Must be an - octal value between 0000 - and 0777 or a decimal value - between 0 and 511. YAML - accepts both octal and decimal - values, JSON requires decimal - values for mode bits. If - not specified, the volume - defaultMode will be used. - This might be in conflict - with other options that - affect the file mode, like - fsGroup, and the result - can be other mode bits set.' format: int32 type: integer path: - description: path is the relative - path of the file to map - the key to. May not be an - absolute path. May not contain - the path element '..'. May - not start with the string - '..'. type: string required: - key @@ -28971,111 +9957,37 @@ spec: type: array x-kubernetes-list-type: atomic optional: - description: optional field specify - whether the Secret or its keys - must be defined type: boolean secretName: - description: 'secretName is the - name of the secret in the pod''s - namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' type: string type: object storageos: - description: storageOS represents a - StorageOS volume attached and mounted - on Kubernetes nodes. properties: fsType: - description: fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. type: string readOnly: - description: readOnly defaults to - false (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. type: boolean secretRef: - description: secretRef specifies - the secret to use for obtaining - the StorageOS API credentials. If - not specified, default values - will be attempted. properties: name: default: "" - description: 'Name of the referent. - This field is effectively - required, but due to backwards - compatibility is allowed to - be empty. Instances of this - type with an empty value here - are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic volumeName: - description: volumeName is the human-readable - name of the StorageOS volume. Volume - names are only unique within a - namespace. type: string volumeNamespace: - description: volumeNamespace specifies - the scope of the volume within - StorageOS. If no namespace is - specified then the Pod's namespace - will be used. This allows the - Kubernetes name scoping to be - mirrored within StorageOS for - tighter integration. Set VolumeName - to any name to override the default - behaviour. Set to "default" if - you are not using namespaces within - StorageOS. Namespaces that do - not pre-exist within StorageOS - will be created. type: string type: object vsphereVolume: - description: vsphereVolume represents - a vSphere volume attached and mounted - on kubelets host machine properties: fsType: - description: fsType is filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. type: string storagePolicyID: - description: storagePolicyID is - the storage Policy Based Management - (SPBM) profile ID associated with - the StoragePolicyName. type: string storagePolicyName: - description: storagePolicyName is - the storage Policy Based Management - (SPBM) profile name. type: string volumePath: - description: volumePath is the path - that identifies vSphere volume - vmdk type: string required: - volumePath @@ -29087,353 +9999,118 @@ spec: type: object type: object name: - description: Name specifies the name of the addon - that will be used for the backup/restore purpose type: string tasks: - description: Tasks specifies a list of backup/restore - tasks and their configuration parameters items: - description: TaskReference specifies a task and - its configuration parameters properties: addonVolumes: - description: AddonVolumes lets you overwrite - the volume sources used in the VolumeTemplate - section of Addon. Make sure that name of your - volume matches with the name of the volume - you want to overwrite. items: - description: AddonVolumeInfo specifies the - name and the source of volume properties: name: - description: Name specifies the name of - the volume type: string source: - description: Source specifies the source - of this volume. properties: awsElasticBlockStore: - description: 'awsElasticBlockStore - represents an AWS Disk resource - that is attached to a kubelet''s - host machine and then exposed to - the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' properties: fsType: - description: 'fsType is the filesystem - type of the volume that you - want to mount. Tip: Ensure that - the filesystem type is supported - by the host operating system. - Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors - in the filesystem from compromising - the machine' type: string partition: - description: 'partition is the - partition in the volume that - you want to mount. If omitted, - the default is to mount by volume - name. Examples: For volume /dev/sda1, - you specify the partition as - "1". Similarly, the volume partition - for /dev/sda is "0" (or you - can leave the property empty).' format: int32 type: integer readOnly: - description: 'readOnly value true - will force the readOnly setting - in VolumeMounts. More info: - https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: boolean volumeID: - description: 'volumeID is unique - ID of the persistent disk resource - in AWS (Amazon EBS volume). - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: string required: - volumeID type: object azureDisk: - description: azureDisk represents - an Azure Data Disk mount on the - host and bind mount to the pod. properties: cachingMode: - description: 'cachingMode is the - Host Caching mode: None, Read - Only, Read Write.' type: string diskName: - description: diskName is the Name - of the data disk in the blob - storage type: string diskURI: - description: diskURI is the URI - of data disk in the blob storage type: string fsType: - description: fsType is Filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. type: string kind: - description: 'kind expected values - are Shared: multiple blob disks - per storage account Dedicated: - single blob disk per storage - account Managed: azure managed - data disk (only in managed availability - set). defaults to shared' type: string readOnly: - description: readOnly Defaults - to false (read/write). ReadOnly - here will force the ReadOnly - setting in VolumeMounts. type: boolean required: - diskName - diskURI type: object azureFile: - description: azureFile represents - an Azure File Service mount on the - host and bind mount to the pod. properties: readOnly: - description: readOnly defaults - to false (read/write). ReadOnly - here will force the ReadOnly - setting in VolumeMounts. type: boolean secretName: - description: secretName is the name - of secret that contains Azure - Storage Account Name and Key type: string shareName: - description: shareName is the - azure share Name type: string required: - secretName - shareName type: object cephfs: - description: cephFS represents a Ceph - FS mount on the host that shares - a pod's lifetime properties: monitors: - description: 'monitors is Required: - Monitors is a collection of - Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' items: type: string type: array x-kubernetes-list-type: atomic path: - description: 'path is Optional: - Used as the mounted root, rather - than the full Ceph tree, default - is /' type: string readOnly: - description: 'readOnly is Optional: - Defaults to false (read/write). - ReadOnly here will force the - ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: boolean secretFile: - description: 'secretFile is Optional: - SecretFile is the path to key - ring for User, default is /etc/ceph/user.secret - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string secretRef: - description: 'secretRef is Optional: - SecretRef is reference to the - authentication secret for User, - default is empty. More info: - https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' properties: name: default: "" - description: 'Name of the - referent. This field is - effectively required, but - due to backwards compatibility - is allowed to be empty. - Instances of this type with - an empty value here are - almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is optional: - User is the rados user name, - default is admin More info: - https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string required: - monitors type: object cinder: - description: 'cinder represents a - cinder volume attached and mounted - on kubelets host machine. More info: - https://examples.k8s.io/mysql-cinder-pd/README.md' properties: fsType: - description: 'fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred - to be "ext4" if unspecified. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string readOnly: - description: 'readOnly defaults - to false (read/write). ReadOnly - here will force the ReadOnly - setting in VolumeMounts. More - info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: boolean secretRef: - description: 'secretRef is optional: - points to a secret object containing - parameters used to connect to - OpenStack.' properties: name: default: "" - description: 'Name of the - referent. This field is - effectively required, but - due to backwards compatibility - is allowed to be empty. - Instances of this type with - an empty value here are - almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic volumeID: - description: 'volumeID used to - identify the volume in cinder. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string required: - volumeID type: object configMap: - description: configMap represents - a configMap that should populate - this volume properties: defaultMode: - description: 'defaultMode is optional: - mode bits used to set permissions - on created files by default. - Must be an octal value between - 0000 and 0777 or a decimal value - between 0 and 511. YAML accepts - both octal and decimal values, - JSON requires decimal values - for mode bits. Defaults to 0644. - Directories within the path - are not affected by this setting. - This might be in conflict with - other options that affect the - file mode, like fsGroup, and - the result can be other mode - bits set.' format: int32 type: integer items: - description: items if unspecified, - each key-value pair in the Data - field of the referenced ConfigMap - will be projected into the volume - as a file whose name is the - key and content is the value. - If specified, the listed keys - will be projected into the specified - paths, and unlisted keys will - not be present. If a key is - specified which is not present - in the ConfigMap, the volume - setup will error unless it is - marked optional. Paths must - be relative and may not contain - the '..' path or start with - '..'. items: - description: Maps a string key - to a path within a volume. properties: key: - description: key is the - key to project. type: string mode: - description: 'mode is Optional: - mode bits used to set - permissions on this file. - Must be an octal value - between 0000 and 0777 - or a decimal value between - 0 and 511. YAML accepts - both octal and decimal - values, JSON requires - decimal values for mode - bits. If not specified, - the volume defaultMode - will be used. This might - be in conflict with other - options that affect the - file mode, like fsGroup, - and the result can be - other mode bits set.' format: int32 type: integer path: - description: path is the - relative path of the file - to map the key to. May - not be an absolute path. - May not contain the path - element '..'. May not - start with the string - '..'. type: string required: - key @@ -29443,217 +10120,67 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional specify - whether the ConfigMap or its - keys must be defined type: boolean type: object x-kubernetes-map-type: atomic csi: - description: csi (Container Storage - Interface) represents ephemeral - storage that is handled by certain - external CSI drivers (Beta feature). properties: driver: - description: driver is the name - of the CSI driver that handles - this volume. Consult with your - admin for the correct name as - registered in the cluster. type: string fsType: - description: fsType to mount. - Ex. "ext4", "xfs", "ntfs". If - not provided, the empty value - is passed to the associated - CSI driver which will determine - the default filesystem to apply. type: string nodePublishSecretRef: - description: nodePublishSecretRef - is a reference to the secret - object containing sensitive - information to pass to the CSI - driver to complete the CSI NodePublishVolume - and NodeUnpublishVolume calls. - This field is optional, and may - be empty if no secret is required. - If the secret object contains - more than one secret, all secret - references are passed. properties: name: default: "" - description: 'Name of the - referent. This field is - effectively required, but - due to backwards compatibility - is allowed to be empty. - Instances of this type with - an empty value here are - almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic readOnly: - description: readOnly specifies - a read-only configuration for - the volume. Defaults to false - (read/write). type: boolean volumeAttributes: additionalProperties: type: string - description: volumeAttributes - stores driver-specific properties - that are passed to the CSI driver. - Consult your driver's documentation - for supported values. type: object required: - driver type: object downwardAPI: - description: downwardAPI represents - downward API about the pod that - should populate this volume properties: defaultMode: - description: 'Optional: mode bits - to use on created files by default. - Must be a Optional: mode bits - used to set permissions on created - files by default. Must be an - octal value between 0000 and - 0777 or a decimal value between - 0 and 511. YAML accepts both - octal and decimal values, JSON - requires decimal values for - mode bits. Defaults to 0644. - Directories within the path - are not affected by this setting. - This might be in conflict with - other options that affect the - file mode, like fsGroup, and - the result can be other mode - bits set.' format: int32 type: integer items: - description: Items is a list of - downward API volume file items: - description: DownwardAPIVolumeFile - represents information to - create the file containing - the pod field properties: fieldRef: - description: 'Required: - Selects a field of the - pod: only annotations, - labels, name, namespace - and uid are supported.' properties: apiVersion: - description: Version - of the schema the - FieldPath is written - in terms of, defaults - to "v1". type: string fieldPath: - description: Path of - the field to select - in the specified API - version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: - mode bits used to set - permissions on this file, - must be an octal value - between 0000 and 0777 - or a decimal value between - 0 and 511. YAML accepts - both octal and decimal - values, JSON requires - decimal values for mode - bits. If not specified, - the volume defaultMode - will be used. This might - be in conflict with other - options that affect the - file mode, like fsGroup, - and the result can be - other mode bits set.' format: int32 type: integer path: - description: 'Required: - Path is the relative - path name of the file - to be created. Must not - be absolute or contain - the ''..'' path. Must - be utf-8 encoded. The - first item of the relative - path must not start with - ''..''' type: string resourceFieldRef: - description: 'Selects a - resource of the container: - only resources limits - and requests (limits.cpu, - limits.memory, requests.cpu - and requests.memory) are - currently supported.' properties: containerName: - description: 'Container - name: required for - volumes, optional - for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies - the output format - of the exposed resources, - defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: - resource to select' type: string required: - resource @@ -29666,294 +10193,50 @@ spec: x-kubernetes-list-type: atomic type: object emptyDir: - description: 'emptyDir represents - a temporary directory that shares - a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' properties: medium: - description: 'medium represents - what type of storage medium - should back this directory. - The default is "" which means - to use the node''s default medium. - Must be an empty string (default) - or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: anyOf: - type: integer - type: string - description: 'sizeLimit is the - total amount of local storage - required for this EmptyDir volume. - The size limit is also applicable - for memory medium. The maximum - usage on memory medium EmptyDir - would be the minimum value between - the SizeLimit specified here - and the sum of memory limits - of all containers in a pod. - The default is nil which means - that the limit is undefined. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object ephemeral: - description: "ephemeral represents - a volume that is handled by a cluster - storage driver. The volume's lifecycle - is tied to the pod that defines - it - it will be created before the - pod starts, and deleted when the - pod is removed. \n Use this if: - a) the volume is only needed while - the pod runs, b) features of normal - volumes like restoring from snapshot - or capacity tracking are needed, - c) the storage driver is specified - through a storage class, and d) - the storage driver supports dynamic - volume provisioning through a PersistentVolumeClaim - (see EphemeralVolumeSource for more - information on the connection between - this volume type and PersistentVolumeClaim). - \n Use PersistentVolumeClaim or - one of the vendor-specific APIs - for volumes that persist for longer - than the lifecycle of an individual - pod. \n Use CSI for light-weight - local ephemeral volumes if the CSI - driver is meant to be used that - way - see the documentation of the - driver for more information. \n - A pod can use both types of ephemeral - volumes and persistent volumes at - the same time." properties: volumeClaimTemplate: - description: "Will be used to - create a stand-alone PVC to - provision the volume. The pod - in which this EphemeralVolumeSource - is embedded will be the owner - of the PVC, i.e. the PVC will - be deleted together with the - pod. The name of the PVC will - be `-` - where `` is the - name from the `PodSpec.Volumes` - array entry. Pod validation - will reject the pod if the concatenated - name is not valid for a PVC - (for example, too long). \n - An existing PVC with that name - that is not owned by the pod - will *not* be used for the pod - to avoid using an unrelated - volume by mistake. Starting - the pod is then blocked until - the unrelated PVC is removed. - If such a pre-created PVC is - meant to be used by the pod, - the PVC has to updated with - an owner reference to the pod - once the pod exists. Normally - this should not be necessary, - but it may be useful when manually - reconstructing a broken cluster. - \n This field is read-only and - no changes will be made by Kubernetes - to the PVC after it has been - created. \n Required, must not - be nil." properties: metadata: - description: May contain labels - and annotations that will - be copied into the PVC when - creating it. No other fields - are allowed and will be - rejected during validation. properties: annotations: additionalProperties: type: string - description: 'Annotations - is an unstructured key - value map stored with - a resource that may - be set by external tools - to store and retrieve - arbitrary metadata. - They are not queryable - and should be preserved - when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations' type: object generateName: - description: "GenerateName - is an optional prefix, - used by the server, - to generate a unique - name ONLY IF the Name - field has not been provided. - If this field is used, - the name returned to - the client will be different - than the name passed. - This value will also - be combined with a unique - suffix. The provided - value has the same validation - rules as the Name field, - and may be truncated - by the length of the - suffix required to make - the value unique on - the server. \n If this - field is specified and - the generated name exists, - the server will NOT - return a 409 - instead, - it will either return - 201 Created or 500 with - Reason ServerTimeout - indicating a unique - name could not be found - in the time allotted, - and the client should - retry (optionally after - the time indicated in - the Retry-After header). - \n Applied only if Name - is not specified. More - info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" type: string labels: additionalProperties: type: string - description: 'Map of string - keys and values that - can be used to organize - and categorize (scope - and select) objects. - May match selectors - of replication controllers - and services. More info: - http://kubernetes.io/docs/user-guide/labels' type: object name: - description: 'Name must - be unique within a namespace. - Is required when creating - resources, although - some resources may allow - a client to request - the generation of an - appropriate name automatically. - Name is primarily intended - for creation idempotence - and configuration definition. - Cannot be updated. More - info: http://kubernetes.io/docs/user-guide/identifiers#names' type: string namespace: - description: "Namespace - defines the space within - each name must be unique. - An empty namespace is - equivalent to the \"default\" - namespace, but \"default\" - is the canonical representation. - Not all objects are - required to be scoped - to a namespace - the - value of this field - for those objects will - be empty. \n Must be - a DNS_LABEL. Cannot - be updated. More info: - http://kubernetes.io/docs/user-guide/namespaces" type: string ownerReferences: - description: List of objects - depended by this object. - If ALL objects in the - list have been deleted, - this object will be - garbage collected. If - this object is managed - by a controller, then - an entry in this list - will point to this controller, - with the controller - field set to true. There - cannot be more than - one managing controller. items: - description: OwnerReference - contains enough information - to let you identify - an owning object. - An owning object must - be in the same namespace - as the dependent, - or be cluster-scoped, - so there is no namespace - field. properties: apiVersion: - description: API - version of the - referent. type: string blockOwnerDeletion: - description: If - true, AND if the - owner has the - "foregroundDeletion" - finalizer, then - the owner cannot - be deleted from - the key-value - store until this - reference is removed. - See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion - for how the garbage - collector interacts - with this field - and enforces the - foreground deletion. - Defaults to false. - To set this field, - a user needs "delete" - permission of - the owner, otherwise - 422 (Unprocessable - Entity) will be - returned. type: boolean controller: - description: If - true, this reference - points to the - managing controller. type: boolean kind: - description: 'Kind - of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string name: - description: 'Name - of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: - description: 'UID - of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -29965,73 +10248,19 @@ spec: type: array type: object spec: - description: The specification - for the PersistentVolumeClaim. - The entire content is copied - unchanged into the PVC that - gets created from this template. - The same fields as in a - PersistentVolumeClaim are - also valid here. properties: accessModes: - description: 'accessModes - contains the desired - access modes the volume - should have. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array x-kubernetes-list-type: atomic dataSource: - description: 'dataSource - field can be used to - specify either: * An - existing VolumeSnapshot - object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or - an external controller - can support the specified - data source, it will - create a new volume - based on the contents - of the specified data - source. When the AnyVolumeDataSource - feature gate is enabled, - dataSource contents - will be copied to dataSourceRef, - and dataSourceRef contents - will be copied to dataSource - when dataSourceRef.namespace - is not specified. If - the namespace is specified, - then dataSourceRef will - not be copied to dataSource.' properties: apiGroup: - description: APIGroup - is the group for - the resource being - referenced. If APIGroup - is not specified, - the specified Kind - must be in the core - API group. For any - other third-party - types, APIGroup - is required. type: string kind: - description: Kind - is the type of resource - being referenced type: string name: - description: Name - is the name of resource - being referenced type: string required: - kind @@ -30039,134 +10268,20 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef - specifies the object - from which to populate - the volume with data, - if a non-empty volume - is desired. This may - be any object from a - non-empty API group - (non core object) or - a PersistentVolumeClaim - object. When this field - is specified, volume - binding will only succeed - if the type of the specified - object matches some - installed volume populator - or dynamic provisioner. - This field will replace - the functionality of - the dataSource field - and as such if both - fields are non-empty, - they must have the same - value. For backwards - compatibility, when - namespace isn''t specified - in dataSourceRef, both - fields (dataSource and - dataSourceRef) will - be set to the same value - automatically if one - of them is empty and - the other is non-empty. - When namespace is specified - in dataSourceRef, dataSource - isn''t set to the same - value and must be empty. - There are three important - differences between - dataSource and dataSourceRef: - * While dataSource only - allows two specific - types of objects, dataSourceRef - allows any non-core - object, as well as PersistentVolumeClaim - objects. * While dataSource - ignores disallowed values - (dropping them), dataSourceRef - preserves all values, - and generates an error - if a disallowed value - is specified. * While - dataSource only allows - local objects, dataSourceRef - allows objects in any - namespaces. (Beta) Using - this field requires - the AnyVolumeDataSource - feature gate to be enabled. - (Alpha) Using the namespace - field of dataSourceRef - requires the CrossNamespaceVolumeDataSource - feature gate to be enabled.' properties: apiGroup: - description: APIGroup - is the group for - the resource being - referenced. If APIGroup - is not specified, - the specified Kind - must be in the core - API group. For any - other third-party - types, APIGroup - is required. type: string kind: - description: Kind - is the type of resource - being referenced type: string name: - description: Name - is the name of resource - being referenced type: string namespace: - description: Namespace - is the namespace - of resource being - referenced Note - that when a namespace - is specified, a - gateway.networking.k8s.io/ReferenceGrant - object is required - in the referent - namespace to allow - that namespace's - owner to accept - the reference. See - the ReferenceGrant - documentation for - details. (Alpha) - This field requires - the CrossNamespaceVolumeDataSource - feature gate to - be enabled. type: string required: - kind - name type: object resources: - description: 'resources - represents the minimum - resources the volume - should have. If RecoverVolumeExpansionFailure - feature is enabled users - are allowed to specify - resource requirements - that are lower than - previous value but must - still be higher than - capacity recorded in - the status field of - the claim. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: @@ -30175,11 +10290,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits - describes the maximum - amount of compute - resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -30188,81 +10298,18 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests - describes the minimum - amount of compute - resources required. - If Requests is omitted - for a container, - it defaults to Limits - if that is explicitly - specified, otherwise - to an implementation-defined - value. Requests - cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: - description: selector - is a label query over - volumes to consider - for binding. properties: matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements - are ANDed. items: - description: A label - selector requirement - is a selector - that contains - values, a key, - and an operator - that relates the - key and values. properties: key: - description: key - is the label - key that the - selector applies - to. type: string operator: - description: operator - represents - a key's relationship - to a set of - values. Valid - operators - are In, NotIn, - Exists and - DoesNotExist. type: string values: - description: values - is an array - of string - values. If - the operator - is In or NotIn, - the values - array must - be non-empty. - If the operator - is Exists - or DoesNotExist, - the values - array must - be empty. - This array - is replaced - during a strategic - merge patch. items: type: string type: array @@ -30276,84 +10323,16 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single - {key,value} in the - matchLabels map - is equivalent to - an element of matchExpressions, - whose key field - is "key", the operator - is "In", and the - values array contains - only "value". The - requirements are - ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName - is the name of the StorageClass - required by the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeAttributesClassName: - description: 'volumeAttributesClassName - may be used to set the - VolumeAttributesClass - used by this claim. - If specified, the CSI - driver will create or - update the volume with - the attributes defined - in the corresponding - VolumeAttributesClass. - This has a different - purpose than storageClassName, - it can be changed after - the claim is created. - An empty string value - means that no VolumeAttributesClass - will be applied to the - claim but it''s not - allowed to reset this - field to empty string - once it is set. If unspecified - and the PersistentVolumeClaim - is unbound, the default - VolumeAttributesClass - will be set by the persistentvolume - controller if it exists. - If the resource referred - to by volumeAttributesClass - does not exist, this - PersistentVolumeClaim - will be set to a Pending - state, as reflected - by the modifyVolumeStatus - field, until such as - a resource exists. More - info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field - requires the VolumeAttributesClass - feature gate to be enabled.' type: string volumeMode: - description: volumeMode - defines what type of - volume is required by - the claim. Value of - Filesystem is implied - when not included in - claim spec. type: string volumeName: - description: volumeName - is the binding reference - to the PersistentVolume - backing this claim. type: string type: object required: @@ -30361,109 +10340,41 @@ spec: type: object type: object fc: - description: fc represents a Fibre - Channel resource that is attached - to a kubelet's host machine and - then exposed to the pod. properties: fsType: - description: 'fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. TODO: how do - we prevent errors in the filesystem - from compromising the machine' type: string lun: - description: 'lun is Optional: - FC target lun number' format: int32 type: integer readOnly: - description: 'readOnly is Optional: - Defaults to false (read/write). - ReadOnly here will force the - ReadOnly setting in VolumeMounts.' type: boolean targetWWNs: - description: 'targetWWNs is Optional: - FC target worldwide names (WWNs)' items: type: string type: array x-kubernetes-list-type: atomic wwids: - description: 'wwids Optional: - FC volume world wide identifiers - (wwids) Either wwids or combination - of targetWWNs and lun must be - set, but not both simultaneously.' items: type: string type: array x-kubernetes-list-type: atomic type: object flexVolume: - description: flexVolume represents - a generic volume resource that is - provisioned/attached using an exec - based plugin. properties: driver: - description: driver is the name - of the driver to use for this - volume. type: string fsType: - description: fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - The default filesystem depends - on FlexVolume script. type: string options: additionalProperties: type: string - description: 'options is Optional: - this field holds extra command - options if any.' type: object readOnly: - description: 'readOnly is Optional: - defaults to false (read/write). - ReadOnly here will force the - ReadOnly setting in VolumeMounts.' type: boolean secretRef: - description: 'secretRef is Optional: - secretRef is reference to the - secret object containing sensitive - information to pass to the plugin - scripts. This may be empty if - no secret object is specified. - If the secret object contains - more than one secret, all secrets - are passed to the plugin scripts.' properties: name: default: "" - description: 'Name of the - referent. This field is - effectively required, but - due to backwards compatibility - is allowed to be empty. - Instances of this type with - an empty value here are - almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic @@ -30471,229 +10382,79 @@ spec: - driver type: object flocker: - description: flocker represents a - Flocker volume attached to a kubelet's - host machine. This depends on the - Flocker control service being running properties: datasetName: - description: datasetName is Name - of the dataset stored as metadata - -> name on the dataset for Flocker - should be considered as deprecated type: string datasetUUID: - description: datasetUUID is the - UUID of the dataset. This is - unique identifier of a Flocker - dataset type: string type: object gcePersistentDisk: - description: 'gcePersistentDisk represents - a GCE Disk resource that is attached - to a kubelet''s host machine and - then exposed to the pod. More info: - https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' properties: fsType: - description: 'fsType is filesystem - type of the volume that you - want to mount. Tip: Ensure that - the filesystem type is supported - by the host operating system. - Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors - in the filesystem from compromising - the machine' type: string partition: - description: 'partition is the - partition in the volume that - you want to mount. If omitted, - the default is to mount by volume - name. Examples: For volume /dev/sda1, - you specify the partition as - "1". Similarly, the volume partition - for /dev/sda is "0" (or you - can leave the property empty). - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' format: int32 type: integer pdName: - description: 'pdName is unique - name of the PD resource in GCE. - Used to identify the disk in - GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: string readOnly: - description: 'readOnly here will - force the ReadOnly setting in - VolumeMounts. Defaults to false. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: boolean required: - pdName type: object glusterfs: - description: 'glusterfs represents - a Glusterfs mount on the host that - shares a pod''s lifetime. More info: - https://examples.k8s.io/volumes/glusterfs/README.md' properties: endpoints: - description: 'endpoints is the - endpoint name that details Glusterfs - topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string path: - description: 'path is the Glusterfs - volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string readOnly: - description: 'readOnly here will - force the Glusterfs volume to - be mounted with read-only permissions. - Defaults to false. More info: - https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: boolean required: - endpoints - path type: object hostPath: - description: 'hostPath represents - a pre-existing file or directory - on the host machine that is directly - exposed to the container. This is - generally used for system agents - or other privileged things that - are allowed to see the host machine. - Most containers will NOT need this. - More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict - who can use host directory mounts - and who can/can not mount host directories - as read/write.' properties: path: - description: 'path of the directory - on the host. If the path is - a symlink, it will follow the - link to the real path. More - info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string type: - description: 'type for HostPath - Volume Defaults to "" More info: - https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string required: - path type: object iscsi: - description: 'iscsi represents an - ISCSI Disk resource that is attached - to a kubelet''s host machine and - then exposed to the pod. More info: - https://examples.k8s.io/volumes/iscsi/README.md' properties: chapAuthDiscovery: - description: chapAuthDiscovery - defines whether support iSCSI - Discovery CHAP authentication type: boolean chapAuthSession: - description: chapAuthSession defines - whether support iSCSI Session - CHAP authentication type: boolean fsType: - description: 'fsType is the filesystem - type of the volume that you - want to mount. Tip: Ensure that - the filesystem type is supported - by the host operating system. - Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors - in the filesystem from compromising - the machine' type: string initiatorName: - description: initiatorName is - the custom iSCSI Initiator Name. - If initiatorName is specified - with iscsiInterface simultaneously, - new iSCSI interface : will be - created for the connection. type: string iqn: - description: iqn is the target - iSCSI Qualified Name. type: string iscsiInterface: - description: iscsiInterface is - the interface Name that uses - an iSCSI transport. Defaults - to 'default' (tcp). type: string lun: - description: lun represents iSCSI - Target Lun number. format: int32 type: integer portals: - description: portals is the iSCSI - Target Portal List. The portal - is either an IP or ip_addr:port - if the port is other than default - (typically TCP ports 860 and - 3260). items: type: string type: array x-kubernetes-list-type: atomic readOnly: - description: readOnly here will - force the ReadOnly setting in - VolumeMounts. Defaults to false. type: boolean secretRef: - description: secretRef is the - CHAP Secret for iSCSI target - and initiator authentication properties: name: default: "" - description: 'Name of the - referent. This field is - effectively required, but - due to backwards compatibility - is allowed to be empty. - Instances of this type with - an empty value here are - almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic targetPortal: - description: targetPortal is iSCSI - Target Portal. The Portal is - either an IP or ip_addr:port - if the port is other than default - (typically TCP ports 860 and - 3260). type: string required: - iqn @@ -30701,230 +10462,66 @@ spec: - targetPortal type: object nfs: - description: 'nfs represents an NFS - mount on the host that shares a - pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' properties: path: - description: 'path that is exported - by the NFS server. More info: - https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string readOnly: - description: 'readOnly here will - force the NFS export to be mounted - with read-only permissions. - Defaults to false. More info: - https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: boolean server: - description: 'server is the hostname - or IP address of the NFS server. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string required: - path - server type: object persistentVolumeClaim: - description: 'persistentVolumeClaimVolumeSource - represents a reference to a PersistentVolumeClaim - in the same namespace. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: claimName: - description: 'claimName is the - name of a PersistentVolumeClaim - in the same namespace as the - pod using this volume. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' type: string readOnly: - description: readOnly Will force - the ReadOnly setting in VolumeMounts. - Default false. type: boolean required: - claimName type: object photonPersistentDisk: - description: photonPersistentDisk - represents a PhotonController persistent - disk attached and mounted on kubelets - host machine properties: fsType: - description: fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. type: string pdID: - description: pdID is the ID that - identifies Photon Controller - persistent disk type: string required: - pdID type: object portworxVolume: - description: portworxVolume represents - a portworx volume attached and mounted - on kubelets host machine properties: fsType: - description: fSType represents - the filesystem type to mount - Must be a filesystem type supported - by the host operating system. - Ex. "ext4", "xfs". Implicitly - inferred to be "ext4" if unspecified. type: string readOnly: - description: readOnly defaults - to false (read/write). ReadOnly - here will force the ReadOnly - setting in VolumeMounts. type: boolean volumeID: - description: volumeID uniquely - identifies a Portworx volume type: string required: - volumeID type: object projected: - description: projected items for all - in one resources secrets, configmaps, - and downward API properties: defaultMode: - description: defaultMode are the - mode bits used to set permissions - on created files by default. - Must be an octal value between - 0000 and 0777 or a decimal value - between 0 and 511. YAML accepts - both octal and decimal values, - JSON requires decimal values - for mode bits. Directories within - the path are not affected by - this setting. This might be - in conflict with other options - that affect the file mode, like - fsGroup, and the result can - be other mode bits set. format: int32 type: integer sources: - description: sources is the list - of volume projections items: - description: Projection that - may be projected along with - other supported volume types properties: clusterTrustBundle: - description: "ClusterTrustBundle - allows a pod to access - the `.spec.trustBundle` - field of ClusterTrustBundle - objects in an auto-updating - file. \n Alpha, gated - by the ClusterTrustBundleProjection - feature gate. \n ClusterTrustBundle - objects can either be - selected by name, or by - the combination of signer - name and a label selector. - \n Kubelet performs aggressive - normalization of the PEM - contents written into - the pod filesystem. Esoteric - PEM features such as inter-block - comments and block headers - are stripped. Certificates - are deduplicated. The - ordering of certificates - within the file is arbitrary, - and Kubelet may change - the order over time." properties: labelSelector: - description: Select - all ClusterTrustBundles - that match this label - selector. Only has - effect if signerName - is set. Mutually-exclusive - with name. If unset, - interpreted as "match - nothing". If set - but empty, interpreted - as "match everything". properties: matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements - are ANDed. items: - description: A - label selector - requirement - is a selector - that contains - values, a key, - and an operator - that relates - the key and - values. properties: key: - description: key - is the label - key that - the selector - applies - to. type: string operator: - description: operator - represents - a key's - relationship - to a set - of values. - Valid operators - are In, - NotIn, Exists - and DoesNotExist. type: string values: - description: values - is an array - of string - values. - If the operator - is In or - NotIn, the - values array - must be - non-empty. - If the operator - is Exists - or DoesNotExist, - the values - array must - be empty. - This array - is replaced - during a - strategic - merge patch. items: type: string type: array @@ -30938,153 +10535,31 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single - {key,value} in - the matchLabels - map is equivalent - to an element - of matchExpressions, - whose key field - is "key", the - operator is "In", - and the values - array contains - only "value". - The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic name: - description: Select - a single ClusterTrustBundle - by object name. Mutually-exclusive - with signerName and - labelSelector. type: string optional: - description: If true, - don't block pod startup - if the referenced - ClusterTrustBundle(s) - aren't available. If - using name, then the - named ClusterTrustBundle - is allowed not to - exist. If using signerName, - then the combination - of signerName and - labelSelector is allowed - to match zero ClusterTrustBundles. type: boolean path: - description: Relative - path from the volume - root to write the - bundle. type: string signerName: - description: Select - all ClusterTrustBundles - that match this signer - name. Mutually-exclusive - with name. The contents - of all selected ClusterTrustBundles - will be unified and - deduplicated. type: string required: - path type: object configMap: - description: configMap information - about the configMap data - to project properties: items: - description: items if - unspecified, each - key-value pair in - the Data field of - the referenced ConfigMap - will be projected - into the volume as - a file whose name - is the key and content - is the value. If specified, - the listed keys will - be projected into - the specified paths, - and unlisted keys - will not be present. - If a key is specified - which is not present - in the ConfigMap, - the volume setup will - error unless it is - marked optional. Paths - must be relative and - may not contain the - '..' path or start - with '..'. items: - description: Maps - a string key to - a path within a - volume. properties: key: - description: key - is the key to - project. type: string mode: - description: 'mode - is Optional: - mode bits used - to set permissions - on this file. - Must be an octal - value between - 0000 and 0777 - or a decimal - value between - 0 and 511. YAML - accepts both - octal and decimal - values, JSON - requires decimal - values for mode - bits. If not - specified, the - volume defaultMode - will be used. - This might be - in conflict - with other options - that affect - the file mode, - like fsGroup, - and the result - can be other - mode bits set.' format: int32 type: integer path: - description: path - is the relative - path of the - file to map - the key to. - May not be an - absolute path. - May not contain - the path element - '..'. May not - start with the - string '..'. type: string required: - key @@ -31094,162 +10569,42 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of - the referent. This - field is effectively - required, but due - to backwards compatibility - is allowed to be empty. - Instances of this - type with an empty - value here are almost - certainly wrong. TODO: - Add other useful fields. - apiVersion, kind, - uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional - specify whether the - ConfigMap or its keys - must be defined type: boolean type: object x-kubernetes-map-type: atomic downwardAPI: - description: downwardAPI - information about the - downwardAPI data to project properties: items: - description: Items is - a list of DownwardAPIVolume - file items: - description: DownwardAPIVolumeFile - represents information - to create the file - containing the pod - field properties: fieldRef: - description: 'Required: - Selects a field - of the pod: - only annotations, - labels, name, - namespace and - uid are supported.' properties: apiVersion: - description: Version - of the schema - the FieldPath - is written - in terms - of, defaults - to "v1". type: string fieldPath: - description: Path - of the field - to select - in the specified - API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: - mode bits used - to set permissions - on this file, - must be an octal - value between - 0000 and 0777 - or a decimal - value between - 0 and 511. YAML - accepts both - octal and decimal - values, JSON - requires decimal - values for mode - bits. If not - specified, the - volume defaultMode - will be used. - This might be - in conflict - with other options - that affect - the file mode, - like fsGroup, - and the result - can be other - mode bits set.' format: int32 type: integer path: - description: 'Required: - Path is the - relative path - name of the - file to be created. - Must not be - absolute or - contain the - ''..'' path. - Must be utf-8 - encoded. The - first item of - the relative - path must not - start with ''..''' type: string resourceFieldRef: - description: 'Selects - a resource of - the container: - only resources - limits and requests - (limits.cpu, - limits.memory, - requests.cpu - and requests.memory) - are currently - supported.' properties: containerName: - description: 'Container - name: required - for volumes, - optional - for env - vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies - the output - format of - the exposed - resources, - defaults - to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: - resource - to select' type: string required: - resource @@ -31262,92 +10617,16 @@ spec: x-kubernetes-list-type: atomic type: object secret: - description: secret information - about the secret data - to project properties: items: - description: items if - unspecified, each - key-value pair in - the Data field of - the referenced Secret - will be projected - into the volume as - a file whose name - is the key and content - is the value. If specified, - the listed keys will - be projected into - the specified paths, - and unlisted keys - will not be present. - If a key is specified - which is not present - in the Secret, the - volume setup will - error unless it is - marked optional. Paths - must be relative and - may not contain the - '..' path or start - with '..'. items: - description: Maps - a string key to - a path within a - volume. properties: key: - description: key - is the key to - project. type: string mode: - description: 'mode - is Optional: - mode bits used - to set permissions - on this file. - Must be an octal - value between - 0000 and 0777 - or a decimal - value between - 0 and 511. YAML - accepts both - octal and decimal - values, JSON - requires decimal - values for mode - bits. If not - specified, the - volume defaultMode - will be used. - This might be - in conflict - with other options - that affect - the file mode, - like fsGroup, - and the result - can be other - mode bits set.' format: int32 type: integer path: - description: path - is the relative - path of the - file to map - the key to. - May not be an - absolute path. - May not contain - the path element - '..'. May not - start with the - string '..'. type: string required: - key @@ -31357,78 +10636,19 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of - the referent. This - field is effectively - required, but due - to backwards compatibility - is allowed to be empty. - Instances of this - type with an empty - value here are almost - certainly wrong. TODO: - Add other useful fields. - apiVersion, kind, - uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional - field specify whether - the Secret or its - key must be defined type: boolean type: object x-kubernetes-map-type: atomic serviceAccountToken: - description: serviceAccountToken - is information about the - serviceAccountToken data - to project properties: audience: - description: audience - is the intended audience - of the token. A recipient - of a token must identify - itself with an identifier - specified in the audience - of the token, and - otherwise should reject - the token. The audience - defaults to the identifier - of the apiserver. type: string expirationSeconds: - description: expirationSeconds - is the requested duration - of validity of the - service account token. - As the token approaches - expiration, the kubelet - volume plugin will - proactively rotate - the service account - token. The kubelet - will start trying - to rotate the token - if the token is older - than 80 percent of - its time to live or - if the token is older - than 24 hours.Defaults - to 1 hour and must - be at least 10 minutes. format: int64 type: integer path: - description: path is - the path relative - to the mount point - of the file to project - the token into. type: string required: - path @@ -31438,214 +10658,79 @@ spec: x-kubernetes-list-type: atomic type: object quobyte: - description: quobyte represents a - Quobyte mount on the host that shares - a pod's lifetime properties: group: - description: group to map volume - access to Default is no group type: string readOnly: - description: readOnly here will - force the Quobyte volume to - be mounted with read-only permissions. - Defaults to false. type: boolean registry: - description: registry represents - a single or multiple Quobyte - Registry services specified - as a string as host:port pair - (multiple entries are separated - with commas) which acts as the - central registry for volumes type: string tenant: - description: tenant owning the - given Quobyte volume in the - Backend Used with dynamically - provisioned Quobyte volumes, - value is set by the plugin type: string user: - description: user to map volume - access to Defaults to serivceaccount - user type: string volume: - description: volume is a string - that references an already created - Quobyte volume by name. type: string required: - registry - volume type: object rbd: - description: 'rbd represents a Rados - Block Device mount on the host that - shares a pod''s lifetime. More info: - https://examples.k8s.io/volumes/rbd/README.md' properties: fsType: - description: 'fsType is the filesystem - type of the volume that you - want to mount. Tip: Ensure that - the filesystem type is supported - by the host operating system. - Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors - in the filesystem from compromising - the machine' type: string image: - description: 'image is the rados - image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string keyring: - description: 'keyring is the path - to key ring for RBDUser. Default - is /etc/ceph/keyring. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string monitors: - description: 'monitors is a collection - of Ceph monitors. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' items: type: string type: array x-kubernetes-list-type: atomic pool: - description: 'pool is the rados - pool name. Default is rbd. More - info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string readOnly: - description: 'readOnly here will - force the ReadOnly setting in - VolumeMounts. Defaults to false. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: boolean secretRef: - description: 'secretRef is name - of the authentication secret - for RBDUser. If provided overrides - keyring. Default is nil. More - info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' properties: name: default: "" - description: 'Name of the - referent. This field is - effectively required, but - due to backwards compatibility - is allowed to be empty. - Instances of this type with - an empty value here are - almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is the rados - user name. Default is admin. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string required: - image - monitors type: object scaleIO: - description: scaleIO represents a - ScaleIO persistent volume attached - and mounted on Kubernetes nodes. properties: fsType: - description: fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Default is "xfs". type: string gateway: - description: gateway is the host - address of the ScaleIO API Gateway. type: string protectionDomain: - description: protectionDomain - is the name of the ScaleIO Protection - Domain for the configured storage. type: string readOnly: - description: readOnly Defaults - to false (read/write). ReadOnly - here will force the ReadOnly - setting in VolumeMounts. type: boolean secretRef: - description: secretRef references - to the secret for ScaleIO user - and other sensitive information. - If this is not provided, Login - operation will fail. properties: name: default: "" - description: 'Name of the - referent. This field is - effectively required, but - due to backwards compatibility - is allowed to be empty. - Instances of this type with - an empty value here are - almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic sslEnabled: - description: sslEnabled Flag enable/disable - SSL communication with Gateway, - default false type: boolean storageMode: - description: storageMode indicates - whether the storage for a volume - should be ThickProvisioned or - ThinProvisioned. Default is - ThinProvisioned. type: string storagePool: - description: storagePool is the - ScaleIO Storage Pool associated - with the protection domain. type: string system: - description: system is the name - of the storage system as configured - in ScaleIO. type: string volumeName: - description: volumeName is the - name of a volume already created - in the ScaleIO system that is - associated with this volume - source. type: string required: - gateway @@ -31653,84 +10738,19 @@ spec: - system type: object secret: - description: 'secret represents a - secret that should populate this - volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' properties: defaultMode: - description: 'defaultMode is Optional: - mode bits used to set permissions - on created files by default. - Must be an octal value between - 0000 and 0777 or a decimal value - between 0 and 511. YAML accepts - both octal and decimal values, - JSON requires decimal values - for mode bits. Defaults to 0644. - Directories within the path - are not affected by this setting. - This might be in conflict with - other options that affect the - file mode, like fsGroup, and - the result can be other mode - bits set.' format: int32 type: integer items: - description: items If unspecified, - each key-value pair in the Data - field of the referenced Secret - will be projected into the volume - as a file whose name is the - key and content is the value. - If specified, the listed keys - will be projected into the specified - paths, and unlisted keys will - not be present. If a key is - specified which is not present - in the Secret, the volume setup - will error unless it is marked - optional. Paths must be relative - and may not contain the '..' - path or start with '..'. items: - description: Maps a string key - to a path within a volume. properties: key: - description: key is the - key to project. type: string mode: - description: 'mode is Optional: - mode bits used to set - permissions on this file. - Must be an octal value - between 0000 and 0777 - or a decimal value between - 0 and 511. YAML accepts - both octal and decimal - values, JSON requires - decimal values for mode - bits. If not specified, - the volume defaultMode - will be used. This might - be in conflict with other - options that affect the - file mode, like fsGroup, - and the result can be - other mode bits set.' format: int32 type: integer path: - description: path is the - relative path of the file - to map the key to. May - not be an absolute path. - May not contain the path - element '..'. May not - start with the string - '..'. type: string required: - key @@ -31739,256 +10759,60 @@ spec: type: array x-kubernetes-list-type: atomic optional: - description: optional field specify - whether the Secret or its keys - must be defined type: boolean secretName: - description: 'secretName is the - name of the secret in the pod''s - namespace to use. More info: - https://kubernetes.io/docs/concepts/storage/volumes#secret' type: string type: object storageos: - description: storageOS represents - a StorageOS volume attached and - mounted on Kubernetes nodes. properties: fsType: - description: fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. type: string readOnly: - description: readOnly defaults - to false (read/write). ReadOnly - here will force the ReadOnly - setting in VolumeMounts. type: boolean secretRef: - description: secretRef specifies - the secret to use for obtaining - the StorageOS API credentials. If - not specified, default values - will be attempted. properties: name: default: "" - description: 'Name of the - referent. This field is - effectively required, but - due to backwards compatibility - is allowed to be empty. - Instances of this type with - an empty value here are - almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic volumeName: - description: volumeName is the - human-readable name of the StorageOS - volume. Volume names are only - unique within a namespace. type: string volumeNamespace: - description: volumeNamespace specifies - the scope of the volume within - StorageOS. If no namespace - is specified then the Pod's - namespace will be used. This - allows the Kubernetes name scoping - to be mirrored within StorageOS - for tighter integration. Set - VolumeName to any name to override - the default behaviour. Set to - "default" if you are not using - namespaces within StorageOS. - Namespaces that do not pre-exist - within StorageOS will be created. type: string type: object volumeClaimTemplate: - description: VolumeClaimTemplate specifies - a template for volume to use by - the backup/restore executor properties: metadata: - description: May contain labels - and annotations that will be - copied into the PVC when creating - it. No other fields are allowed - and will be rejected during - validation. properties: annotations: additionalProperties: type: string - description: 'Annotations - is an unstructured key value - map stored with a resource - that may be set by external - tools to store and retrieve - arbitrary metadata. They - are not queryable and should - be preserved when modifying - objects. More info: http://kubernetes.io/docs/user-guide/annotations' type: object generateName: - description: "GenerateName - is an optional prefix, used - by the server, to generate - a unique name ONLY IF the - Name field has not been - provided. If this field - is used, the name returned - to the client will be different - than the name passed. This - value will also be combined - with a unique suffix. The - provided value has the same - validation rules as the - Name field, and may be truncated - by the length of the suffix - required to make the value - unique on the server. \n - If this field is specified - and the generated name exists, - the server will NOT return - a 409 - instead, it will - either return 201 Created - or 500 with Reason ServerTimeout - indicating a unique name - could not be found in the - time allotted, and the client - should retry (optionally - after the time indicated - in the Retry-After header). - \n Applied only if Name - is not specified. More info: - https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" type: string labels: additionalProperties: type: string - description: 'Map of string - keys and values that can - be used to organize and - categorize (scope and select) - objects. May match selectors - of replication controllers - and services. More info: - http://kubernetes.io/docs/user-guide/labels' type: object name: - description: 'Name must be - unique within a namespace. - Is required when creating - resources, although some - resources may allow a client - to request the generation - of an appropriate name automatically. - Name is primarily intended - for creation idempotence - and configuration definition. - Cannot be updated. More - info: http://kubernetes.io/docs/user-guide/identifiers#names' type: string namespace: - description: "Namespace defines - the space within each name - must be unique. An empty - namespace is equivalent - to the \"default\" namespace, - but \"default\" is the canonical - representation. Not all - objects are required to - be scoped to a namespace - - the value of this field - for those objects will be - empty. \n Must be a DNS_LABEL. - Cannot be updated. More - info: http://kubernetes.io/docs/user-guide/namespaces" type: string ownerReferences: - description: List of objects - depended by this object. - If ALL objects in the list - have been deleted, this - object will be garbage collected. - If this object is managed - by a controller, then an - entry in this list will - point to this controller, - with the controller field - set to true. There cannot - be more than one managing - controller. items: - description: OwnerReference - contains enough information - to let you identify an - owning object. An owning - object must be in the - same namespace as the - dependent, or be cluster-scoped, - so there is no namespace - field. properties: apiVersion: - description: API version - of the referent. type: string blockOwnerDeletion: - description: If true, - AND if the owner has - the "foregroundDeletion" - finalizer, then the - owner cannot be deleted - from the key-value - store until this reference - is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion - for how the garbage - collector interacts - with this field and - enforces the foreground - deletion. Defaults - to false. To set this - field, a user needs - "delete" permission - of the owner, otherwise - 422 (Unprocessable - Entity) will be returned. type: boolean controller: - description: If true, - this reference points - to the managing controller. type: boolean kind: - description: 'Kind of - the referent. More - info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string name: - description: 'Name of - the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: - description: 'UID of - the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -32000,66 +10824,19 @@ spec: type: array type: object spec: - description: The specification - for the PersistentVolumeClaim. - The entire content is copied - unchanged into the PVC that - gets created from this template. - The same fields as in a PersistentVolumeClaim - are also valid here. properties: accessModes: - description: 'accessModes - contains the desired access - modes the volume should - have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array x-kubernetes-list-type: atomic dataSource: - description: 'dataSource field - can be used to specify either: - * An existing VolumeSnapshot - object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an - external controller can - support the specified data - source, it will create a - new volume based on the - contents of the specified - data source. When the AnyVolumeDataSource - feature gate is enabled, - dataSource contents will - be copied to dataSourceRef, - and dataSourceRef contents - will be copied to dataSource - when dataSourceRef.namespace - is not specified. If the - namespace is specified, - then dataSourceRef will - not be copied to dataSource.' properties: apiGroup: - description: APIGroup - is the group for the - resource being referenced. - If APIGroup is not specified, - the specified Kind must - be in the core API group. - For any other third-party - types, APIGroup is required. type: string kind: - description: Kind is the - type of resource being - referenced type: string name: - description: Name is the - name of resource being - referenced type: string required: - kind @@ -32067,114 +10844,20 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef - specifies the object from - which to populate the volume - with data, if a non-empty - volume is desired. This - may be any object from a - non-empty API group (non - core object) or a PersistentVolumeClaim - object. When this field - is specified, volume binding - will only succeed if the - type of the specified object - matches some installed volume - populator or dynamic provisioner. - This field will replace - the functionality of the - dataSource field and as - such if both fields are - non-empty, they must have - the same value. For backwards - compatibility, when namespace - isn''t specified in dataSourceRef, - both fields (dataSource - and dataSourceRef) will - be set to the same value - automatically if one of - them is empty and the other - is non-empty. When namespace - is specified in dataSourceRef, - dataSource isn''t set to - the same value and must - be empty. There are three - important differences between - dataSource and dataSourceRef: - * While dataSource only - allows two specific types - of objects, dataSourceRef - allows any non-core object, - as well as PersistentVolumeClaim - objects. * While dataSource - ignores disallowed values - (dropping them), dataSourceRef - preserves all values, and - generates an error if a - disallowed value is specified. - * While dataSource only - allows local objects, dataSourceRef - allows objects in any namespaces. - (Beta) Using this field - requires the AnyVolumeDataSource - feature gate to be enabled. - (Alpha) Using the namespace - field of dataSourceRef requires - the CrossNamespaceVolumeDataSource - feature gate to be enabled.' properties: apiGroup: - description: APIGroup - is the group for the - resource being referenced. - If APIGroup is not specified, - the specified Kind must - be in the core API group. - For any other third-party - types, APIGroup is required. type: string kind: - description: Kind is the - type of resource being - referenced type: string name: - description: Name is the - name of resource being - referenced type: string namespace: - description: Namespace - is the namespace of - resource being referenced - Note that when a namespace - is specified, a gateway.networking.k8s.io/ReferenceGrant - object is required in - the referent namespace - to allow that namespace's - owner to accept the - reference. See the ReferenceGrant - documentation for details. - (Alpha) This field requires - the CrossNamespaceVolumeDataSource - feature gate to be enabled. type: string required: - kind - name type: object resources: - description: 'resources represents - the minimum resources the - volume should have. If RecoverVolumeExpansionFailure - feature is enabled users - are allowed to specify resource - requirements that are lower - than previous value but - must still be higher than - capacity recorded in the - status field of the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: @@ -32183,10 +10866,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes - the maximum amount of - compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -32195,70 +10874,18 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests - describes the minimum - amount of compute resources - required. If Requests - is omitted for a container, - it defaults to Limits - if that is explicitly - specified, otherwise - to an implementation-defined - value. Requests cannot - exceed Limits. More - info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: - description: selector is a - label query over volumes - to consider for binding. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. properties: key: - description: key - is the label key - that the selector - applies to. type: string operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. items: type: string type: array @@ -32272,107 +10899,30 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName - is the name of the StorageClass - required by the claim. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeAttributesClassName: - description: 'volumeAttributesClassName - may be used to set the VolumeAttributesClass - used by this claim. If specified, - the CSI driver will create - or update the volume with - the attributes defined in - the corresponding VolumeAttributesClass. - This has a different purpose - than storageClassName, it - can be changed after the - claim is created. An empty - string value means that - no VolumeAttributesClass - will be applied to the claim - but it''s not allowed to - reset this field to empty - string once it is set. If - unspecified and the PersistentVolumeClaim - is unbound, the default - VolumeAttributesClass will - be set by the persistentvolume - controller if it exists. - If the resource referred - to by volumeAttributesClass - does not exist, this PersistentVolumeClaim - will be set to a Pending - state, as reflected by the - modifyVolumeStatus field, - until such as a resource - exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field - requires the VolumeAttributesClass - feature gate to be enabled.' type: string volumeMode: - description: volumeMode defines - what type of volume is required - by the claim. Value of Filesystem - is implied when not included - in claim spec. type: string volumeName: - description: volumeName is - the binding reference to - the PersistentVolume backing - this claim. type: string type: object required: - spec type: object vsphereVolume: - description: vsphereVolume represents - a vSphere volume attached and mounted - on kubelets host machine properties: fsType: - description: fsType is filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. type: string storagePolicyID: - description: storagePolicyID is - the storage Policy Based Management - (SPBM) profile ID associated - with the StoragePolicyName. type: string storagePolicyName: - description: storagePolicyName - is the storage Policy Based - Management (SPBM) profile name. type: string volumePath: - description: volumePath is the - path that identifies vSphere - volume vmdk type: string required: - volumePath @@ -32381,187 +10931,49 @@ spec: type: object type: array name: - description: Name indicates to the name of the - task type: string params: - description: Params specifies parameters for - the task. You must provide the parameter in - the Addon desired structure. type: object x-kubernetes-preserve-unknown-fields: true targetVolumes: - description: TargetVolumes specifies which volumes - from the target should be mounted in the backup/restore - job/container. properties: volumeClaimTemplates: - description: VolumeClaimTemplates specifies - a template for the PersistentVolumeClaims - that will be created for each Pod in a - StatefulSet. items: - description: PersistentVolumeClaim is - a user's request for and claim to a - persistent volume properties: apiVersion: - description: 'APIVersion defines the - versioned schema of this representation - of an object. Servers should convert - recognized schemas to the latest - internal value, and may reject unrecognized - values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value - representing the REST resource this - object represents. Servers may infer - this from the endpoint the client - submits requests to. Cannot be updated. - In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: - description: 'Standard object''s metadata. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' properties: annotations: additionalProperties: type: string - description: 'Annotations is an - unstructured key value map stored - with a resource that may be - set by external tools to store - and retrieve arbitrary metadata. - They are not queryable and should - be preserved when modifying - objects. More info: http://kubernetes.io/docs/user-guide/annotations' type: object generateName: - description: "GenerateName is - an optional prefix, used by - the server, to generate a unique - name ONLY IF the Name field - has not been provided. If this - field is used, the name returned - to the client will be different - than the name passed. This value - will also be combined with a - unique suffix. The provided - value has the same validation - rules as the Name field, and - may be truncated by the length - of the suffix required to make - the value unique on the server. - \n If this field is specified - and the generated name exists, - the server will NOT return a - 409 - instead, it will either - return 201 Created or 500 with - Reason ServerTimeout indicating - a unique name could not be found - in the time allotted, and the - client should retry (optionally - after the time indicated in - the Retry-After header). \n - Applied only if Name is not - specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" type: string labels: additionalProperties: type: string - description: 'Map of string keys - and values that can be used - to organize and categorize (scope - and select) objects. May match - selectors of replication controllers - and services. More info: http://kubernetes.io/docs/user-guide/labels' type: object name: - description: 'Name must be unique - within a namespace. Is required - when creating resources, although - some resources may allow a client - to request the generation of - an appropriate name automatically. - Name is primarily intended for - creation idempotence and configuration - definition. Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' type: string namespace: - description: "Namespace defines - the space within each name must - be unique. An empty namespace - is equivalent to the \"default\" - namespace, but \"default\" is - the canonical representation. - Not all objects are required - to be scoped to a namespace - - the value of this field for - those objects will be empty. - \n Must be a DNS_LABEL. Cannot - be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" type: string ownerReferences: - description: List of objects depended - by this object. If ALL objects - in the list have been deleted, - this object will be garbage - collected. If this object is - managed by a controller, then - an entry in this list will point - to this controller, with the - controller field set to true. - There cannot be more than one - managing controller. items: - description: OwnerReference - contains enough information - to let you identify an owning - object. An owning object must - be in the same namespace as - the dependent, or be cluster-scoped, - so there is no namespace field. properties: apiVersion: - description: API version - of the referent. type: string blockOwnerDeletion: - description: If true, AND - if the owner has the "foregroundDeletion" - finalizer, then the owner - cannot be deleted from - the key-value store until - this reference is removed. - See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion - for how the garbage collector - interacts with this field - and enforces the foreground - deletion. Defaults to - false. To set this field, - a user needs "delete" - permission of the owner, - otherwise 422 (Unprocessable - Entity) will be returned. type: boolean controller: - description: If true, this - reference points to the - managing controller. type: boolean kind: - description: 'Kind of the - referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: - description: 'UID of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -32573,57 +10985,19 @@ spec: type: array type: object spec: - description: 'Spec defines the desired - characteristics of a volume requested - by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: accessModes: - description: 'accessModes contains - the desired access modes the - volume should have. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array x-kubernetes-list-type: atomic dataSource: - description: 'dataSource field - can be used to specify either: - * An existing VolumeSnapshot - object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an external - controller can support the specified - data source, it will create - a new volume based on the contents - of the specified data source. - When the AnyVolumeDataSource - feature gate is enabled, dataSource - contents will be copied to dataSourceRef, - and dataSourceRef contents will - be copied to dataSource when - dataSourceRef.namespace is not - specified. If the namespace - is specified, then dataSourceRef - will not be copied to dataSource.' properties: apiGroup: - description: APIGroup is the - group for the resource being - referenced. If APIGroup - is not specified, the specified - Kind must be in the core - API group. For any other - third-party types, APIGroup - is required. type: string kind: - description: Kind is the type - of resource being referenced type: string name: - description: Name is the name - of resource being referenced type: string required: - kind @@ -32631,103 +11005,20 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef specifies - the object from which to populate - the volume with data, if a non-empty - volume is desired. This may - be any object from a non-empty - API group (non core object) - or a PersistentVolumeClaim object. - When this field is specified, - volume binding will only succeed - if the type of the specified - object matches some installed - volume populator or dynamic - provisioner. This field will - replace the functionality of - the dataSource field and as - such if both fields are non-empty, - they must have the same value. - For backwards compatibility, - when namespace isn''t specified - in dataSourceRef, both fields - (dataSource and dataSourceRef) - will be set to the same value - automatically if one of them - is empty and the other is non-empty. - When namespace is specified - in dataSourceRef, dataSource - isn''t set to the same value - and must be empty. There are - three important differences - between dataSource and dataSourceRef: - * While dataSource only allows - two specific types of objects, - dataSourceRef allows any non-core - object, as well as PersistentVolumeClaim - objects. * While dataSource - ignores disallowed values (dropping - them), dataSourceRef preserves - all values, and generates an - error if a disallowed value - is specified. * While dataSource - only allows local objects, dataSourceRef - allows objects in any namespaces. - (Beta) Using this field requires - the AnyVolumeDataSource feature - gate to be enabled. (Alpha) - Using the namespace field of - dataSourceRef requires the CrossNamespaceVolumeDataSource - feature gate to be enabled.' properties: apiGroup: - description: APIGroup is the - group for the resource being - referenced. If APIGroup - is not specified, the specified - Kind must be in the core - API group. For any other - third-party types, APIGroup - is required. type: string kind: - description: Kind is the type - of resource being referenced type: string name: - description: Name is the name - of resource being referenced type: string namespace: - description: Namespace is - the namespace of resource - being referenced Note that - when a namespace is specified, - a gateway.networking.k8s.io/ReferenceGrant - object is required in the - referent namespace to allow - that namespace's owner to - accept the reference. See - the ReferenceGrant documentation - for details. (Alpha) This - field requires the CrossNamespaceVolumeDataSource - feature gate to be enabled. type: string required: - kind - name type: object resources: - description: 'resources represents - the minimum resources the volume - should have. If RecoverVolumeExpansionFailure - feature is enabled users are - allowed to specify resource - requirements that are lower - than previous value but must - still be higher than capacity - recorded in the status field - of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: @@ -32736,10 +11027,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes - the maximum amount of compute - resources allowed. More - info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -32748,64 +11035,18 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes - the minimum amount of compute - resources required. If Requests - is omitted for a container, - it defaults to Limits if - that is explicitly specified, - otherwise to an implementation-defined - value. Requests cannot exceed - Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: - description: selector is a label - query over volumes to consider - for binding. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key and - values. properties: key: - description: key is - the label key that - the selector applies - to. type: string operator: - description: operator - represents a key's - relationship to a - set of values. Valid - operators are In, - NotIn, Exists and - DoesNotExist. type: string values: - description: values - is an array of string - values. If the operator - is In or NotIn, the - values array must - be non-empty. If the - operator is Exists - or DoesNotExist, the - values array must - be empty. This array - is replaced during - a strategic merge - patch. items: type: string type: array @@ -32819,157 +11060,28 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in - the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName - is the name of the StorageClass - required by the claim. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeAttributesClassName: - description: 'volumeAttributesClassName - may be used to set the VolumeAttributesClass - used by this claim. If specified, - the CSI driver will create or - update the volume with the attributes - defined in the corresponding - VolumeAttributesClass. This - has a different purpose than - storageClassName, it can be - changed after the claim is created. - An empty string value means - that no VolumeAttributesClass - will be applied to the claim - but it''s not allowed to reset - this field to empty string once - it is set. If unspecified and - the PersistentVolumeClaim is - unbound, the default VolumeAttributesClass - will be set by the persistentvolume - controller if it exists. If - the resource referred to by - volumeAttributesClass does not - exist, this PersistentVolumeClaim - will be set to a Pending state, - as reflected by the modifyVolumeStatus - field, until such as a resource - exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires - the VolumeAttributesClass feature - gate to be enabled.' type: string volumeMode: - description: volumeMode defines - what type of volume is required - by the claim. Value of Filesystem - is implied when not included - in claim spec. type: string volumeName: - description: volumeName is the - binding reference to the PersistentVolume - backing this claim. type: string type: object status: - description: 'Status represents the - current information/status of a - persistent volume claim. Read-only. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: accessModes: - description: 'accessModes contains - the actual access modes the - volume backing the PVC has. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array x-kubernetes-list-type: atomic allocatedResourceStatuses: additionalProperties: - description: When a controller - receives persistentvolume - claim update with ClaimResourceStatus - for a resource that it does - not recognizes, then it should - ignore that update and let - other controllers handle it. type: string - description: "allocatedResourceStatuses - stores status of resource being - resized for the given PVC. Key - names follow standard Kubernetes - label syntax. Valid values are - either: * Un-prefixed keys: - - storage - the capacity of - the volume. * Custom resources - must use implementation-defined - prefixed names such as \"example.com/my-custom-resource\" - Apart from above values - keys - that are unprefixed or have - kubernetes.io prefix are considered - reserved and hence may not be - used. \n ClaimResourceStatus - can be in any of following states: - - ControllerResizeInProgress: - State set when resize controller - starts resizing the volume in - control-plane. - ControllerResizeFailed: - State set when resize has failed - in resize controller with a - terminal error. - NodeResizePending: - State set when resize controller - has finished resizing the volume - but further resizing of volume - is needed on the node. - NodeResizeInProgress: - State set when kubelet starts - resizing the volume. - NodeResizeFailed: - State set when resizing has - failed in kubelet with a terminal - error. Transient errors don't - set NodeResizeFailed. For example: - if expanding a PVC for more - capacity - this field can be - one of the following states: - - pvc.status.allocatedResourceStatus['storage'] - = \"ControllerResizeInProgress\" - - pvc.status.allocatedResourceStatus['storage'] - = \"ControllerResizeFailed\" - - pvc.status.allocatedResourceStatus['storage'] - = \"NodeResizePending\" - pvc.status.allocatedResourceStatus['storage'] - = \"NodeResizeInProgress\" - - pvc.status.allocatedResourceStatus['storage'] - = \"NodeResizeFailed\" When - this field is not set, it means - that no resize operation is - in progress for the given PVC. - \n A controller that receives - PVC update with previously unknown - resourceName or ClaimResourceStatus - should ignore the update for - the purpose it was designed. - For example - a controller that - only is responsible for resizing - capacity of the volume, should - ignore PVC updates that change - other valid resources associated - with PVC. \n This is an alpha - field and requires enabling - RecoverVolumeExpansionFailure - feature." type: object x-kubernetes-map-type: granular allocatedResources: @@ -32979,49 +11091,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: "allocatedResources - tracks the resources allocated - to a PVC including its capacity. - Key names follow standard Kubernetes - label syntax. Valid values are - either: * Un-prefixed keys: - - storage - the capacity of - the volume. * Custom resources - must use implementation-defined - prefixed names such as \"example.com/my-custom-resource\" - Apart from above values - keys - that are unprefixed or have - kubernetes.io prefix are considered - reserved and hence may not be - used. \n Capacity reported here - may be larger than the actual - capacity when a volume expansion - operation is requested. For - storage quota, the larger value - from allocatedResources and - PVC.spec.resources is used. - If allocatedResources is not - set, PVC.spec.resources alone - is used for quota calculation. - If a volume expansion capacity - request is lowered, allocatedResources - is only lowered if there are - no expansion operations in progress - and if the actual volume capacity - is equal or lower than the requested - capacity. \n A controller that - receives PVC update with previously - unknown resourceName should - ignore the update for the purpose - it was designed. For example - - a controller that only is - responsible for resizing capacity - of the volume, should ignore - PVC updates that change other - valid resources associated with - PVC. \n This is an alpha field - and requires enabling RecoverVolumeExpansionFailure - feature." type: object capacity: additionalProperties: @@ -33030,57 +11099,23 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: capacity represents - the actual resources of the - underlying volume. type: object conditions: - description: conditions is the - current Condition of persistent - volume claim. If underlying - persistent volume is being resized - then the Condition will be set - to 'Resizing'. items: - description: PersistentVolumeClaimCondition - contains details about state - of pvc properties: lastProbeTime: - description: lastProbeTime - is the time we probed - the condition. format: date-time type: string lastTransitionTime: - description: lastTransitionTime - is the time the condition - transitioned from one - status to another. format: date-time type: string message: - description: message is - the human-readable message - indicating details about - last transition. type: string reason: - description: reason is a - unique, this should be - a short, machine understandable - string that gives the - reason for condition's - last transition. If it - reports "Resizing" that - means the underlying persistent - volume is being resized. type: string status: type: string type: - description: PersistentVolumeClaimConditionType - is a valid value of PersistentVolumeClaimCondition.Type type: string required: - status @@ -33091,139 +11126,37 @@ spec: - type x-kubernetes-list-type: map currentVolumeAttributesClassName: - description: currentVolumeAttributesClassName - is the current name of the VolumeAttributesClass - the PVC is using. When unset, - there is no VolumeAttributeClass - applied to this PersistentVolumeClaim - This is an alpha field and requires - enabling VolumeAttributesClass - feature. type: string modifyVolumeStatus: - description: ModifyVolumeStatus - represents the status object - of ControllerModifyVolume operation. - When this is unset, there is - no ModifyVolume operation being - attempted. This is an alpha - field and requires enabling - VolumeAttributesClass feature. properties: status: - description: 'status is the - status of the ControllerModifyVolume - operation. It can be in - any of following states: - - Pending Pending indicates - that the PersistentVolumeClaim - cannot be modified due to - unmet requirements, such - as the specified VolumeAttributesClass - not existing. - InProgress - InProgress indicates that - the volume is being modified. - - Infeasible Infeasible - indicates that the request - has been rejected as invalid - by the CSI driver. To resolve - the error, a valid VolumeAttributesClass - needs to be specified. Note: - New statuses can be added - in the future. Consumers - should check for unknown - statuses and fail appropriately.' type: string targetVolumeAttributesClassName: - description: targetVolumeAttributesClassName - is the name of the VolumeAttributesClass - the PVC currently being - reconciled type: string required: - status type: object phase: - description: phase represents - the current phase of PersistentVolumeClaim. type: string type: object type: object type: array volumeMounts: - description: VolumeMounts specifies the - mount for the volumes specified in `Volumes` - section items: - description: VolumeMount describes a mounting - of a Volume within a container. properties: mountPath: - description: Path within the container - at which the volume should be mounted. Must - not contain ':'. type: string mountPropagation: - description: mountPropagation determines - how mounts are propagated from the - host to container and the other - way around. When not set, MountPropagationNone - is used. This field is beta in 1.10. - When RecursiveReadOnly is set to - IfPossible or to Enabled, MountPropagation - must be None or unspecified (which - defaults to None). type: string name: - description: This must match the Name - of a Volume. type: string readOnly: - description: Mounted read-only if - true, read-write otherwise (false - or unspecified). Defaults to false. type: boolean recursiveReadOnly: - description: "RecursiveReadOnly specifies - whether read-only mounts should - be handled recursively. \n If ReadOnly - is false, this field has no meaning - and must be unspecified. \n If ReadOnly - is true, and this field is set to - Disabled, the mount is not made - recursively read-only. If this - field is set to IfPossible, the - mount is made recursively read-only, - if it is supported by the container - runtime. If this field is set to - Enabled, the mount is made recursively - read-only if it is supported by - the container runtime, otherwise - the pod will not be started and - an error will be generated to indicate - the reason. \n If this field is - set to IfPossible or Enabled, MountPropagation - must be set to None (or be unspecified, - which defaults to None). \n If this - field is not specified, it is treated - as an equivalent of Disabled." type: string subPath: - description: Path within the volume - from which the container's volume - should be mounted. Defaults to "" - (volume's root). type: string subPathExpr: - description: Expanded path within - the volume from which the container's - volume should be mounted. Behaves - similarly to SubPath but environment - variable references $(VAR_NAME) - are expanded using the container's - environment. Defaults to "" (volume's - root). SubPathExpr and SubPath are - mutually exclusive. type: string required: - mountPath @@ -33231,334 +11164,109 @@ spec: type: object type: array volumes: - description: Volumes indicates the list - of volumes of targeted application that - should be mounted on the backup/restore - job. items: - description: Volume represents a named - volume in a pod that may be accessed - by any container in the pod. properties: awsElasticBlockStore: - description: 'awsElasticBlockStore - represents an AWS Disk resource - that is attached to a kubelet''s - host machine and then exposed to - the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' properties: fsType: - description: 'fsType is the filesystem - type of the volume that you - want to mount. Tip: Ensure that - the filesystem type is supported - by the host operating system. - Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors - in the filesystem from compromising - the machine' type: string partition: - description: 'partition is the - partition in the volume that - you want to mount. If omitted, - the default is to mount by volume - name. Examples: For volume /dev/sda1, - you specify the partition as - "1". Similarly, the volume partition - for /dev/sda is "0" (or you - can leave the property empty).' format: int32 type: integer readOnly: - description: 'readOnly value true - will force the readOnly setting - in VolumeMounts. More info: - https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: boolean volumeID: - description: 'volumeID is unique - ID of the persistent disk resource - in AWS (Amazon EBS volume). - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: string required: - volumeID type: object azureDisk: - description: azureDisk represents - an Azure Data Disk mount on the - host and bind mount to the pod. properties: cachingMode: - description: 'cachingMode is the - Host Caching mode: None, Read - Only, Read Write.' type: string diskName: - description: diskName is the Name - of the data disk in the blob - storage type: string diskURI: - description: diskURI is the URI - of data disk in the blob storage type: string fsType: - description: fsType is Filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. type: string kind: - description: 'kind expected values - are Shared: multiple blob disks - per storage account Dedicated: - single blob disk per storage - account Managed: azure managed - data disk (only in managed availability - set). defaults to shared' type: string readOnly: - description: readOnly Defaults - to false (read/write). ReadOnly - here will force the ReadOnly - setting in VolumeMounts. type: boolean required: - diskName - diskURI type: object azureFile: - description: azureFile represents - an Azure File Service mount on the - host and bind mount to the pod. properties: readOnly: - description: readOnly defaults - to false (read/write). ReadOnly - here will force the ReadOnly - setting in VolumeMounts. type: boolean secretName: - description: secretName is the name - of secret that contains Azure - Storage Account Name and Key type: string shareName: - description: shareName is the - azure share Name type: string required: - secretName - shareName type: object cephfs: - description: cephFS represents a Ceph - FS mount on the host that shares - a pod's lifetime properties: monitors: - description: 'monitors is Required: - Monitors is a collection of - Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' items: type: string type: array x-kubernetes-list-type: atomic path: - description: 'path is Optional: - Used as the mounted root, rather - than the full Ceph tree, default - is /' type: string readOnly: - description: 'readOnly is Optional: - Defaults to false (read/write). - ReadOnly here will force the - ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: boolean secretFile: - description: 'secretFile is Optional: - SecretFile is the path to key - ring for User, default is /etc/ceph/user.secret - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string secretRef: - description: 'secretRef is Optional: - SecretRef is reference to the - authentication secret for User, - default is empty. More info: - https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' properties: name: default: "" - description: 'Name of the - referent. This field is - effectively required, but - due to backwards compatibility - is allowed to be empty. - Instances of this type with - an empty value here are - almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is optional: - User is the rados user name, - default is admin More info: - https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string required: - monitors type: object cinder: - description: 'cinder represents a - cinder volume attached and mounted - on kubelets host machine. More info: - https://examples.k8s.io/mysql-cinder-pd/README.md' properties: fsType: - description: 'fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred - to be "ext4" if unspecified. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string readOnly: - description: 'readOnly defaults - to false (read/write). ReadOnly - here will force the ReadOnly - setting in VolumeMounts. More - info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: boolean secretRef: - description: 'secretRef is optional: - points to a secret object containing - parameters used to connect to - OpenStack.' properties: name: default: "" - description: 'Name of the - referent. This field is - effectively required, but - due to backwards compatibility - is allowed to be empty. - Instances of this type with - an empty value here are - almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic volumeID: - description: 'volumeID used to - identify the volume in cinder. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string required: - volumeID type: object configMap: - description: configMap represents - a configMap that should populate - this volume properties: defaultMode: - description: 'defaultMode is optional: - mode bits used to set permissions - on created files by default. - Must be an octal value between - 0000 and 0777 or a decimal value - between 0 and 511. YAML accepts - both octal and decimal values, - JSON requires decimal values - for mode bits. Defaults to 0644. - Directories within the path - are not affected by this setting. - This might be in conflict with - other options that affect the - file mode, like fsGroup, and - the result can be other mode - bits set.' format: int32 type: integer items: - description: items if unspecified, - each key-value pair in the Data - field of the referenced ConfigMap - will be projected into the volume - as a file whose name is the - key and content is the value. - If specified, the listed keys - will be projected into the specified - paths, and unlisted keys will - not be present. If a key is - specified which is not present - in the ConfigMap, the volume - setup will error unless it is - marked optional. Paths must - be relative and may not contain - the '..' path or start with - '..'. items: - description: Maps a string key - to a path within a volume. properties: key: - description: key is the - key to project. type: string mode: - description: 'mode is Optional: - mode bits used to set - permissions on this file. - Must be an octal value - between 0000 and 0777 - or a decimal value between - 0 and 511. YAML accepts - both octal and decimal - values, JSON requires - decimal values for mode - bits. If not specified, - the volume defaultMode - will be used. This might - be in conflict with other - options that affect the - file mode, like fsGroup, - and the result can be - other mode bits set.' format: int32 type: integer path: - description: path is the - relative path of the file - to map the key to. May - not be an absolute path. - May not contain the path - element '..'. May not - start with the string - '..'. type: string required: - key @@ -33568,217 +11276,67 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional specify - whether the ConfigMap or its - keys must be defined type: boolean type: object x-kubernetes-map-type: atomic csi: - description: csi (Container Storage - Interface) represents ephemeral - storage that is handled by certain - external CSI drivers (Beta feature). properties: driver: - description: driver is the name - of the CSI driver that handles - this volume. Consult with your - admin for the correct name as - registered in the cluster. type: string fsType: - description: fsType to mount. - Ex. "ext4", "xfs", "ntfs". If - not provided, the empty value - is passed to the associated - CSI driver which will determine - the default filesystem to apply. type: string nodePublishSecretRef: - description: nodePublishSecretRef - is a reference to the secret - object containing sensitive - information to pass to the CSI - driver to complete the CSI NodePublishVolume - and NodeUnpublishVolume calls. - This field is optional, and may - be empty if no secret is required. - If the secret object contains - more than one secret, all secret - references are passed. properties: name: default: "" - description: 'Name of the - referent. This field is - effectively required, but - due to backwards compatibility - is allowed to be empty. - Instances of this type with - an empty value here are - almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic readOnly: - description: readOnly specifies - a read-only configuration for - the volume. Defaults to false - (read/write). type: boolean volumeAttributes: additionalProperties: type: string - description: volumeAttributes - stores driver-specific properties - that are passed to the CSI driver. - Consult your driver's documentation - for supported values. type: object required: - driver type: object downwardAPI: - description: downwardAPI represents - downward API about the pod that - should populate this volume properties: defaultMode: - description: 'Optional: mode bits - to use on created files by default. - Must be a Optional: mode bits - used to set permissions on created - files by default. Must be an - octal value between 0000 and - 0777 or a decimal value between - 0 and 511. YAML accepts both - octal and decimal values, JSON - requires decimal values for - mode bits. Defaults to 0644. - Directories within the path - are not affected by this setting. - This might be in conflict with - other options that affect the - file mode, like fsGroup, and - the result can be other mode - bits set.' format: int32 type: integer items: - description: Items is a list of - downward API volume file items: - description: DownwardAPIVolumeFile - represents information to - create the file containing - the pod field properties: fieldRef: - description: 'Required: - Selects a field of the - pod: only annotations, - labels, name, namespace - and uid are supported.' properties: apiVersion: - description: Version - of the schema the - FieldPath is written - in terms of, defaults - to "v1". type: string fieldPath: - description: Path of - the field to select - in the specified API - version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: - mode bits used to set - permissions on this file, - must be an octal value - between 0000 and 0777 - or a decimal value between - 0 and 511. YAML accepts - both octal and decimal - values, JSON requires - decimal values for mode - bits. If not specified, - the volume defaultMode - will be used. This might - be in conflict with other - options that affect the - file mode, like fsGroup, - and the result can be - other mode bits set.' format: int32 type: integer path: - description: 'Required: - Path is the relative - path name of the file - to be created. Must not - be absolute or contain - the ''..'' path. Must - be utf-8 encoded. The - first item of the relative - path must not start with - ''..''' type: string resourceFieldRef: - description: 'Selects a - resource of the container: - only resources limits - and requests (limits.cpu, - limits.memory, requests.cpu - and requests.memory) are - currently supported.' properties: containerName: - description: 'Container - name: required for - volumes, optional - for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies - the output format - of the exposed resources, - defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: - resource to select' type: string required: - resource @@ -33791,294 +11349,50 @@ spec: x-kubernetes-list-type: atomic type: object emptyDir: - description: 'emptyDir represents - a temporary directory that shares - a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' properties: medium: - description: 'medium represents - what type of storage medium - should back this directory. - The default is "" which means - to use the node''s default medium. - Must be an empty string (default) - or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: anyOf: - type: integer - type: string - description: 'sizeLimit is the - total amount of local storage - required for this EmptyDir volume. - The size limit is also applicable - for memory medium. The maximum - usage on memory medium EmptyDir - would be the minimum value between - the SizeLimit specified here - and the sum of memory limits - of all containers in a pod. - The default is nil which means - that the limit is undefined. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object ephemeral: - description: "ephemeral represents - a volume that is handled by a cluster - storage driver. The volume's lifecycle - is tied to the pod that defines - it - it will be created before the - pod starts, and deleted when the - pod is removed. \n Use this if: - a) the volume is only needed while - the pod runs, b) features of normal - volumes like restoring from snapshot - or capacity tracking are needed, - c) the storage driver is specified - through a storage class, and d) - the storage driver supports dynamic - volume provisioning through a PersistentVolumeClaim - (see EphemeralVolumeSource for more - information on the connection between - this volume type and PersistentVolumeClaim). - \n Use PersistentVolumeClaim or - one of the vendor-specific APIs - for volumes that persist for longer - than the lifecycle of an individual - pod. \n Use CSI for light-weight - local ephemeral volumes if the CSI - driver is meant to be used that - way - see the documentation of the - driver for more information. \n - A pod can use both types of ephemeral - volumes and persistent volumes at - the same time." properties: volumeClaimTemplate: - description: "Will be used to - create a stand-alone PVC to - provision the volume. The pod - in which this EphemeralVolumeSource - is embedded will be the owner - of the PVC, i.e. the PVC will - be deleted together with the - pod. The name of the PVC will - be `-` - where `` is the - name from the `PodSpec.Volumes` - array entry. Pod validation - will reject the pod if the concatenated - name is not valid for a PVC - (for example, too long). \n - An existing PVC with that name - that is not owned by the pod - will *not* be used for the pod - to avoid using an unrelated - volume by mistake. Starting - the pod is then blocked until - the unrelated PVC is removed. - If such a pre-created PVC is - meant to be used by the pod, - the PVC has to updated with - an owner reference to the pod - once the pod exists. Normally - this should not be necessary, - but it may be useful when manually - reconstructing a broken cluster. - \n This field is read-only and - no changes will be made by Kubernetes - to the PVC after it has been - created. \n Required, must not - be nil." properties: metadata: - description: May contain labels - and annotations that will - be copied into the PVC when - creating it. No other fields - are allowed and will be - rejected during validation. properties: annotations: additionalProperties: type: string - description: 'Annotations - is an unstructured key - value map stored with - a resource that may - be set by external tools - to store and retrieve - arbitrary metadata. - They are not queryable - and should be preserved - when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations' type: object generateName: - description: "GenerateName - is an optional prefix, - used by the server, - to generate a unique - name ONLY IF the Name - field has not been provided. - If this field is used, - the name returned to - the client will be different - than the name passed. - This value will also - be combined with a unique - suffix. The provided - value has the same validation - rules as the Name field, - and may be truncated - by the length of the - suffix required to make - the value unique on - the server. \n If this - field is specified and - the generated name exists, - the server will NOT - return a 409 - instead, - it will either return - 201 Created or 500 with - Reason ServerTimeout - indicating a unique - name could not be found - in the time allotted, - and the client should - retry (optionally after - the time indicated in - the Retry-After header). - \n Applied only if Name - is not specified. More - info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" type: string labels: additionalProperties: type: string - description: 'Map of string - keys and values that - can be used to organize - and categorize (scope - and select) objects. - May match selectors - of replication controllers - and services. More info: - http://kubernetes.io/docs/user-guide/labels' type: object name: - description: 'Name must - be unique within a namespace. - Is required when creating - resources, although - some resources may allow - a client to request - the generation of an - appropriate name automatically. - Name is primarily intended - for creation idempotence - and configuration definition. - Cannot be updated. More - info: http://kubernetes.io/docs/user-guide/identifiers#names' type: string namespace: - description: "Namespace - defines the space within - each name must be unique. - An empty namespace is - equivalent to the \"default\" - namespace, but \"default\" - is the canonical representation. - Not all objects are - required to be scoped - to a namespace - the - value of this field - for those objects will - be empty. \n Must be - a DNS_LABEL. Cannot - be updated. More info: - http://kubernetes.io/docs/user-guide/namespaces" type: string ownerReferences: - description: List of objects - depended by this object. - If ALL objects in the - list have been deleted, - this object will be - garbage collected. If - this object is managed - by a controller, then - an entry in this list - will point to this controller, - with the controller - field set to true. There - cannot be more than - one managing controller. items: - description: OwnerReference - contains enough information - to let you identify - an owning object. - An owning object must - be in the same namespace - as the dependent, - or be cluster-scoped, - so there is no namespace - field. properties: apiVersion: - description: API - version of the - referent. type: string blockOwnerDeletion: - description: If - true, AND if the - owner has the - "foregroundDeletion" - finalizer, then - the owner cannot - be deleted from - the key-value - store until this - reference is removed. - See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion - for how the garbage - collector interacts - with this field - and enforces the - foreground deletion. - Defaults to false. - To set this field, - a user needs "delete" - permission of - the owner, otherwise - 422 (Unprocessable - Entity) will be - returned. type: boolean controller: - description: If - true, this reference - points to the - managing controller. type: boolean kind: - description: 'Kind - of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string name: - description: 'Name - of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: - description: 'UID - of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -34090,73 +11404,19 @@ spec: type: array type: object spec: - description: The specification - for the PersistentVolumeClaim. - The entire content is copied - unchanged into the PVC that - gets created from this template. - The same fields as in a - PersistentVolumeClaim are - also valid here. properties: accessModes: - description: 'accessModes - contains the desired - access modes the volume - should have. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array x-kubernetes-list-type: atomic dataSource: - description: 'dataSource - field can be used to - specify either: * An - existing VolumeSnapshot - object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or - an external controller - can support the specified - data source, it will - create a new volume - based on the contents - of the specified data - source. When the AnyVolumeDataSource - feature gate is enabled, - dataSource contents - will be copied to dataSourceRef, - and dataSourceRef contents - will be copied to dataSource - when dataSourceRef.namespace - is not specified. If - the namespace is specified, - then dataSourceRef will - not be copied to dataSource.' properties: apiGroup: - description: APIGroup - is the group for - the resource being - referenced. If APIGroup - is not specified, - the specified Kind - must be in the core - API group. For any - other third-party - types, APIGroup - is required. type: string kind: - description: Kind - is the type of resource - being referenced type: string name: - description: Name - is the name of resource - being referenced type: string required: - kind @@ -34164,134 +11424,20 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef - specifies the object - from which to populate - the volume with data, - if a non-empty volume - is desired. This may - be any object from a - non-empty API group - (non core object) or - a PersistentVolumeClaim - object. When this field - is specified, volume - binding will only succeed - if the type of the specified - object matches some - installed volume populator - or dynamic provisioner. - This field will replace - the functionality of - the dataSource field - and as such if both - fields are non-empty, - they must have the same - value. For backwards - compatibility, when - namespace isn''t specified - in dataSourceRef, both - fields (dataSource and - dataSourceRef) will - be set to the same value - automatically if one - of them is empty and - the other is non-empty. - When namespace is specified - in dataSourceRef, dataSource - isn''t set to the same - value and must be empty. - There are three important - differences between - dataSource and dataSourceRef: - * While dataSource only - allows two specific - types of objects, dataSourceRef - allows any non-core - object, as well as PersistentVolumeClaim - objects. * While dataSource - ignores disallowed values - (dropping them), dataSourceRef - preserves all values, - and generates an error - if a disallowed value - is specified. * While - dataSource only allows - local objects, dataSourceRef - allows objects in any - namespaces. (Beta) Using - this field requires - the AnyVolumeDataSource - feature gate to be enabled. - (Alpha) Using the namespace - field of dataSourceRef - requires the CrossNamespaceVolumeDataSource - feature gate to be enabled.' properties: apiGroup: - description: APIGroup - is the group for - the resource being - referenced. If APIGroup - is not specified, - the specified Kind - must be in the core - API group. For any - other third-party - types, APIGroup - is required. type: string kind: - description: Kind - is the type of resource - being referenced type: string name: - description: Name - is the name of resource - being referenced type: string namespace: - description: Namespace - is the namespace - of resource being - referenced Note - that when a namespace - is specified, a - gateway.networking.k8s.io/ReferenceGrant - object is required - in the referent - namespace to allow - that namespace's - owner to accept - the reference. See - the ReferenceGrant - documentation for - details. (Alpha) - This field requires - the CrossNamespaceVolumeDataSource - feature gate to - be enabled. type: string required: - kind - name type: object resources: - description: 'resources - represents the minimum - resources the volume - should have. If RecoverVolumeExpansionFailure - feature is enabled users - are allowed to specify - resource requirements - that are lower than - previous value but must - still be higher than - capacity recorded in - the status field of - the claim. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: @@ -34300,11 +11446,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits - describes the maximum - amount of compute - resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -34313,81 +11454,18 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests - describes the minimum - amount of compute - resources required. - If Requests is omitted - for a container, - it defaults to Limits - if that is explicitly - specified, otherwise - to an implementation-defined - value. Requests - cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: - description: selector - is a label query over - volumes to consider - for binding. properties: matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements - are ANDed. items: - description: A label - selector requirement - is a selector - that contains - values, a key, - and an operator - that relates the - key and values. properties: key: - description: key - is the label - key that the - selector applies - to. type: string operator: - description: operator - represents - a key's relationship - to a set of - values. Valid - operators - are In, NotIn, - Exists and - DoesNotExist. type: string values: - description: values - is an array - of string - values. If - the operator - is In or NotIn, - the values - array must - be non-empty. - If the operator - is Exists - or DoesNotExist, - the values - array must - be empty. - This array - is replaced - during a strategic - merge patch. items: type: string type: array @@ -34401,84 +11479,16 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single - {key,value} in the - matchLabels map - is equivalent to - an element of matchExpressions, - whose key field - is "key", the operator - is "In", and the - values array contains - only "value". The - requirements are - ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName - is the name of the StorageClass - required by the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeAttributesClassName: - description: 'volumeAttributesClassName - may be used to set the - VolumeAttributesClass - used by this claim. - If specified, the CSI - driver will create or - update the volume with - the attributes defined - in the corresponding - VolumeAttributesClass. - This has a different - purpose than storageClassName, - it can be changed after - the claim is created. - An empty string value - means that no VolumeAttributesClass - will be applied to the - claim but it''s not - allowed to reset this - field to empty string - once it is set. If unspecified - and the PersistentVolumeClaim - is unbound, the default - VolumeAttributesClass - will be set by the persistentvolume - controller if it exists. - If the resource referred - to by volumeAttributesClass - does not exist, this - PersistentVolumeClaim - will be set to a Pending - state, as reflected - by the modifyVolumeStatus - field, until such as - a resource exists. More - info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field - requires the VolumeAttributesClass - feature gate to be enabled.' type: string volumeMode: - description: volumeMode - defines what type of - volume is required by - the claim. Value of - Filesystem is implied - when not included in - claim spec. type: string volumeName: - description: volumeName - is the binding reference - to the PersistentVolume - backing this claim. type: string type: object required: @@ -34486,109 +11496,41 @@ spec: type: object type: object fc: - description: fc represents a Fibre - Channel resource that is attached - to a kubelet's host machine and - then exposed to the pod. properties: fsType: - description: 'fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. TODO: how do - we prevent errors in the filesystem - from compromising the machine' type: string lun: - description: 'lun is Optional: - FC target lun number' format: int32 type: integer readOnly: - description: 'readOnly is Optional: - Defaults to false (read/write). - ReadOnly here will force the - ReadOnly setting in VolumeMounts.' type: boolean targetWWNs: - description: 'targetWWNs is Optional: - FC target worldwide names (WWNs)' items: type: string type: array x-kubernetes-list-type: atomic wwids: - description: 'wwids Optional: - FC volume world wide identifiers - (wwids) Either wwids or combination - of targetWWNs and lun must be - set, but not both simultaneously.' items: type: string type: array x-kubernetes-list-type: atomic type: object flexVolume: - description: flexVolume represents - a generic volume resource that is - provisioned/attached using an exec - based plugin. properties: driver: - description: driver is the name - of the driver to use for this - volume. type: string fsType: - description: fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - The default filesystem depends - on FlexVolume script. type: string options: additionalProperties: type: string - description: 'options is Optional: - this field holds extra command - options if any.' type: object readOnly: - description: 'readOnly is Optional: - defaults to false (read/write). - ReadOnly here will force the - ReadOnly setting in VolumeMounts.' type: boolean secretRef: - description: 'secretRef is Optional: - secretRef is reference to the - secret object containing sensitive - information to pass to the plugin - scripts. This may be empty if - no secret object is specified. - If the secret object contains - more than one secret, all secrets - are passed to the plugin scripts.' properties: name: default: "" - description: 'Name of the - referent. This field is - effectively required, but - due to backwards compatibility - is allowed to be empty. - Instances of this type with - an empty value here are - almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic @@ -34596,229 +11538,79 @@ spec: - driver type: object flocker: - description: flocker represents a - Flocker volume attached to a kubelet's - host machine. This depends on the - Flocker control service being running properties: datasetName: - description: datasetName is Name - of the dataset stored as metadata - -> name on the dataset for Flocker - should be considered as deprecated type: string datasetUUID: - description: datasetUUID is the - UUID of the dataset. This is - unique identifier of a Flocker - dataset type: string type: object gcePersistentDisk: - description: 'gcePersistentDisk represents - a GCE Disk resource that is attached - to a kubelet''s host machine and - then exposed to the pod. More info: - https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' properties: fsType: - description: 'fsType is filesystem - type of the volume that you - want to mount. Tip: Ensure that - the filesystem type is supported - by the host operating system. - Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors - in the filesystem from compromising - the machine' type: string partition: - description: 'partition is the - partition in the volume that - you want to mount. If omitted, - the default is to mount by volume - name. Examples: For volume /dev/sda1, - you specify the partition as - "1". Similarly, the volume partition - for /dev/sda is "0" (or you - can leave the property empty). - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' format: int32 type: integer pdName: - description: 'pdName is unique - name of the PD resource in GCE. - Used to identify the disk in - GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: string readOnly: - description: 'readOnly here will - force the ReadOnly setting in - VolumeMounts. Defaults to false. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: boolean required: - pdName type: object glusterfs: - description: 'glusterfs represents - a Glusterfs mount on the host that - shares a pod''s lifetime. More info: - https://examples.k8s.io/volumes/glusterfs/README.md' properties: endpoints: - description: 'endpoints is the - endpoint name that details Glusterfs - topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string path: - description: 'path is the Glusterfs - volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string readOnly: - description: 'readOnly here will - force the Glusterfs volume to - be mounted with read-only permissions. - Defaults to false. More info: - https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: boolean required: - endpoints - path type: object hostPath: - description: 'hostPath represents - a pre-existing file or directory - on the host machine that is directly - exposed to the container. This is - generally used for system agents - or other privileged things that - are allowed to see the host machine. - Most containers will NOT need this. - More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict - who can use host directory mounts - and who can/can not mount host directories - as read/write.' properties: path: - description: 'path of the directory - on the host. If the path is - a symlink, it will follow the - link to the real path. More - info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string type: - description: 'type for HostPath - Volume Defaults to "" More info: - https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string required: - path type: object iscsi: - description: 'iscsi represents an - ISCSI Disk resource that is attached - to a kubelet''s host machine and - then exposed to the pod. More info: - https://examples.k8s.io/volumes/iscsi/README.md' properties: chapAuthDiscovery: - description: chapAuthDiscovery - defines whether support iSCSI - Discovery CHAP authentication type: boolean chapAuthSession: - description: chapAuthSession defines - whether support iSCSI Session - CHAP authentication type: boolean fsType: - description: 'fsType is the filesystem - type of the volume that you - want to mount. Tip: Ensure that - the filesystem type is supported - by the host operating system. - Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors - in the filesystem from compromising - the machine' type: string initiatorName: - description: initiatorName is - the custom iSCSI Initiator Name. - If initiatorName is specified - with iscsiInterface simultaneously, - new iSCSI interface : will be - created for the connection. type: string iqn: - description: iqn is the target - iSCSI Qualified Name. type: string iscsiInterface: - description: iscsiInterface is - the interface Name that uses - an iSCSI transport. Defaults - to 'default' (tcp). type: string lun: - description: lun represents iSCSI - Target Lun number. format: int32 type: integer portals: - description: portals is the iSCSI - Target Portal List. The portal - is either an IP or ip_addr:port - if the port is other than default - (typically TCP ports 860 and - 3260). items: type: string type: array x-kubernetes-list-type: atomic readOnly: - description: readOnly here will - force the ReadOnly setting in - VolumeMounts. Defaults to false. type: boolean secretRef: - description: secretRef is the - CHAP Secret for iSCSI target - and initiator authentication properties: name: default: "" - description: 'Name of the - referent. This field is - effectively required, but - due to backwards compatibility - is allowed to be empty. - Instances of this type with - an empty value here are - almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic targetPortal: - description: targetPortal is iSCSI - Target Portal. The Portal is - either an IP or ip_addr:port - if the port is other than default - (typically TCP ports 860 and - 3260). type: string required: - iqn @@ -34826,235 +11618,68 @@ spec: - targetPortal type: object name: - description: 'name of the volume. - Must be a DNS_LABEL and unique within - the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string nfs: - description: 'nfs represents an NFS - mount on the host that shares a - pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' properties: path: - description: 'path that is exported - by the NFS server. More info: - https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string readOnly: - description: 'readOnly here will - force the NFS export to be mounted - with read-only permissions. - Defaults to false. More info: - https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: boolean server: - description: 'server is the hostname - or IP address of the NFS server. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string required: - path - server type: object persistentVolumeClaim: - description: 'persistentVolumeClaimVolumeSource - represents a reference to a PersistentVolumeClaim - in the same namespace. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: claimName: - description: 'claimName is the - name of a PersistentVolumeClaim - in the same namespace as the - pod using this volume. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' type: string readOnly: - description: readOnly Will force - the ReadOnly setting in VolumeMounts. - Default false. type: boolean required: - claimName type: object photonPersistentDisk: - description: photonPersistentDisk - represents a PhotonController persistent - disk attached and mounted on kubelets - host machine properties: fsType: - description: fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. type: string pdID: - description: pdID is the ID that - identifies Photon Controller - persistent disk type: string required: - pdID type: object portworxVolume: - description: portworxVolume represents - a portworx volume attached and mounted - on kubelets host machine properties: fsType: - description: fSType represents - the filesystem type to mount - Must be a filesystem type supported - by the host operating system. - Ex. "ext4", "xfs". Implicitly - inferred to be "ext4" if unspecified. type: string readOnly: - description: readOnly defaults - to false (read/write). ReadOnly - here will force the ReadOnly - setting in VolumeMounts. type: boolean volumeID: - description: volumeID uniquely - identifies a Portworx volume type: string required: - volumeID type: object projected: - description: projected items for all - in one resources secrets, configmaps, - and downward API properties: defaultMode: - description: defaultMode are the - mode bits used to set permissions - on created files by default. - Must be an octal value between - 0000 and 0777 or a decimal value - between 0 and 511. YAML accepts - both octal and decimal values, - JSON requires decimal values - for mode bits. Directories within - the path are not affected by - this setting. This might be - in conflict with other options - that affect the file mode, like - fsGroup, and the result can - be other mode bits set. format: int32 type: integer sources: - description: sources is the list - of volume projections items: - description: Projection that - may be projected along with - other supported volume types properties: clusterTrustBundle: - description: "ClusterTrustBundle - allows a pod to access - the `.spec.trustBundle` - field of ClusterTrustBundle - objects in an auto-updating - file. \n Alpha, gated - by the ClusterTrustBundleProjection - feature gate. \n ClusterTrustBundle - objects can either be - selected by name, or by - the combination of signer - name and a label selector. - \n Kubelet performs aggressive - normalization of the PEM - contents written into - the pod filesystem. Esoteric - PEM features such as inter-block - comments and block headers - are stripped. Certificates - are deduplicated. The - ordering of certificates - within the file is arbitrary, - and Kubelet may change - the order over time." properties: labelSelector: - description: Select - all ClusterTrustBundles - that match this label - selector. Only has - effect if signerName - is set. Mutually-exclusive - with name. If unset, - interpreted as "match - nothing". If set - but empty, interpreted - as "match everything". properties: matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements - are ANDed. items: - description: A - label selector - requirement - is a selector - that contains - values, a key, - and an operator - that relates - the key and - values. properties: key: - description: key - is the label - key that - the selector - applies - to. type: string operator: - description: operator - represents - a key's - relationship - to a set - of values. - Valid operators - are In, - NotIn, Exists - and DoesNotExist. type: string values: - description: values - is an array - of string - values. - If the operator - is In or - NotIn, the - values array - must be - non-empty. - If the operator - is Exists - or DoesNotExist, - the values - array must - be empty. - This array - is replaced - during a - strategic - merge patch. items: type: string type: array @@ -35068,153 +11693,31 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single - {key,value} in - the matchLabels - map is equivalent - to an element - of matchExpressions, - whose key field - is "key", the - operator is "In", - and the values - array contains - only "value". - The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic name: - description: Select - a single ClusterTrustBundle - by object name. Mutually-exclusive - with signerName and - labelSelector. type: string optional: - description: If true, - don't block pod startup - if the referenced - ClusterTrustBundle(s) - aren't available. If - using name, then the - named ClusterTrustBundle - is allowed not to - exist. If using signerName, - then the combination - of signerName and - labelSelector is allowed - to match zero ClusterTrustBundles. type: boolean path: - description: Relative - path from the volume - root to write the - bundle. type: string signerName: - description: Select - all ClusterTrustBundles - that match this signer - name. Mutually-exclusive - with name. The contents - of all selected ClusterTrustBundles - will be unified and - deduplicated. type: string required: - path type: object configMap: - description: configMap information - about the configMap data - to project properties: items: - description: items if - unspecified, each - key-value pair in - the Data field of - the referenced ConfigMap - will be projected - into the volume as - a file whose name - is the key and content - is the value. If specified, - the listed keys will - be projected into - the specified paths, - and unlisted keys - will not be present. - If a key is specified - which is not present - in the ConfigMap, - the volume setup will - error unless it is - marked optional. Paths - must be relative and - may not contain the - '..' path or start - with '..'. items: - description: Maps - a string key to - a path within a - volume. properties: key: - description: key - is the key to - project. type: string mode: - description: 'mode - is Optional: - mode bits used - to set permissions - on this file. - Must be an octal - value between - 0000 and 0777 - or a decimal - value between - 0 and 511. YAML - accepts both - octal and decimal - values, JSON - requires decimal - values for mode - bits. If not - specified, the - volume defaultMode - will be used. - This might be - in conflict - with other options - that affect - the file mode, - like fsGroup, - and the result - can be other - mode bits set.' format: int32 type: integer path: - description: path - is the relative - path of the - file to map - the key to. - May not be an - absolute path. - May not contain - the path element - '..'. May not - start with the - string '..'. type: string required: - key @@ -35224,162 +11727,42 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of - the referent. This - field is effectively - required, but due - to backwards compatibility - is allowed to be empty. - Instances of this - type with an empty - value here are almost - certainly wrong. TODO: - Add other useful fields. - apiVersion, kind, - uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional - specify whether the - ConfigMap or its keys - must be defined type: boolean type: object x-kubernetes-map-type: atomic downwardAPI: - description: downwardAPI - information about the - downwardAPI data to project properties: items: - description: Items is - a list of DownwardAPIVolume - file items: - description: DownwardAPIVolumeFile - represents information - to create the file - containing the pod - field properties: fieldRef: - description: 'Required: - Selects a field - of the pod: - only annotations, - labels, name, - namespace and - uid are supported.' properties: apiVersion: - description: Version - of the schema - the FieldPath - is written - in terms - of, defaults - to "v1". type: string fieldPath: - description: Path - of the field - to select - in the specified - API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: - mode bits used - to set permissions - on this file, - must be an octal - value between - 0000 and 0777 - or a decimal - value between - 0 and 511. YAML - accepts both - octal and decimal - values, JSON - requires decimal - values for mode - bits. If not - specified, the - volume defaultMode - will be used. - This might be - in conflict - with other options - that affect - the file mode, - like fsGroup, - and the result - can be other - mode bits set.' format: int32 type: integer path: - description: 'Required: - Path is the - relative path - name of the - file to be created. - Must not be - absolute or - contain the - ''..'' path. - Must be utf-8 - encoded. The - first item of - the relative - path must not - start with ''..''' type: string resourceFieldRef: - description: 'Selects - a resource of - the container: - only resources - limits and requests - (limits.cpu, - limits.memory, - requests.cpu - and requests.memory) - are currently - supported.' properties: containerName: - description: 'Container - name: required - for volumes, - optional - for env - vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies - the output - format of - the exposed - resources, - defaults - to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: - resource - to select' type: string required: - resource @@ -35392,92 +11775,16 @@ spec: x-kubernetes-list-type: atomic type: object secret: - description: secret information - about the secret data - to project properties: items: - description: items if - unspecified, each - key-value pair in - the Data field of - the referenced Secret - will be projected - into the volume as - a file whose name - is the key and content - is the value. If specified, - the listed keys will - be projected into - the specified paths, - and unlisted keys - will not be present. - If a key is specified - which is not present - in the Secret, the - volume setup will - error unless it is - marked optional. Paths - must be relative and - may not contain the - '..' path or start - with '..'. items: - description: Maps - a string key to - a path within a - volume. properties: key: - description: key - is the key to - project. type: string mode: - description: 'mode - is Optional: - mode bits used - to set permissions - on this file. - Must be an octal - value between - 0000 and 0777 - or a decimal - value between - 0 and 511. YAML - accepts both - octal and decimal - values, JSON - requires decimal - values for mode - bits. If not - specified, the - volume defaultMode - will be used. - This might be - in conflict - with other options - that affect - the file mode, - like fsGroup, - and the result - can be other - mode bits set.' format: int32 type: integer path: - description: path - is the relative - path of the - file to map - the key to. - May not be an - absolute path. - May not contain - the path element - '..'. May not - start with the - string '..'. type: string required: - key @@ -35487,78 +11794,19 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of - the referent. This - field is effectively - required, but due - to backwards compatibility - is allowed to be empty. - Instances of this - type with an empty - value here are almost - certainly wrong. TODO: - Add other useful fields. - apiVersion, kind, - uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional - field specify whether - the Secret or its - key must be defined type: boolean type: object x-kubernetes-map-type: atomic serviceAccountToken: - description: serviceAccountToken - is information about the - serviceAccountToken data - to project properties: audience: - description: audience - is the intended audience - of the token. A recipient - of a token must identify - itself with an identifier - specified in the audience - of the token, and - otherwise should reject - the token. The audience - defaults to the identifier - of the apiserver. type: string expirationSeconds: - description: expirationSeconds - is the requested duration - of validity of the - service account token. - As the token approaches - expiration, the kubelet - volume plugin will - proactively rotate - the service account - token. The kubelet - will start trying - to rotate the token - if the token is older - than 80 percent of - its time to live or - if the token is older - than 24 hours.Defaults - to 1 hour and must - be at least 10 minutes. format: int64 type: integer path: - description: path is - the path relative - to the mount point - of the file to project - the token into. type: string required: - path @@ -35568,214 +11816,79 @@ spec: x-kubernetes-list-type: atomic type: object quobyte: - description: quobyte represents a - Quobyte mount on the host that shares - a pod's lifetime properties: group: - description: group to map volume - access to Default is no group type: string readOnly: - description: readOnly here will - force the Quobyte volume to - be mounted with read-only permissions. - Defaults to false. type: boolean registry: - description: registry represents - a single or multiple Quobyte - Registry services specified - as a string as host:port pair - (multiple entries are separated - with commas) which acts as the - central registry for volumes type: string tenant: - description: tenant owning the - given Quobyte volume in the - Backend Used with dynamically - provisioned Quobyte volumes, - value is set by the plugin type: string user: - description: user to map volume - access to Defaults to serivceaccount - user type: string volume: - description: volume is a string - that references an already created - Quobyte volume by name. type: string required: - registry - volume type: object rbd: - description: 'rbd represents a Rados - Block Device mount on the host that - shares a pod''s lifetime. More info: - https://examples.k8s.io/volumes/rbd/README.md' properties: fsType: - description: 'fsType is the filesystem - type of the volume that you - want to mount. Tip: Ensure that - the filesystem type is supported - by the host operating system. - Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors - in the filesystem from compromising - the machine' type: string image: - description: 'image is the rados - image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string keyring: - description: 'keyring is the path - to key ring for RBDUser. Default - is /etc/ceph/keyring. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string monitors: - description: 'monitors is a collection - of Ceph monitors. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' items: type: string type: array x-kubernetes-list-type: atomic pool: - description: 'pool is the rados - pool name. Default is rbd. More - info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string readOnly: - description: 'readOnly here will - force the ReadOnly setting in - VolumeMounts. Defaults to false. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: boolean secretRef: - description: 'secretRef is name - of the authentication secret - for RBDUser. If provided overrides - keyring. Default is nil. More - info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' properties: name: default: "" - description: 'Name of the - referent. This field is - effectively required, but - due to backwards compatibility - is allowed to be empty. - Instances of this type with - an empty value here are - almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is the rados - user name. Default is admin. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string required: - image - monitors type: object scaleIO: - description: scaleIO represents a - ScaleIO persistent volume attached - and mounted on Kubernetes nodes. properties: fsType: - description: fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Default is "xfs". type: string gateway: - description: gateway is the host - address of the ScaleIO API Gateway. type: string protectionDomain: - description: protectionDomain - is the name of the ScaleIO Protection - Domain for the configured storage. type: string readOnly: - description: readOnly Defaults - to false (read/write). ReadOnly - here will force the ReadOnly - setting in VolumeMounts. type: boolean secretRef: - description: secretRef references - to the secret for ScaleIO user - and other sensitive information. - If this is not provided, Login - operation will fail. properties: name: default: "" - description: 'Name of the - referent. This field is - effectively required, but - due to backwards compatibility - is allowed to be empty. - Instances of this type with - an empty value here are - almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic sslEnabled: - description: sslEnabled Flag enable/disable - SSL communication with Gateway, - default false type: boolean storageMode: - description: storageMode indicates - whether the storage for a volume - should be ThickProvisioned or - ThinProvisioned. Default is - ThinProvisioned. type: string storagePool: - description: storagePool is the - ScaleIO Storage Pool associated - with the protection domain. type: string system: - description: system is the name - of the storage system as configured - in ScaleIO. type: string volumeName: - description: volumeName is the - name of a volume already created - in the ScaleIO system that is - associated with this volume - source. type: string required: - gateway @@ -35783,84 +11896,19 @@ spec: - system type: object secret: - description: 'secret represents a - secret that should populate this - volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' properties: defaultMode: - description: 'defaultMode is Optional: - mode bits used to set permissions - on created files by default. - Must be an octal value between - 0000 and 0777 or a decimal value - between 0 and 511. YAML accepts - both octal and decimal values, - JSON requires decimal values - for mode bits. Defaults to 0644. - Directories within the path - are not affected by this setting. - This might be in conflict with - other options that affect the - file mode, like fsGroup, and - the result can be other mode - bits set.' format: int32 type: integer items: - description: items If unspecified, - each key-value pair in the Data - field of the referenced Secret - will be projected into the volume - as a file whose name is the - key and content is the value. - If specified, the listed keys - will be projected into the specified - paths, and unlisted keys will - not be present. If a key is - specified which is not present - in the Secret, the volume setup - will error unless it is marked - optional. Paths must be relative - and may not contain the '..' - path or start with '..'. items: - description: Maps a string key - to a path within a volume. properties: key: - description: key is the - key to project. type: string mode: - description: 'mode is Optional: - mode bits used to set - permissions on this file. - Must be an octal value - between 0000 and 0777 - or a decimal value between - 0 and 511. YAML accepts - both octal and decimal - values, JSON requires - decimal values for mode - bits. If not specified, - the volume defaultMode - will be used. This might - be in conflict with other - options that affect the - file mode, like fsGroup, - and the result can be - other mode bits set.' format: int32 type: integer path: - description: path is the - relative path of the file - to map the key to. May - not be an absolute path. - May not contain the path - element '..'. May not - start with the string - '..'. type: string required: - key @@ -35869,113 +11917,37 @@ spec: type: array x-kubernetes-list-type: atomic optional: - description: optional field specify - whether the Secret or its keys - must be defined type: boolean secretName: - description: 'secretName is the - name of the secret in the pod''s - namespace to use. More info: - https://kubernetes.io/docs/concepts/storage/volumes#secret' type: string type: object storageos: - description: storageOS represents - a StorageOS volume attached and - mounted on Kubernetes nodes. properties: fsType: - description: fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. type: string readOnly: - description: readOnly defaults - to false (read/write). ReadOnly - here will force the ReadOnly - setting in VolumeMounts. type: boolean secretRef: - description: secretRef specifies - the secret to use for obtaining - the StorageOS API credentials. If - not specified, default values - will be attempted. properties: name: default: "" - description: 'Name of the - referent. This field is - effectively required, but - due to backwards compatibility - is allowed to be empty. - Instances of this type with - an empty value here are - almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic volumeName: - description: volumeName is the - human-readable name of the StorageOS - volume. Volume names are only - unique within a namespace. type: string volumeNamespace: - description: volumeNamespace specifies - the scope of the volume within - StorageOS. If no namespace - is specified then the Pod's - namespace will be used. This - allows the Kubernetes name scoping - to be mirrored within StorageOS - for tighter integration. Set - VolumeName to any name to override - the default behaviour. Set to - "default" if you are not using - namespaces within StorageOS. - Namespaces that do not pre-exist - within StorageOS will be created. type: string type: object vsphereVolume: - description: vsphereVolume represents - a vSphere volume attached and mounted - on kubelets host machine properties: fsType: - description: fsType is filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. type: string storagePolicyID: - description: storagePolicyID is - the storage Policy Based Management - (SPBM) profile ID associated - with the StoragePolicyName. type: string storagePolicyName: - description: storagePolicyName - is the storage Policy Based - Management (SPBM) profile name. type: string volumePath: - description: volumePath is the - path that identifies vSphere - volume vmdk type: string required: - volumePath @@ -35986,145 +11958,61 @@ spec: type: array type: object variables: - description: Variables specifies a list of variables - and their sources that will be used to resolve - the task. items: - description: EnvVar represents an environment - variable present in a Container. properties: name: - description: Name of the environment variable. - Must be a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) - are expanded using the previously defined - environment variables in the container - and any service environment variables. - If a variable cannot be resolved, the - reference in the input string will be - unchanged. Double $$ are reduced to - a single $, which allows for escaping - the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" - will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, - regardless of whether the variable exists - or not. Defaults to "".' type: string valueFrom: - description: Source for the environment - variable's value. Cannot be used if - value is not empty. properties: configMapKeyRef: - description: Selects a key of a ConfigMap. properties: key: - description: The key to select. type: string name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the - ConfigMap or its key must be - defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of the - pod: supports metadata.name, metadata.namespace, - `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, status.podIPs.' properties: apiVersion: - description: Version of the schema - the FieldPath is written in - terms of, defaults to "v1". type: string fieldPath: - description: Path of the field - to select in the specified API - version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource of - the container: only resources limits - and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' properties: containerName: - description: 'Container name: - required for volumes, optional - for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output - format of the exposed resources, - defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource - to select' type: string required: - resource type: object x-kubernetes-map-type: atomic secretKeyRef: - description: Selects a key of a secret - in the pod's namespace properties: key: - description: The key of the secret - to select from. Must be a valid - secret key. type: string name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the - Secret or its key must be defined type: boolean required: - key @@ -36139,62 +12027,38 @@ spec: type: array type: object name: - description: Name points to the identifier of the target - that is being backed up. It should match the name used - as the identifier of a target in the `spec.targets` - section. type: string repositories: - description: Repositories specifies a list of repository - information where the backed up data will be stored. - KubeStash will create the respective Repository CRs - using this information. items: - description: RepositoryInfo specifies information about - the repository where the backed up data will be stored. - KubeStash will create the respective Repository CR - from this information. properties: backend: - description: Backend specifies the name of the backend - where this repository will be initialized. This - should point to a backend name specified in `.spec.backends` - section. For using a default backend, keep this - field empty. type: string + backupVerifier: + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object deletionPolicy: - description: DeletionPolicy specifies what to do - when you delete a Repository CR. enum: - Delete - WipeOut type: string directory: - description: Directory specifies the path inside - the backend where the backed up data will be stored. type: string encryptionSecret: - description: EncryptionSecret refers to the Secret - containing the encryption key which will be used - to encode/decode the backed up dta. You can refer - to a Secret of a different namespace. If you don't - provide the namespace field, KubeStash will look - for the Secret in the same namespace as the BackupConfiguration - / BackupBatch. properties: name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string required: - name type: object name: - description: Name specifies the name of the Repository type: string type: object type: array @@ -36203,98 +12067,62 @@ spec: type: object type: array targets: - description: Targets specifies a list of targets that are subject - to backup. items: - description: TargetReference specifies a reference to the target - that is subject to backup properties: appRef: - description: AppRef points to the target that is subject to - backup. The target should be in same namespace as the BackupBatch. properties: apiGroup: type: string kind: type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string required: - name type: object name: - description: Name specifies an identifier for this target. This - name will be used in the session to refer this target. type: string type: object type: array type: object status: - description: BackupBatchStatus defines the observed state of BackupBatch properties: backends: - description: Backends specifies whether the backends exist or not items: - description: BackendStatus specifies the status of the backends properties: name: - description: Name indicates the backend name type: string ready: - description: Ready indicates whether the respective BackupStorage - is ready or not type: boolean retentionPolicy: - description: RetentionPolicy indicates the status of the respective - RetentionPolicy properties: found: - description: Found indicates whether the RetentionPolicy - is Found or not type: boolean reason: - description: Reason specifies the error messages found while - checking the RetentionPolicy type: string ref: - description: Ref indicates the RetentionPolicy object reference. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string required: - name type: object type: object storage: - description: Storage indicates the status of the respective - BackupStorage properties: phase: - description: Phase indicates the current phase of the respective - BackupStorage. type: string reason: - description: Reason specifies the error messages found while - checking the BackupStorage phase type: string ref: - description: Ref indicates to the BackupStorage object. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string required: - name @@ -36303,50 +12131,23 @@ spec: type: object type: array conditions: - description: Conditions represents list of conditions regarding this - BackupConfiguration items: - description: Condition defines an observation of a object operational - state. properties: lastTransitionTime: - description: Last time the condition transitioned from one status - to another. This should be when the underlying condition changed. - If that is not known, then using the time when the API field - changed is acceptable. format: date-time type: string message: - description: A human-readable message indicating details about - the transition. This field may be empty. type: string observedGeneration: - description: If set, this represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.condition[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. format: int64 type: integer reason: - description: The reason for the condition's last transition - in CamelCase. The specific API may choose whether this field - is considered a guaranteed API. This field may not be empty. type: string severity: - description: Severity provides an explicit classification of - Reason code, so the users or machines can immediately understand - the current situation and act accordingly. The Severity field - MUST be set only when Status=False. type: string status: - description: Status of the condition, one of True, False, Unknown. type: string type: - description: Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources - like Available, but because arbitrary util can be useful (see - .node.status.util), the ability to deconflict is important. type: string required: - lastTransitionTime @@ -36355,113 +12156,65 @@ spec: type: object type: array dependencies: - description: Dependencies specifies whether the objects required by - this BackupConfiguration exist or not items: - description: ResourceFoundStatus specifies whether a resource was - found or not properties: apiGroup: type: string found: - description: Found indicates whether the resource was found - or not type: boolean kind: type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string required: - name type: object type: array phase: - description: Phase represents the current state of the Backup Invoker. enum: - NotReady - Ready - Invalid type: string repositories: - description: Repositories specifies whether the repositories have - been successfully initialized or not items: - description: RepoStatus specifies the status of a Repository properties: name: - description: Name indicate the name of the Repository type: string phase: - description: Ready indicates whether the respective Repository - is ready or not enum: - NotReady - Ready type: string reason: - description: Reason specifies the error messages found while - ensuring the respective Repository type: string + verificationConfigured: + type: boolean type: object type: array sessions: - description: Sessions specifies status of the session specific resources items: - description: SessionStatus specifies the status of a session specific - fields. properties: conditions: - description: Conditions specifies a list of conditions related - to this session items: - description: Condition defines an observation of a object - operational state. properties: lastTransitionTime: - description: Last time the condition transitioned from - one status to another. This should be when the underlying - condition changed. If that is not known, then using - the time when the API field changed is acceptable. format: date-time type: string message: - description: A human-readable message indicating details - about the transition. This field may be empty. type: string observedGeneration: - description: If set, this represents the .metadata.generation - that the condition was set based upon. For instance, - if .metadata.generation is currently 12, but the .status.condition[x].observedGeneration - is 9, the condition is out of date with respect to the - current state of the instance. format: int64 type: integer reason: - description: The reason for the condition's last transition - in CamelCase. The specific API may choose whether this - field is considered a guaranteed API. This field may - not be empty. type: string severity: - description: Severity provides an explicit classification - of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. type: string status: - description: Status of the condition, one of True, False, - Unknown. type: string type: - description: Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources - like Available, but because arbitrary util can be useful - (see .node.status.util), the ability to deconflict is - important. type: string required: - lastTransitionTime @@ -36470,34 +12223,23 @@ spec: type: object type: array name: - description: Name indicates the name of the session type: string nextSchedule: - description: NextSchedule specifies when the next backup will - execute for this session type: string type: object type: array targets: - description: Targets specifies whether the backup targets exist or - not items: - description: ResourceFoundStatus specifies whether a resource was - found or not properties: apiGroup: type: string found: - description: Found indicates whether the resource was found - or not type: boolean kind: type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string required: - name diff --git a/vendor/kubestash.dev/apimachinery/crds/core.kubestash.com_backupblueprints.yaml b/vendor/kubestash.dev/apimachinery/crds/core.kubestash.com_backupblueprints.yaml index f745accc..44c6d11d 100644 --- a/vendor/kubestash.dev/apimachinery/crds/core.kubestash.com_backupblueprints.yaml +++ b/vendor/kubestash.dev/apimachinery/crds/core.kubestash.com_backupblueprints.yaml @@ -25,79 +25,36 @@ spec: name: v1alpha1 schema: openAPIV3Schema: - description: BackupBlueprint lets you define a common template for taking - backup for all the similar applications. Then, you can just apply some annotations - in the targeted application to enable backup. KubeStash will automatically - resolve the template and create a BackupConfiguration for the targeted application. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: BackupBlueprintSpec defines the desired state of BackupBlueprint properties: backupConfigurationTemplate: - description: BackupConfigurationTemplate Specifies the BackupConfiguration - that will be created by BackupBlueprint. properties: backends: - description: "Backends specifies a list of storage references - where the backed up data will be stored. The respective BackupStorages - can be in a different namespace than the BackupConfiguration. - However, it must be allowed by the `usagePolicy` of the BackupStorage - to refer from this namespace. \n This field is optional, if - you don't provide any backend here, KubeStash will use the default - BackupStorage for the namespace. If a default BackupStorage - does not exist in the same namespace, then KubeStash will look - for a default BackupStorage in other namespaces that allows - using it from the BackupConfiguration namespace." items: - description: BackendReference specifies reference to a storage - where the backed up data will be stored. properties: name: - description: Name provides an identifier for this storage. type: string retentionPolicy: - description: RetentionPolicy refers to a RetentionPolicy - CRs which defines how to cleanup the old Snapshots. This - field is optional. If you don't provide this field, KubeStash - will use the default RetentionPolicy for the namespace. - If there is no default RetentionPolicy for the namespace, - then KubeStash will find a RetentionPolicy from other - namespaces that is allowed to use from the current namespace. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string required: - name type: object storageRef: - description: StorageRef refers to the CR that holds the - information of a storage. You can refer to the BackupStorage - CR of a different namespace as long as it is allowed by - the `usagePolicy` of the BackupStorage.` properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string required: - name @@ -105,166 +62,74 @@ spec: type: object type: array deletionPolicy: - description: DeletionPolicy specifies whether the BackupConfiguration - will be deleted on BackupBlueprint deletion This field is optional, - if you don't provide deletionPolicy, then BackupConfiguration - will not be deleted on BackupBlueprint deletion enum: - OnDelete type: string namespace: - description: Namespace specifies the namespace of the BackupConfiguration. - The field is optional. If you don't provide the namespace, then - BackupConfiguration will be created in the BackupBlueprint namespace. type: string sessions: - description: Sessions specifies a list of session template for - backup. You can use custom variables in your template then provide - the variable value through annotations. items: - description: Session specifies a backup session configuration - for the target properties: addon: - description: Addon specifies addon configuration that will - be used to backup the target. properties: containerRuntimeSettings: - description: ContainerRuntimeSettings specifies runtime - settings for the backup/restore executor container properties: env: - description: List of environment variables to set - in the container. Cannot be updated. items: - description: EnvVar represents an environment - variable present in a Container. properties: name: - description: Name of the environment variable. - Must be a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) - are expanded using the previously defined - environment variables in the container and - any service environment variables. If a - variable cannot be resolved, the reference - in the input string will be unchanged. Double - $$ are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal - "$(VAR_NAME)". Escaped references will never - be expanded, regardless of whether the variable - exists or not. Defaults to "".' type: string valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. properties: configMapKeyRef: - description: Selects a key of a ConfigMap. properties: key: - description: The key to select. type: string name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the ConfigMap - or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of the pod: - supports metadata.name, metadata.namespace, - `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, status.podIPs.' properties: apiVersion: - description: Version of the schema - the FieldPath is written in terms - of, defaults to "v1". type: string fieldPath: - description: Path of the field to - select in the specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource of the - container: only resources limits and - requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' properties: containerName: - description: 'Container name: required - for volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output - format of the exposed resources, - defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to - select' type: string required: - resource type: object x-kubernetes-map-type: atomic secretKeyRef: - description: Selects a key of a secret - in the pod's namespace properties: key: - description: The key of the secret - to select from. Must be a valid - secret key. type: string name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the Secret - or its key must be defined type: boolean required: - key @@ -276,74 +141,31 @@ spec: type: object type: array envFrom: - description: List of sources to populate environment - variables in the container. The keys defined within - a source must be a C_IDENTIFIER. All invalid keys - will be reported as an event when the container - is starting. When a key exists in multiple sources, - the value associated with the last source will - take precedence. Values defined by an Env with - a duplicate key will take precedence. Cannot be - updated. items: - description: EnvFromSource represents the source - of a set of ConfigMaps properties: configMapRef: - description: The ConfigMap to select from properties: name: default: "" - description: 'Name of the referent. This - field is effectively required, but due - to backwards compatibility is allowed - to be empty. Instances of this type - with an empty value here are almost - certainly wrong. TODO: Add other useful - fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the ConfigMap - must be defined type: boolean type: object x-kubernetes-map-type: atomic prefix: - description: An optional identifier to prepend - to each key in the ConfigMap. Must be a - C_IDENTIFIER. type: string secretRef: - description: The Secret to select from properties: name: default: "" - description: 'Name of the referent. This - field is effectively required, but due - to backwards compatibility is allowed - to be empty. Instances of this type - with an empty value here are almost - certainly wrong. TODO: Add other useful - fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the Secret - must be defined type: boolean type: object x-kubernetes-map-type: atomic type: object type: array ionice: - description: 'Settings to configure `ionice` to - throttle the load on disk. More info: http://kennystechtalk.blogspot.com/2015/04/throttling-cpu-usage-with-linux-cgroups.html - More info: https://oakbytes.wordpress.com/2012/06/06/linux-scheduler-cfs-and-nice/' properties: class: format: int32 @@ -353,68 +175,27 @@ spec: type: integer type: object lifecycle: - description: Actions that the management system - should take in response to container lifecycle - events. Cannot be updated. properties: postStart: - description: 'PostStart is called immediately - after a container is created. If the handler - fails, the container is terminated and restarted - according to its restart policy. Other management - of the container blocks until the hook completes. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: Exec specifies the action to - take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it is - not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to - explicitly call out to that shell. - Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the http - request to perform. properties: host: - description: Host name to connect to, - defaults to the pod IP. You probably - want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers to set in - the request. HTTP allows repeated - headers. items: - description: HTTPHeader describes - a custom header to be used in HTTP - probes properties: name: - description: The header field - name. This will be canonicalized - upon output, so case-variant - names will be understood as - the same header. type: string value: - description: The header field - value type: string required: - name @@ -423,129 +204,58 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the HTTP - server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. type: string required: - port type: object sleep: - description: Sleep represents the duration - that the container should sleep before - being terminated. properties: seconds: - description: Seconds is the number of - seconds to sleep. format: int64 type: integer required: - seconds type: object tcpSocket: - description: Deprecated. TCPSocket is NOT - supported as a LifecycleHandler and kept - for the backward compatibility. There - are no validation of this field and lifecycle - hooks will fail in runtime when tcp handler - is specified. properties: host: - description: 'Optional: Host name to - connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: - description: 'PreStop is called immediately - before a container is terminated due to an - API request or management event such as liveness/startup - probe failure, preemption, resource contention, - etc. The handler is not called if the container - crashes or exits. The Pod''s termination grace - period countdown begins before the PreStop - hook is executed. Regardless of the outcome - of the handler, the container will eventually - terminate within the Pod''s termination grace - period (unless delayed by finalizers). Other - management of the container blocks until the - hook completes or until the termination grace - period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: Exec specifies the action to - take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it is - not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to - explicitly call out to that shell. - Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the http - request to perform. properties: host: - description: Host name to connect to, - defaults to the pod IP. You probably - want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers to set in - the request. HTTP allows repeated - headers. items: - description: HTTPHeader describes - a custom header to be used in HTTP - probes properties: name: - description: The header field - name. This will be canonicalized - upon output, so case-variant - names will be understood as - the same header. type: string value: - description: The header field - value type: string required: - name @@ -554,58 +264,33 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the HTTP - server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. type: string required: - port type: object sleep: - description: Sleep represents the duration - that the container should sleep before - being terminated. properties: seconds: - description: Seconds is the number of - seconds to sleep. format: int64 type: integer required: - seconds type: object tcpSocket: - description: Deprecated. TCPSocket is NOT - supported as a LifecycleHandler and kept - for the backward compatibility. There - are no validation of this field and lifecycle - hooks will fail in runtime when tcp handler - is specified. properties: host: - description: 'Optional: Host name to - connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -613,79 +298,38 @@ spec: type: object type: object livenessProbe: - description: 'Periodic probe of container liveness. - Container will be restarted if the probe fails. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line - to execute inside the container, the working - directory for the command is root ('/') - in the container's filesystem. The command - is simply exec'd, it is not run inside - a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, - you need to explicitly call out to that - shell. Exit status of 0 is treated as - live/healthy and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive failures for - the probe to be considered failed after having - succeeded. Defaults to 3. Minimum value is - 1. format: int32 type: integer grpc: - description: GRPC specifies an action involving - a GRPC port. properties: port: - description: Port number of the gRPC service. - Number must be in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name of the - service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default - behavior is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request - to perform. properties: host: - description: Host name to connect to, defaults - to the pod IP. You probably want to set - "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the - request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom - header to be used in HTTP probes properties: name: - description: The header field name. - This will be canonicalized upon - output, so case-variant names will - be understood as the same header. type: string value: - description: The header field value type: string required: - name @@ -694,175 +338,84 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the HTTP - server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container - has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform - the probe. Default to 10 seconds. Minimum - value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for - the probe to be considered successful after - having failed. Defaults to 1. Must be 1 for - liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving - a TCP port. properties: host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds the - pod needs to terminate gracefully upon probe - failure. The grace period is the duration - in seconds after the processes running in - the pod are sent a termination signal and - the time when the processes are forcibly halted - with a kill signal. Set this value longer - than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this value overrides - the value provided by the pod spec. Value - must be non-negative integer. The value zero - indicates stop immediately via the kill signal - (no opportunity to shut down). This is a beta - field and requires enabling ProbeTerminationGracePeriod - feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which - the probe times out. Defaults to 1 second. - Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object nice: - description: 'Settings to configure `nice` to throttle - the load on cpu. More info: http://kennystechtalk.blogspot.com/2015/04/throttling-cpu-usage-with-linux-cgroups.html - More info: https://oakbytes.wordpress.com/2012/06/06/linux-scheduler-cfs-and-nice/' properties: adjustment: format: int32 type: integer type: object readinessProbe: - description: 'Periodic probe of container service - readiness. Container will be removed from service - endpoints if the probe fails. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line - to execute inside the container, the working - directory for the command is root ('/') - in the container's filesystem. The command - is simply exec'd, it is not run inside - a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, - you need to explicitly call out to that - shell. Exit status of 0 is treated as - live/healthy and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive failures for - the probe to be considered failed after having - succeeded. Defaults to 3. Minimum value is - 1. format: int32 type: integer grpc: - description: GRPC specifies an action involving - a GRPC port. properties: port: - description: Port number of the gRPC service. - Number must be in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name of the - service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default - behavior is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request - to perform. properties: host: - description: Host name to connect to, defaults - to the pod IP. You probably want to set - "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the - request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom - header to be used in HTTP probes properties: name: - description: The header field name. - This will be canonicalized upon - output, so case-variant names will - be understood as the same header. type: string value: - description: The header field value type: string required: - name @@ -871,112 +424,51 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the HTTP - server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container - has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform - the probe. Default to 10 seconds. Minimum - value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for - the probe to be considered successful after - having failed. Defaults to 1. Must be 1 for - liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving - a TCP port. properties: host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds the - pod needs to terminate gracefully upon probe - failure. The grace period is the duration - in seconds after the processes running in - the pod are sent a termination signal and - the time when the processes are forcibly halted - with a kill signal. Set this value longer - than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this value overrides - the value provided by the pod spec. Value - must be non-negative integer. The value zero - indicates stop immediately via the kill signal - (no opportunity to shut down). This is a beta - field and requires enabling ProbeTerminationGracePeriod - feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which - the probe times out. Defaults to 1 second. - Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object resources: - description: 'Compute Resources required by container. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' properties: claims: - description: "Claims lists the names of resources, - defined in spec.resourceClaims, that are used - by this container. \n This is an alpha field - and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. - It can only be set for containers." items: - description: ResourceClaim references one - entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name - of one entry in pod.spec.resourceClaims - of the Pod where this field is used. - It makes that resource available inside - a container. type: string required: - name @@ -992,8 +484,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount - of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -1002,373 +492,124 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum - amount of compute resources required. If Requests - is omitted for a container, it defaults to - Limits if that is explicitly specified, otherwise - to an implementation-defined value. Requests - cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: - description: 'Security options the pod should run - with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls - whether a process can gain more privileges - than its parent process. This bool directly - controls if the no_new_privs flag will be - set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run - as Privileged 2) has CAP_SYS_ADMIN Note that - this field cannot be set when spec.os.name - is windows.' type: boolean appArmorProfile: - description: appArmorProfile is the AppArmor - options to use by this container. If set, - this profile overrides the pod's appArmorProfile. - Note that this field cannot be set when spec.os.name - is windows. properties: localhostProfile: - description: localhostProfile indicates - a profile loaded on the node that should - be used. The profile must be preconfigured - on the node to work. Must match the loaded - name of the profile. Must be set if and - only if type is "Localhost". type: string type: - description: 'type indicates which kind - of AppArmor profile will be applied. Valid - options are: Localhost - a profile pre-loaded - on the node. RuntimeDefault - the container - runtime''s default profile. Unconfined - - no AppArmor enforcement.' type: string required: - type type: object capabilities: - description: The capabilities to add/drop when - running containers. Defaults to the default - set of capabilities granted by the container - runtime. Note that this field cannot be set - when spec.os.name is windows. properties: add: - description: Added capabilities items: - description: Capability represent POSIX - capabilities type type: string type: array x-kubernetes-list-type: atomic drop: - description: Removed capabilities items: - description: Capability represent POSIX - capabilities type type: string type: array x-kubernetes-list-type: atomic type: object privileged: - description: Run container in privileged mode. - Processes in privileged containers are essentially - equivalent to root on the host. Defaults to - false. Note that this field cannot be set - when spec.os.name is windows. type: boolean procMount: - description: procMount denotes the type of proc - mount to use for the containers. The default - is DefaultProcMount which uses the container - runtime defaults for readonly paths and masked - paths. This requires the ProcMountType feature - flag to be enabled. Note that this field cannot - be set when spec.os.name is windows. type: string readOnlyRootFilesystem: - description: Whether this container has a read-only - root filesystem. Default is false. Note that - this field cannot be set when spec.os.name - is windows. type: boolean runAsGroup: - description: The GID to run the entrypoint of - the container process. Uses runtime default - if unset. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes - precedence. Note that this field cannot be - set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: - description: Indicates that the container must - run as a non-root user. If true, the Kubelet - will validate the image at runtime to ensure - that it does not run as UID 0 (root) and fail - to start the container if it does. If unset - or false, no such validation will be performed. - May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes - precedence. type: boolean runAsUser: - description: The UID to run the entrypoint of - the container process. Defaults to user specified - in image metadata if unspecified. May also - be set in PodSecurityContext. If set in both - SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name - is windows. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be applied - to the container. If unspecified, the container - runtime will allocate a random SELinux context - for each container. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes - precedence. Note that this field cannot be - set when spec.os.name is windows. properties: level: - description: Level is SELinux level label - that applies to the container. type: string role: - description: Role is a SELinux role label - that applies to the container. type: string type: - description: Type is a SELinux type label - that applies to the container. type: string user: - description: User is a SELinux user label - that applies to the container. type: string type: object seccompProfile: - description: The seccomp options to use by this - container. If seccomp options are provided - at both the pod & container level, the container - options override the pod options. Note that - this field cannot be set when spec.os.name - is windows. properties: localhostProfile: - description: localhostProfile indicates - a profile defined in a file on the node - should be used. The profile must be preconfigured - on the node to work. Must be a descending - path, relative to the kubelet's configured - seccomp profile location. Must be set - if type is "Localhost". Must NOT be set - for any other type. type: string type: - description: "type indicates which kind - of seccomp profile will be applied. Valid - options are: \n Localhost - a profile - defined in a file on the node should be - used. RuntimeDefault - the container runtime - default profile should be used. Unconfined - - no profile should be applied." type: string required: - type type: object windowsOptions: - description: The Windows specific settings applied - to all containers. If unspecified, the options - from the PodSecurityContext will be used. - If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes - precedence. Note that this field cannot be - set when spec.os.name is linux. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is where - the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential - spec named by the GMSACredentialSpecName - field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName is the - name of the GMSA credential spec to use. type: string hostProcess: - description: HostProcess determines if a - container should be run as a 'Host Process' - container. All of a Pod's containers must - have the same effective HostProcess value - (it is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). - In addition, if HostProcess is true then - HostNetwork must also be set to true. type: boolean runAsUserName: - description: The UserName in Windows to - run the entrypoint of the container process. - Defaults to the user specified in image - metadata if unspecified. May also be set - in PodSecurityContext. If set in both - SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. type: string type: object type: object type: object jobTemplate: - description: JobTemplate specifies runtime configurations - for the backup/restore Job properties: controller: - description: 'Workload controller''s metadata. More - info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' properties: annotations: additionalProperties: type: string - description: 'Annotations is an unstructured - key value map stored with a resource that - may be set by external tools to store and - retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying - objects. More info: http://kubernetes.io/docs/user-guide/annotations' type: object labels: additionalProperties: type: string - description: 'Map of string keys and values - that can be used to organize and categorize - (scope and select) objects. May match selectors - of replication controllers and services. More - info: http://kubernetes.io/docs/user-guide/labels' type: object type: object metadata: - description: 'Standard object''s metadata. More - info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' properties: annotations: additionalProperties: type: string - description: 'Annotations is an unstructured - key value map stored with a resource that - may be set by external tools to store and - retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying - objects. More info: http://kubernetes.io/docs/user-guide/annotations' type: object labels: additionalProperties: type: string - description: 'Map of string keys and values - that can be used to organize and categorize - (scope and select) objects. May match selectors - of replication controllers and services. More - info: http://kubernetes.io/docs/user-guide/labels' type: object type: object spec: - description: 'Specification of the desired behavior - of the pod. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status' properties: affinity: - description: If specified, the pod's scheduling - constraints properties: nodeAffinity: - description: Describes node affinity scheduling - rules for the pod. properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer - to schedule pods to nodes that satisfy - the affinity expressions specified - by this field, but it may choose a - node that violates one or more of - the expressions. The node that is - most preferred is the one with the - greatest sum of weights, i.e. for - each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute - a sum by iterating through the elements - of this field and adding "weight" - to the sum if the node matches the - corresponding matchExpressions; the - node(s) with the highest sum are the - most preferred. items: - description: An empty preferred scheduling - term matches all objects with implicit - weight 0 (i.e. it's a no-op). A - null preferred scheduling term matches - no objects (i.e. is also a no-op). properties: preference: - description: A node selector term, - associated with the corresponding - weight. properties: matchExpressions: - description: A list of node - selector requirements by - node's labels. items: - description: A node selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key and - values. properties: key: - description: The label - key that the selector - applies to. type: string operator: - description: Represents - a key's relationship - to a set of values. - Valid operators are - In, NotIn, Exists, - DoesNotExist. Gt, - and Lt. type: string values: - description: An array - of string values. - If the operator is - In or NotIn, the values - array must be non-empty. - If the operator is - Exists or DoesNotExist, - the values array must - be empty. If the operator - is Gt or Lt, the values - array must have a - single element, which - will be interpreted - as an integer. This - array is replaced - during a strategic - merge patch. items: type: string type: array @@ -1380,49 +621,13 @@ spec: type: array x-kubernetes-list-type: atomic matchFields: - description: A list of node - selector requirements by - node's fields. items: - description: A node selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key and - values. properties: key: - description: The label - key that the selector - applies to. type: string operator: - description: Represents - a key's relationship - to a set of values. - Valid operators are - In, NotIn, Exists, - DoesNotExist. Gt, - and Lt. type: string values: - description: An array - of string values. - If the operator is - In or NotIn, the values - array must be non-empty. - If the operator is - Exists or DoesNotExist, - the values array must - be empty. If the operator - is Gt or Lt, the values - array must have a - single element, which - will be interpreted - as an integer. This - array is replaced - during a strategic - merge patch. items: type: string type: array @@ -1436,10 +641,6 @@ spec: type: object x-kubernetes-map-type: atomic weight: - description: Weight associated - with matching the corresponding - nodeSelectorTerm, in the range - 1-100. format: int32 type: integer required: @@ -1449,73 +650,18 @@ spec: type: array x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements - specified by this field are not met - at scheduling time, the pod will not - be scheduled onto the node. If the - affinity requirements specified by - this field cease to be met at some - point during pod execution (e.g. due - to an update), the system may or may - not try to eventually evict the pod - from its node. properties: nodeSelectorTerms: - description: Required. A list of - node selector terms. The terms - are ORed. items: - description: A null or empty node - selector term matches no objects. - The requirements of them are - ANDed. The TopologySelectorTerm - type implements a subset of - the NodeSelectorTerm. properties: matchExpressions: - description: A list of node - selector requirements by - node's labels. items: - description: A node selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key and - values. properties: key: - description: The label - key that the selector - applies to. type: string operator: - description: Represents - a key's relationship - to a set of values. - Valid operators are - In, NotIn, Exists, - DoesNotExist. Gt, - and Lt. type: string values: - description: An array - of string values. - If the operator is - In or NotIn, the values - array must be non-empty. - If the operator is - Exists or DoesNotExist, - the values array must - be empty. If the operator - is Gt or Lt, the values - array must have a - single element, which - will be interpreted - as an integer. This - array is replaced - during a strategic - merge patch. items: type: string type: array @@ -1527,49 +673,13 @@ spec: type: array x-kubernetes-list-type: atomic matchFields: - description: A list of node - selector requirements by - node's fields. items: - description: A node selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key and - values. properties: key: - description: The label - key that the selector - applies to. type: string operator: - description: Represents - a key's relationship - to a set of values. - Valid operators are - In, NotIn, Exists, - DoesNotExist. Gt, - and Lt. type: string values: - description: An array - of string values. - If the operator is - In or NotIn, the values - array must be non-empty. - If the operator is - Exists or DoesNotExist, - the values array must - be empty. If the operator - is Gt or Lt, the values - array must have a - single element, which - will be interpreted - as an integer. This - array is replaced - during a strategic - merge patch. items: type: string type: array @@ -1590,91 +700,22 @@ spec: x-kubernetes-map-type: atomic type: object podAffinity: - description: Describes pod affinity scheduling - rules (e.g. co-locate this pod in the - same node, zone, etc. as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer - to schedule pods to nodes that satisfy - the affinity expressions specified - by this field, but it may choose a - node that violates one or more of - the expressions. The node that is - most preferred is the one with the - greatest sum of weights, i.e. for - each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute - a sum by iterating through the elements - of this field and adding "weight" - to the sum if the node has pods which - matches the corresponding podAffinityTerm; - the node(s) with the highest sum are - the most preferred. items: - description: The weights of all of - the matched WeightedPodAffinityTerm - fields are added per-node to find - the most preferred node(s) properties: podAffinityTerm: - description: Required. A pod affinity - term, associated with the corresponding - weight. properties: labelSelector: - description: A label query - over a set of resources, - in this case pods. If it's - null, this PodAffinityTerm - matches with no Pods. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. properties: key: - description: key - is the label key - that the selector - applies to. type: string operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. items: type: string type: array @@ -1688,141 +729,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys - is a set of pod label keys - to select which pods will - be taken into consideration. - The keys are used to lookup - values from the incoming - pod labels, those key-value - labels are merged with `labelSelector` - as `key in (value)` to select - the group of existing pods - which pods will be taken - into consideration for the - incoming pod's pod (anti) - affinity. Keys that don't - exist in the incoming pod - labels will be ignored. - The default value is empty. - The same key is forbidden - to exist in both matchLabelKeys - and labelSelector. Also, - matchLabelKeys cannot be - set when labelSelector isn't - set. This is an alpha field - and requires enabling MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys - is a set of pod label keys - to select which pods will - be taken into consideration. - The keys are used to lookup - values from the incoming - pod labels, those key-value - labels are merged with `labelSelector` - as `key notin (value)` to - select the group of existing - pods which pods will be - taken into consideration - for the incoming pod's pod - (anti) affinity. Keys that - don't exist in the incoming - pod labels will be ignored. - The default value is empty. - The same key is forbidden - to exist in both mismatchLabelKeys - and labelSelector. Also, - mismatchLabelKeys cannot - be set when labelSelector - isn't set. This is an alpha - field and requires enabling - MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query - over the set of namespaces - that the term applies to. - The term is applied to the - union of the namespaces - selected by this field and - the ones listed in the namespaces - field. null selector and - null or empty namespaces - list means "this pod's namespace". - An empty selector ({}) matches - all namespaces. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. properties: key: - description: key - is the label key - that the selector - applies to. type: string operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. items: type: string type: array @@ -1836,59 +765,20 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies - a static list of namespace - names that the term applies - to. The term is applied - to the union of the namespaces - listed in this field and - the ones selected by namespaceSelector. - null or empty namespaces - list and null namespaceSelector - means "this pod's namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: - description: This pod should - be co-located (affinity) - or not co-located (anti-affinity) - with the pods matching the - labelSelector in the specified - namespaces, where co-located - is defined as running on - a node whose value of the - label with key topologyKey - matches that of any node - on which any of the selected - pods is running. Empty topologyKey - is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated - with matching the corresponding - podAffinityTerm, in the range - 1-100. format: int32 type: integer required: @@ -1898,81 +788,18 @@ spec: type: array x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements - specified by this field are not met - at scheduling time, the pod will not - be scheduled onto the node. If the - affinity requirements specified by - this field cease to be met at some - point during pod execution (e.g. due - to a pod label update), the system - may or may not try to eventually evict - the pod from its node. When there - are multiple elements, the lists of - nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must - be satisfied. items: - description: Defines a set of pods - (namely those matching the labelSelector - relative to the given namespace(s)) - that this pod should be co-located - (affinity) or not co-located (anti-affinity) - with, where co-located is defined - as running on a node whose value - of the label with key - matches that of any node on which - a pod of the set of pods is running properties: labelSelector: - description: A label query over - a set of resources, in this - case pods. If it's null, this - PodAffinityTerm matches with - no Pods. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key and - values. properties: key: - description: key is - the label key that - the selector applies - to. type: string operator: - description: operator - represents a key's - relationship to a - set of values. Valid - operators are In, - NotIn, Exists and - DoesNotExist. type: string values: - description: values - is an array of string - values. If the operator - is In or NotIn, the - values array must - be non-empty. If the - operator is Exists - or DoesNotExist, the - values array must - be empty. This array - is replaced during - a strategic merge - patch. items: type: string type: array @@ -1986,129 +813,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in - the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is - a set of pod label keys to select - which pods will be taken into - consideration. The keys are - used to lookup values from the - incoming pod labels, those key-value - labels are merged with `labelSelector` - as `key in (value)` to select - the group of existing pods which - pods will be taken into consideration - for the incoming pod's pod (anti) - affinity. Keys that don't exist - in the incoming pod labels will - be ignored. The default value - is empty. The same key is forbidden - to exist in both matchLabelKeys - and labelSelector. Also, matchLabelKeys - cannot be set when labelSelector - isn't set. This is an alpha - field and requires enabling - MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys - is a set of pod label keys to - select which pods will be taken - into consideration. The keys - are used to lookup values from - the incoming pod labels, those - key-value labels are merged - with `labelSelector` as `key - notin (value)` to select the - group of existing pods which - pods will be taken into consideration - for the incoming pod's pod (anti) - affinity. Keys that don't exist - in the incoming pod labels will - be ignored. The default value - is empty. The same key is forbidden - to exist in both mismatchLabelKeys - and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector - isn't set. This is an alpha - field and requires enabling - MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over - the set of namespaces that the - term applies to. The term is - applied to the union of the - namespaces selected by this - field and the ones listed in - the namespaces field. null selector - and null or empty namespaces - list means "this pod's namespace". - An empty selector ({}) matches - all namespaces. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key and - values. properties: key: - description: key is - the label key that - the selector applies - to. type: string operator: - description: operator - represents a key's - relationship to a - set of values. Valid - operators are In, - NotIn, Exists and - DoesNotExist. type: string values: - description: values - is an array of string - values. If the operator - is In or NotIn, the - values array must - be non-empty. If the - operator is Exists - or DoesNotExist, the - values array must - be empty. This array - is replaced during - a strategic merge - patch. items: type: string type: array @@ -2122,47 +849,15 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in - the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies - a static list of namespace names - that the term applies to. The - term is applied to the union - of the namespaces listed in - this field and the ones selected - by namespaceSelector. null or - empty namespaces list and null - namespaceSelector means "this - pod's namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: - description: This pod should be - co-located (affinity) or not - co-located (anti-affinity) with - the pods matching the labelSelector - in the specified namespaces, - where co-located is defined - as running on a node whose value - of the label with key topologyKey - matches that of any node on - which any of the selected pods - is running. Empty topologyKey - is not allowed. type: string required: - topologyKey @@ -2171,92 +866,22 @@ spec: x-kubernetes-list-type: atomic type: object podAntiAffinity: - description: Describes pod anti-affinity - scheduling rules (e.g. avoid putting this - pod in the same node, zone, etc. as some - other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer - to schedule pods to nodes that satisfy - the anti-affinity expressions specified - by this field, but it may choose a - node that violates one or more of - the expressions. The node that is - most preferred is the one with the - greatest sum of weights, i.e. for - each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - anti-affinity expressions, etc.), - compute a sum by iterating through - the elements of this field and adding - "weight" to the sum if the node has - pods which matches the corresponding - podAffinityTerm; the node(s) with - the highest sum are the most preferred. items: - description: The weights of all of - the matched WeightedPodAffinityTerm - fields are added per-node to find - the most preferred node(s) properties: podAffinityTerm: - description: Required. A pod affinity - term, associated with the corresponding - weight. properties: labelSelector: - description: A label query - over a set of resources, - in this case pods. If it's - null, this PodAffinityTerm - matches with no Pods. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. properties: key: - description: key - is the label key - that the selector - applies to. type: string operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. items: type: string type: array @@ -2270,141 +895,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys - is a set of pod label keys - to select which pods will - be taken into consideration. - The keys are used to lookup - values from the incoming - pod labels, those key-value - labels are merged with `labelSelector` - as `key in (value)` to select - the group of existing pods - which pods will be taken - into consideration for the - incoming pod's pod (anti) - affinity. Keys that don't - exist in the incoming pod - labels will be ignored. - The default value is empty. - The same key is forbidden - to exist in both matchLabelKeys - and labelSelector. Also, - matchLabelKeys cannot be - set when labelSelector isn't - set. This is an alpha field - and requires enabling MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys - is a set of pod label keys - to select which pods will - be taken into consideration. - The keys are used to lookup - values from the incoming - pod labels, those key-value - labels are merged with `labelSelector` - as `key notin (value)` to - select the group of existing - pods which pods will be - taken into consideration - for the incoming pod's pod - (anti) affinity. Keys that - don't exist in the incoming - pod labels will be ignored. - The default value is empty. - The same key is forbidden - to exist in both mismatchLabelKeys - and labelSelector. Also, - mismatchLabelKeys cannot - be set when labelSelector - isn't set. This is an alpha - field and requires enabling - MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query - over the set of namespaces - that the term applies to. - The term is applied to the - union of the namespaces - selected by this field and - the ones listed in the namespaces - field. null selector and - null or empty namespaces - list means "this pod's namespace". - An empty selector ({}) matches - all namespaces. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. properties: key: - description: key - is the label key - that the selector - applies to. type: string operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. items: type: string type: array @@ -2418,59 +931,20 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies - a static list of namespace - names that the term applies - to. The term is applied - to the union of the namespaces - listed in this field and - the ones selected by namespaceSelector. - null or empty namespaces - list and null namespaceSelector - means "this pod's namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: - description: This pod should - be co-located (affinity) - or not co-located (anti-affinity) - with the pods matching the - labelSelector in the specified - namespaces, where co-located - is defined as running on - a node whose value of the - label with key topologyKey - matches that of any node - on which any of the selected - pods is running. Empty topologyKey - is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated - with matching the corresponding - podAffinityTerm, in the range - 1-100. format: int32 type: integer required: @@ -2480,81 +954,18 @@ spec: type: array x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements - specified by this field are not met - at scheduling time, the pod will not - be scheduled onto the node. If the - anti-affinity requirements specified - by this field cease to be met at some - point during pod execution (e.g. due - to a pod label update), the system - may or may not try to eventually evict - the pod from its node. When there - are multiple elements, the lists of - nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must - be satisfied. items: - description: Defines a set of pods - (namely those matching the labelSelector - relative to the given namespace(s)) - that this pod should be co-located - (affinity) or not co-located (anti-affinity) - with, where co-located is defined - as running on a node whose value - of the label with key - matches that of any node on which - a pod of the set of pods is running properties: labelSelector: - description: A label query over - a set of resources, in this - case pods. If it's null, this - PodAffinityTerm matches with - no Pods. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key and - values. properties: key: - description: key is - the label key that - the selector applies - to. type: string operator: - description: operator - represents a key's - relationship to a - set of values. Valid - operators are In, - NotIn, Exists and - DoesNotExist. type: string values: - description: values - is an array of string - values. If the operator - is In or NotIn, the - values array must - be non-empty. If the - operator is Exists - or DoesNotExist, the - values array must - be empty. This array - is replaced during - a strategic merge - patch. items: type: string type: array @@ -2568,129 +979,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in - the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is - a set of pod label keys to select - which pods will be taken into - consideration. The keys are - used to lookup values from the - incoming pod labels, those key-value - labels are merged with `labelSelector` - as `key in (value)` to select - the group of existing pods which - pods will be taken into consideration - for the incoming pod's pod (anti) - affinity. Keys that don't exist - in the incoming pod labels will - be ignored. The default value - is empty. The same key is forbidden - to exist in both matchLabelKeys - and labelSelector. Also, matchLabelKeys - cannot be set when labelSelector - isn't set. This is an alpha - field and requires enabling - MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys - is a set of pod label keys to - select which pods will be taken - into consideration. The keys - are used to lookup values from - the incoming pod labels, those - key-value labels are merged - with `labelSelector` as `key - notin (value)` to select the - group of existing pods which - pods will be taken into consideration - for the incoming pod's pod (anti) - affinity. Keys that don't exist - in the incoming pod labels will - be ignored. The default value - is empty. The same key is forbidden - to exist in both mismatchLabelKeys - and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector - isn't set. This is an alpha - field and requires enabling - MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over - the set of namespaces that the - term applies to. The term is - applied to the union of the - namespaces selected by this - field and the ones listed in - the namespaces field. null selector - and null or empty namespaces - list means "this pod's namespace". - An empty selector ({}) matches - all namespaces. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key and - values. properties: key: - description: key is - the label key that - the selector applies - to. type: string operator: - description: operator - represents a key's - relationship to a - set of values. Valid - operators are In, - NotIn, Exists and - DoesNotExist. type: string values: - description: values - is an array of string - values. If the operator - is In or NotIn, the - values array must - be non-empty. If the - operator is Exists - or DoesNotExist, the - values array must - be empty. This array - is replaced during - a strategic merge - patch. items: type: string type: array @@ -2704,47 +1015,15 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in - the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies - a static list of namespace names - that the term applies to. The - term is applied to the union - of the namespaces listed in - this field and the ones selected - by namespaceSelector. null or - empty namespaces list and null - namespaceSelector means "this - pod's namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: - description: This pod should be - co-located (affinity) or not - co-located (anti-affinity) with - the pods matching the labelSelector - in the specified namespaces, - where co-located is defined - as running on a node whose value - of the label with key topologyKey - matches that of any node on - which any of the selected pods - is running. Empty topologyKey - is not allowed. type: string required: - topologyKey @@ -2754,281 +1033,92 @@ spec: type: object type: object args: - description: 'Arguments to the entrypoint. The - docker image''s CMD is used if this is not - provided. Variable references $(VAR_NAME) - are expanded using the container''s environment. - If a variable cannot be resolved, the reference - in the input string will be unchanged. The - $(VAR_NAME) syntax can be escaped with a double - $$, ie: $$(VAR_NAME). Escaped references will - never be expanded, regardless of whether the - variable exists or not. Cannot be updated. - More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array containerSecurityContext: - description: 'Security options the pod should - run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls - whether a process can gain more privileges - than its parent process. This bool directly - controls if the no_new_privs flag will - be set on the container process. AllowPrivilegeEscalation - is true always when the container is: - 1) run as Privileged 2) has CAP_SYS_ADMIN - Note that this field cannot be set when - spec.os.name is windows.' type: boolean appArmorProfile: - description: appArmorProfile is the AppArmor - options to use by this container. If set, - this profile overrides the pod's appArmorProfile. - Note that this field cannot be set when - spec.os.name is windows. properties: localhostProfile: - description: localhostProfile indicates - a profile loaded on the node that - should be used. The profile must be - preconfigured on the node to work. - Must match the loaded name of the - profile. Must be set if and only if - type is "Localhost". type: string type: - description: 'type indicates which kind - of AppArmor profile will be applied. - Valid options are: Localhost - a profile - pre-loaded on the node. RuntimeDefault - - the container runtime''s default - profile. Unconfined - no AppArmor - enforcement.' type: string required: - type type: object capabilities: - description: The capabilities to add/drop - when running containers. Defaults to the - default set of capabilities granted by - the container runtime. Note that this - field cannot be set when spec.os.name - is windows. properties: add: - description: Added capabilities items: - description: Capability represent - POSIX capabilities type type: string type: array x-kubernetes-list-type: atomic drop: - description: Removed capabilities items: - description: Capability represent - POSIX capabilities type type: string type: array x-kubernetes-list-type: atomic type: object privileged: - description: Run container in privileged - mode. Processes in privileged containers - are essentially equivalent to root on - the host. Defaults to false. Note that - this field cannot be set when spec.os.name - is windows. type: boolean procMount: - description: procMount denotes the type - of proc mount to use for the containers. - The default is DefaultProcMount which - uses the container runtime defaults for - readonly paths and masked paths. This - requires the ProcMountType feature flag - to be enabled. Note that this field cannot - be set when spec.os.name is windows. type: string readOnlyRootFilesystem: - description: Whether this container has - a read-only root filesystem. Default is - false. Note that this field cannot be - set when spec.os.name is windows. type: boolean runAsGroup: - description: The GID to run the entrypoint - of the container process. Uses runtime - default if unset. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this field - cannot be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: - description: Indicates that the container - must run as a non-root user. If true, - the Kubelet will validate the image at - runtime to ensure that it does not run - as UID 0 (root) and fail to start the - container if it does. If unset or false, - no such validation will be performed. - May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint - of the container process. Defaults to - user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this field - cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be applied - to the container. If unspecified, the - container runtime will allocate a random - SELinux context for each container. May - also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this field - cannot be set when spec.os.name is windows. properties: level: - description: Level is SELinux level - label that applies to the container. type: string role: - description: Role is a SELinux role - label that applies to the container. type: string type: - description: Type is a SELinux type - label that applies to the container. type: string user: - description: User is a SELinux user - label that applies to the container. type: string type: object seccompProfile: - description: The seccomp options to use - by this container. If seccomp options - are provided at both the pod & container - level, the container options override - the pod options. Note that this field - cannot be set when spec.os.name is windows. properties: localhostProfile: - description: localhostProfile indicates - a profile defined in a file on the - node should be used. The profile must - be preconfigured on the node to work. - Must be a descending path, relative - to the kubelet's configured seccomp - profile location. Must be set if type - is "Localhost". Must NOT be set for - any other type. type: string type: - description: "type indicates which kind - of seccomp profile will be applied. - Valid options are: \n Localhost - - a profile defined in a file on the - node should be used. RuntimeDefault - - the container runtime default profile - should be used. Unconfined - no profile - should be applied." type: string required: - type type: object windowsOptions: - description: The Windows specific settings - applied to all containers. If unspecified, - the options from the PodSecurityContext - will be used. If set in both SecurityContext - and PodSecurityContext, the value specified - in SecurityContext takes precedence. Note - that this field cannot be set when spec.os.name - is linux. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is where - the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential - spec named by the GMSACredentialSpecName - field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName - is the name of the GMSA credential - spec to use. type: string hostProcess: - description: HostProcess determines - if a container should be run as a - 'Host Process' container. All of a - Pod's containers must have the same - effective HostProcess value (it is - not allowed to have a mix of HostProcess - containers and non-HostProcess containers). - In addition, if HostProcess is true - then HostNetwork must also be set - to true. type: boolean runAsUserName: - description: The UserName in Windows - to run the entrypoint of the container - process. Defaults to the user specified - in image metadata if unspecified. - May also be set in PodSecurityContext. - If set in both SecurityContext and - PodSecurityContext, the value specified - in SecurityContext takes precedence. type: string type: object type: object dnsConfig: - description: Specifies the DNS parameters of - a pod. Parameters specified here will be merged - to the generated DNS configuration based on - DNSPolicy. properties: nameservers: - description: A list of DNS name server IP - addresses. This will be appended to the - base nameservers generated from DNSPolicy. - Duplicated nameservers will be removed. items: type: string type: array x-kubernetes-list-type: atomic options: - description: A list of DNS resolver options. - This will be merged with the base options - generated from DNSPolicy. Duplicated entries - will be removed. Resolution options given - in Options will override those that appear - in the base DNSPolicy. items: - description: PodDNSConfigOption defines - DNS resolver options of a pod. properties: name: - description: Required. type: string value: type: string @@ -3036,171 +1126,71 @@ spec: type: array x-kubernetes-list-type: atomic searches: - description: A list of DNS search domains - for host-name lookup. This will be appended - to the base search paths generated from - DNSPolicy. Duplicated search paths will - be removed. items: type: string type: array x-kubernetes-list-type: atomic type: object dnsPolicy: - description: Set DNS policy for the pod. Defaults - to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', - 'ClusterFirst', 'Default' or 'None'. DNS parameters - given in DNSConfig will be merged with the - policy selected with DNSPolicy. To have DNS - options set along with hostNetwork, you have - to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. type: string enableServiceLinks: - description: 'EnableServiceLinks indicates whether - information about services should be injected - into pod''s environment variables, matching - the syntax of Docker links. Optional: Defaults - to true.' type: boolean env: - description: List of environment variables to - set in the container. Cannot be updated. items: - description: EnvVar represents an environment - variable present in a Container. properties: name: - description: Name of the environment variable. - Must be a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) - are expanded using the previously defined - environment variables in the container - and any service environment variables. - If a variable cannot be resolved, the - reference in the input string will be - unchanged. Double $$ are reduced to - a single $, which allows for escaping - the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" - will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, - regardless of whether the variable exists - or not. Defaults to "".' type: string valueFrom: - description: Source for the environment - variable's value. Cannot be used if - value is not empty. properties: configMapKeyRef: - description: Selects a key of a ConfigMap. properties: key: - description: The key to select. type: string name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the - ConfigMap or its key must be - defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of the - pod: supports metadata.name, metadata.namespace, - `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, status.podIPs.' properties: apiVersion: - description: Version of the schema - the FieldPath is written in - terms of, defaults to "v1". type: string fieldPath: - description: Path of the field - to select in the specified API - version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource of - the container: only resources limits - and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' properties: containerName: - description: 'Container name: - required for volumes, optional - for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output - format of the exposed resources, - defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource - to select' type: string required: - resource type: object x-kubernetes-map-type: atomic secretKeyRef: - description: Selects a key of a secret - in the pod's namespace properties: key: - description: The key of the secret - to select from. Must be a valid - secret key. type: string name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the - Secret or its key must be defined type: boolean required: - key @@ -3212,264 +1202,89 @@ spec: type: object type: array hostIPC: - description: 'Use the host''s ipc namespace. - Optional: Default to false.' type: boolean hostNetwork: - description: Host networking requested for this - pod. Use the host's network namespace. If - this option is set, the ports that will be - used must be specified. Default to false. type: boolean hostPID: - description: 'Use the host''s pid namespace. - Optional: Default to false.' type: boolean imagePullSecrets: - description: 'ImagePullSecrets is an optional - list of references to secrets in the same - namespace to use for pulling any of the images - used by this PodSpec. If specified, these - secrets will be passed to individual puller - implementations for them to use. More info: - https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' items: - description: LocalObjectReference contains - enough information to let you locate the - referenced object inside the same namespace. properties: name: default: "" - description: 'Name of the referent. This - field is effectively required, but due - to backwards compatibility is allowed - to be empty. Instances of this type - with an empty value here are almost - certainly wrong. TODO: Add other useful - fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic type: array initContainers: - description: 'List of initialization containers - belonging to the pod. Init containers are - executed in order prior to containers being - started. If any init container fails, the - pod is considered to have failed and is handled - according to its restartPolicy. The name for - an init container or normal container must - be unique among all containers. Init containers - may not have Lifecycle actions, Readiness - probes, or Liveness probes. The resourceRequirements - of an init container are taken into account - during scheduling by finding the highest request/limit - for each resource type, and then using the - max of of that value or the sum of the normal - containers. Limits are applied to init containers - in a similar fashion. Init containers cannot - currently be added or removed. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' items: - description: A single application container - that you want to run within a pod. properties: args: - description: 'Arguments to the entrypoint. - The container image''s CMD is used if - this is not provided. Variable references - $(VAR_NAME) are expanded using the container''s - environment. If a variable cannot be - resolved, the reference in the input - string will be unchanged. Double $$ - are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: - i.e. "$$(VAR_NAME)" will produce the - string literal "$(VAR_NAME)". Escaped - references will never be expanded, regardless - of whether the variable exists or not. - Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array x-kubernetes-list-type: atomic command: - description: 'Entrypoint array. Not executed - within a shell. The container image''s - ENTRYPOINT is used if this is not provided. - Variable references $(VAR_NAME) are - expanded using the container''s environment. - If a variable cannot be resolved, the - reference in the input string will be - unchanged. Double $$ are reduced to - a single $, which allows for escaping - the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" - will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, - regardless of whether the variable exists - or not. Cannot be updated. More info: - https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array x-kubernetes-list-type: atomic env: - description: List of environment variables - to set in the container. Cannot be updated. items: - description: EnvVar represents an environment - variable present in a Container. properties: name: - description: Name of the environment - variable. Must be a C_IDENTIFIER. type: string value: - description: 'Variable references - $(VAR_NAME) are expanded using - the previously defined environment - variables in the container and - any service environment variables. - If a variable cannot be resolved, - the reference in the input string - will be unchanged. Double $$ are - reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: - i.e. "$$(VAR_NAME)" will produce - the string literal "$(VAR_NAME)". - Escaped references will never - be expanded, regardless of whether - the variable exists or not. Defaults - to "".' type: string valueFrom: - description: Source for the environment - variable's value. Cannot be used - if value is not empty. properties: configMapKeyRef: - description: Selects a key of - a ConfigMap. properties: key: - description: The key to - select. type: string name: default: "" - description: 'Name of the - referent. This field is - effectively required, - but due to backwards compatibility - is allowed to be empty. - Instances of this type - with an empty value here - are almost certainly wrong. - TODO: Add other useful - fields. apiVersion, kind, - uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether - the ConfigMap or its key - must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field - of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, - status.podIPs.' properties: apiVersion: - description: Version of - the schema the FieldPath - is written in terms of, - defaults to "v1". type: string fieldPath: - description: Path of the - field to select in the - specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource - of the container: only resources - limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, - requests.cpu, requests.memory - and requests.ephemeral-storage) - are currently supported.' properties: containerName: - description: 'Container - name: required for volumes, - optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the - output format of the exposed - resources, defaults to - "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: - resource to select' type: string required: - resource type: object x-kubernetes-map-type: atomic secretKeyRef: - description: Selects a key of - a secret in the pod's namespace properties: key: - description: The key of - the secret to select from. Must - be a valid secret key. type: string name: default: "" - description: 'Name of the - referent. This field is - effectively required, - but due to backwards compatibility - is allowed to be empty. - Instances of this type - with an empty value here - are almost certainly wrong. - TODO: Add other useful - fields. apiVersion, kind, - uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether - the Secret or its key - must be defined type: boolean required: - key @@ -3484,75 +1299,25 @@ spec: - name x-kubernetes-list-type: map envFrom: - description: List of sources to populate - environment variables in the container. - The keys defined within a source must - be a C_IDENTIFIER. All invalid keys - will be reported as an event when the - container is starting. When a key exists - in multiple sources, the value associated - with the last source will take precedence. - Values defined by an Env with a duplicate - key will take precedence. Cannot be - updated. items: - description: EnvFromSource represents - the source of a set of ConfigMaps properties: configMapRef: - description: The ConfigMap to select - from properties: name: default: "" - description: 'Name of the referent. - This field is effectively - required, but due to backwards - compatibility is allowed to - be empty. Instances of this - type with an empty value here - are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether - the ConfigMap must be defined type: boolean type: object x-kubernetes-map-type: atomic prefix: - description: An optional identifier - to prepend to each key in the - ConfigMap. Must be a C_IDENTIFIER. type: string secretRef: - description: The Secret to select - from properties: name: default: "" - description: 'Name of the referent. - This field is effectively - required, but due to backwards - compatibility is allowed to - be empty. Instances of this - type with an empty value here - are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether - the Secret must be defined type: boolean type: object x-kubernetes-map-type: atomic @@ -3560,91 +1325,31 @@ spec: type: array x-kubernetes-list-type: atomic image: - description: 'Container image name. More - info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher - level config management to default or - override container images in workload - controllers like Deployments and StatefulSets.' type: string imagePullPolicy: - description: 'Image pull policy. One of - Always, Never, IfNotPresent. Defaults - to Always if :latest tag is specified, - or IfNotPresent otherwise. Cannot be - updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' type: string lifecycle: - description: Actions that the management - system should take in response to container - lifecycle events. Cannot be updated. properties: postStart: - description: 'PostStart is called - immediately after a container is - created. If the handler fails, the - container is terminated and restarted - according to its restart policy. - Other management of the container - blocks until the hook completes. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: Exec specifies the - action to take. properties: command: - description: Command is the - command line to execute - inside the container, the - working directory for the - command is root ('/') in - the container's filesystem. - The command is simply exec'd, - it is not run inside a shell, - so traditional shell instructions - ('|', etc) won't work. To - use a shell, you need to - explicitly call out to that - shell. Exit status of 0 - is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies - the http request to perform. properties: host: - description: Host name to - connect to, defaults to - the pod IP. You probably - want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. items: - description: HTTPHeader - describes a custom header - to be used in HTTP probes properties: name: - description: The header - field name. This will - be canonicalized upon - output, so case-variant - names will be understood - as the same header. type: string value: - description: The header - field value type: string required: - name @@ -3653,144 +1358,58 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access - on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use - for connecting to the host. - Defaults to HTTP. type: string required: - port type: object sleep: - description: Sleep represents - the duration that the container - should sleep before being terminated. properties: seconds: - description: Seconds is the - number of seconds to sleep. format: int64 type: integer required: - seconds type: object tcpSocket: - description: Deprecated. TCPSocket - is NOT supported as a LifecycleHandler - and kept for the backward compatibility. - There are no validation of this - field and lifecycle hooks will - fail in runtime when tcp handler - is specified. properties: host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: - description: 'PreStop is called immediately - before a container is terminated - due to an API request or management - event such as liveness/startup probe - failure, preemption, resource contention, - etc. The handler is not called if - the container crashes or exits. - The Pod''s termination grace period - countdown begins before the PreStop - hook is executed. Regardless of - the outcome of the handler, the - container will eventually terminate - within the Pod''s termination grace - period (unless delayed by finalizers). - Other management of the container - blocks until the hook completes - or until the termination grace period - is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: Exec specifies the - action to take. properties: command: - description: Command is the - command line to execute - inside the container, the - working directory for the - command is root ('/') in - the container's filesystem. - The command is simply exec'd, - it is not run inside a shell, - so traditional shell instructions - ('|', etc) won't work. To - use a shell, you need to - explicitly call out to that - shell. Exit status of 0 - is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies - the http request to perform. properties: host: - description: Host name to - connect to, defaults to - the pod IP. You probably - want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. items: - description: HTTPHeader - describes a custom header - to be used in HTTP probes properties: name: - description: The header - field name. This will - be canonicalized upon - output, so case-variant - names will be understood - as the same header. type: string value: - description: The header - field value type: string required: - name @@ -3799,63 +1418,33 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access - on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use - for connecting to the host. - Defaults to HTTP. type: string required: - port type: object sleep: - description: Sleep represents - the duration that the container - should sleep before being terminated. properties: seconds: - description: Seconds is the - number of seconds to sleep. format: int64 type: integer required: - seconds type: object tcpSocket: - description: Deprecated. TCPSocket - is NOT supported as a LifecycleHandler - and kept for the backward compatibility. - There are no validation of this - field and lifecycle hooks will - fail in runtime when tcp handler - is specified. properties: host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -3863,93 +1452,38 @@ spec: type: object type: object livenessProbe: - description: 'Periodic probe of container - liveness. Container will be restarted - if the probe fails. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action - to take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the - command is root ('/') in the - container's filesystem. The - command is simply exec'd, it - is not run inside a shell, so - traditional shell instructions - ('|', etc) won't work. To use - a shell, you need to explicitly - call out to that shell. Exit - status of 0 is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults - to 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action - involving a GRPC port. properties: port: - description: Port number of the - gRPC service. Number must be - in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name - of the service to place in the - gRPC HealthCheckRequest (see - https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, - the default behavior is defined - by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the - http request to perform. properties: host: - description: Host name to connect - to, defaults to the pod IP. - You probably want to set "Host" - in httpHeaders instead. type: string httpHeaders: - description: Custom headers to - set in the request. HTTP allows - repeated headers. items: - description: HTTPHeader describes - a custom header to be used - in HTTP probes properties: name: - description: The header - field name. This will - be canonicalized upon - output, so case-variant - names will be understood - as the same header. type: string value: - description: The header - field value type: string required: - name @@ -3958,157 +1492,62 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on - the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for - connecting to the host. Defaults - to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after - the container has started before - liveness probes are initiated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) - to perform the probe. Default to - 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to - 1. Must be 1 for liveness and startup. - Minimum value is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an - action involving a TCP port. properties: host: - description: 'Optional: Host name - to connect to, defaults to the - pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in - seconds the pod needs to terminate - gracefully upon probe failure. The - grace period is the duration in - seconds after the processes running - in the pod are sent a termination - signal and the time when the processes - are forcibly halted with a kill - signal. Set this value longer than - the expected cleanup time for your - process. If this value is nil, the - pod's terminationGracePeriodSeconds - will be used. Otherwise, this value - overrides the value provided by - the pod spec. Value must be non-negative - integer. The value zero indicates - stop immediately via the kill signal - (no opportunity to shut down). This - is a beta field and requires enabling - ProbeTerminationGracePeriod feature - gate. Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after - which the probe times out. Defaults - to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object name: - description: Name of the container specified - as a DNS_LABEL. Each container in a - pod must have a unique name (DNS_LABEL). - Cannot be updated. type: string ports: - description: List of ports to expose from - the container. Not specifying a port - here DOES NOT prevent that port from - being exposed. Any port which is listening - on the default "0.0.0.0" address inside - a container will be accessible from - the network. Modifying this array with - strategic merge patch may corrupt the - data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. - Cannot be updated. items: - description: ContainerPort represents - a network port in a single container. properties: containerPort: - description: Number of port to expose - on the pod's IP address. This - must be a valid port number, 0 - < x < 65536. format: int32 type: integer hostIP: - description: What host IP to bind - the external port to. type: string hostPort: - description: Number of port to expose - on the host. If specified, this - must be a valid port number, 0 - < x < 65536. If HostNetwork is - specified, this must match ContainerPort. - Most containers do not need this. format: int32 type: integer name: - description: If specified, this - must be an IANA_SVC_NAME and unique - within the pod. Each named port - in a pod must have a unique name. - Name for the port that can be - referred to by services. type: string protocol: default: TCP - description: Protocol for port. - Must be UDP, TCP, or SCTP. Defaults - to "TCP". type: string required: - containerPort @@ -4119,94 +1558,38 @@ spec: - protocol x-kubernetes-list-type: map readinessProbe: - description: 'Periodic probe of container - service readiness. Container will be - removed from service endpoints if the - probe fails. Cannot be updated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action - to take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the - command is root ('/') in the - container's filesystem. The - command is simply exec'd, it - is not run inside a shell, so - traditional shell instructions - ('|', etc) won't work. To use - a shell, you need to explicitly - call out to that shell. Exit - status of 0 is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults - to 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action - involving a GRPC port. properties: port: - description: Port number of the - gRPC service. Number must be - in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name - of the service to place in the - gRPC HealthCheckRequest (see - https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, - the default behavior is defined - by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the - http request to perform. properties: host: - description: Host name to connect - to, defaults to the pod IP. - You probably want to set "Host" - in httpHeaders instead. type: string httpHeaders: - description: Custom headers to - set in the request. HTTP allows - repeated headers. items: - description: HTTPHeader describes - a custom header to be used - in HTTP probes properties: name: - description: The header - field name. This will - be canonicalized upon - output, so case-variant - names will be understood - as the same header. type: string value: - description: The header - field value type: string required: - name @@ -4215,121 +1598,51 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on - the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for - connecting to the host. Defaults - to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after - the container has started before - liveness probes are initiated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) - to perform the probe. Default to - 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to - 1. Must be 1 for liveness and startup. - Minimum value is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an - action involving a TCP port. properties: host: - description: 'Optional: Host name - to connect to, defaults to the - pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in - seconds the pod needs to terminate - gracefully upon probe failure. The - grace period is the duration in - seconds after the processes running - in the pod are sent a termination - signal and the time when the processes - are forcibly halted with a kill - signal. Set this value longer than - the expected cleanup time for your - process. If this value is nil, the - pod's terminationGracePeriodSeconds - will be used. Otherwise, this value - overrides the value provided by - the pod spec. Value must be non-negative - integer. The value zero indicates - stop immediately via the kill signal - (no opportunity to shut down). This - is a beta field and requires enabling - ProbeTerminationGracePeriod feature - gate. Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after - which the probe times out. Defaults - to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object resizePolicy: - description: Resources resize policy for - the container. items: - description: ContainerResizePolicy represents - resource resize policy for the container. properties: resourceName: - description: 'Name of the resource - to which this resource resize - policy applies. Supported values: - cpu, memory.' type: string restartPolicy: - description: Restart policy to apply - when specified resource is resized. - If not specified, it defaults - to NotRequired. type: string required: - resourceName @@ -4338,28 +1651,11 @@ spec: type: array x-kubernetes-list-type: atomic resources: - description: 'Compute Resources required - by this container. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' properties: claims: - description: "Claims lists the names - of resources, defined in spec.resourceClaims, - that are used by this container. - \n This is an alpha field and requires - enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. - It can only be set for containers." items: - description: ResourceClaim references - one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match - the name of one entry in pod.spec.resourceClaims - of the Pod where this field - is used. It makes that resource - available inside a container. type: string required: - name @@ -4375,9 +1671,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the - maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -4386,402 +1679,115 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the - minimum amount of compute resources - required. If Requests is omitted - for a container, it defaults to - Limits if that is explicitly specified, - otherwise to an implementation-defined - value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object restartPolicy: - description: 'RestartPolicy defines the - restart behavior of individual containers - in a pod. This field may only be set - for init containers, and the only allowed - value is "Always". For non-init containers - or when this field is not specified, - the restart behavior is defined by the - Pod''s restart policy and the container - type. Setting the RestartPolicy as "Always" - for the init container will have the - following effect: this init container - will be continually restarted on exit - until all regular containers have terminated. - Once all regular containers have completed, - all init containers with restartPolicy - "Always" will be shut down. This lifecycle - differs from normal init containers - and is often referred to as a "sidecar" - container. Although this init container - still starts in the init container sequence, - it does not wait for the container to - complete before proceeding to the next - init container. Instead, the next init - container starts immediately after this - init container is started, or after - any startupProbe has successfully completed.' type: string securityContext: - description: 'SecurityContext defines - the security options the container should - be run with. If set, the fields of SecurityContext - override the equivalent fields of PodSecurityContext. - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation - controls whether a process can gain - more privileges than its parent - process. This bool directly controls - if the no_new_privs flag will be - set on the container process. AllowPrivilegeEscalation - is true always when the container - is: 1) run as Privileged 2) has - CAP_SYS_ADMIN Note that this field - cannot be set when spec.os.name - is windows.' type: boolean appArmorProfile: - description: appArmorProfile is the - AppArmor options to use by this - container. If set, this profile - overrides the pod's appArmorProfile. - Note that this field cannot be set - when spec.os.name is windows. properties: localhostProfile: - description: localhostProfile - indicates a profile loaded on - the node that should be used. - The profile must be preconfigured - on the node to work. Must match - the loaded name of the profile. - Must be set if and only if type - is "Localhost". type: string type: - description: 'type indicates which - kind of AppArmor profile will - be applied. Valid options are: - Localhost - a profile pre-loaded - on the node. RuntimeDefault - - the container runtime''s default - profile. Unconfined - no AppArmor - enforcement.' type: string required: - type type: object capabilities: - description: The capabilities to add/drop - when running containers. Defaults - to the default set of capabilities - granted by the container runtime. - Note that this field cannot be set - when spec.os.name is windows. properties: add: - description: Added capabilities items: - description: Capability represent - POSIX capabilities type type: string type: array x-kubernetes-list-type: atomic drop: - description: Removed capabilities items: - description: Capability represent - POSIX capabilities type type: string type: array x-kubernetes-list-type: atomic type: object privileged: - description: Run container in privileged - mode. Processes in privileged containers - are essentially equivalent to root - on the host. Defaults to false. - Note that this field cannot be set - when spec.os.name is windows. type: boolean procMount: - description: procMount denotes the - type of proc mount to use for the - containers. The default is DefaultProcMount - which uses the container runtime - defaults for readonly paths and - masked paths. This requires the - ProcMountType feature flag to be - enabled. Note that this field cannot - be set when spec.os.name is windows. type: string readOnlyRootFilesystem: - description: Whether this container - has a read-only root filesystem. - Default is false. Note that this - field cannot be set when spec.os.name - is windows. type: boolean runAsGroup: - description: The GID to run the entrypoint - of the container process. Uses runtime - default if unset. May also be set - in PodSecurityContext. If set in - both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this - field cannot be set when spec.os.name - is windows. format: int64 type: integer runAsNonRoot: - description: Indicates that the container - must run as a non-root user. If - true, the Kubelet will validate - the image at runtime to ensure that - it does not run as UID 0 (root) - and fail to start the container - if it does. If unset or false, no - such validation will be performed. - May also be set in PodSecurityContext. If - set in both SecurityContext and - PodSecurityContext, the value specified - in SecurityContext takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint - of the container process. Defaults - to user specified in image metadata - if unspecified. May also be set - in PodSecurityContext. If set in - both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this - field cannot be set when spec.os.name - is windows. format: int64 type: integer seLinuxOptions: - description: The SELinux context to - be applied to the container. If - unspecified, the container runtime - will allocate a random SELinux context - for each container. May also be - set in PodSecurityContext. If set - in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this - field cannot be set when spec.os.name - is windows. properties: level: - description: Level is SELinux - level label that applies to - the container. type: string role: - description: Role is a SELinux - role label that applies to the - container. type: string type: - description: Type is a SELinux - type label that applies to the - container. type: string user: - description: User is a SELinux - user label that applies to the - container. type: string type: object seccompProfile: - description: The seccomp options to - use by this container. If seccomp - options are provided at both the - pod & container level, the container - options override the pod options. - Note that this field cannot be set - when spec.os.name is windows. properties: localhostProfile: - description: localhostProfile - indicates a profile defined - in a file on the node should - be used. The profile must be - preconfigured on the node to - work. Must be a descending path, - relative to the kubelet's configured - seccomp profile location. Must - be set if type is "Localhost". - Must NOT be set for any other - type. type: string type: - description: "type indicates which - kind of seccomp profile will - be applied. Valid options are: - \n Localhost - a profile defined - in a file on the node should - be used. RuntimeDefault - the - container runtime default profile - should be used. Unconfined - - no profile should be applied." type: string required: - type type: object windowsOptions: - description: The Windows specific - settings applied to all containers. - If unspecified, the options from - the PodSecurityContext will be used. - If set in both SecurityContext and - PodSecurityContext, the value specified - in SecurityContext takes precedence. - Note that this field cannot be set - when spec.os.name is linux. properties: gmsaCredentialSpec: - description: GMSACredentialSpec - is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the - GMSA credential spec named by - the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName - is the name of the GMSA credential - spec to use. type: string hostProcess: - description: HostProcess determines - if a container should be run - as a 'Host Process' container. - All of a Pod's containers must - have the same effective HostProcess - value (it is not allowed to - have a mix of HostProcess containers - and non-HostProcess containers). - In addition, if HostProcess - is true then HostNetwork must - also be set to true. type: boolean runAsUserName: - description: The UserName in Windows - to run the entrypoint of the - container process. Defaults - to the user specified in image - metadata if unspecified. May - also be set in PodSecurityContext. - If set in both SecurityContext - and PodSecurityContext, the - value specified in SecurityContext - takes precedence. type: string type: object type: object startupProbe: - description: 'StartupProbe indicates that - the Pod has successfully initialized. - If specified, no other probes are executed - until this completes successfully. If - this probe fails, the Pod will be restarted, - just as if the livenessProbe failed. - This can be used to provide different - probe parameters at the beginning of - a Pod''s lifecycle, when it might take - a long time to load data or warm a cache, - than during steady-state operation. - This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action - to take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the - command is root ('/') in the - container's filesystem. The - command is simply exec'd, it - is not run inside a shell, so - traditional shell instructions - ('|', etc) won't work. To use - a shell, you need to explicitly - call out to that shell. Exit - status of 0 is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults - to 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action - involving a GRPC port. properties: port: - description: Port number of the - gRPC service. Number must be - in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name - of the service to place in the - gRPC HealthCheckRequest (see - https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, - the default behavior is defined - by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the - http request to perform. properties: host: - description: Host name to connect - to, defaults to the pod IP. - You probably want to set "Host" - in httpHeaders instead. type: string httpHeaders: - description: Custom headers to - set in the request. HTTP allows - repeated headers. items: - description: HTTPHeader describes - a custom header to be used - in HTTP probes properties: name: - description: The header - field name. This will - be canonicalized upon - output, so case-variant - names will be understood - as the same header. type: string value: - description: The header - field value type: string required: - name @@ -4790,176 +1796,61 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on - the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for - connecting to the host. Defaults - to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after - the container has started before - liveness probes are initiated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) - to perform the probe. Default to - 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to - 1. Must be 1 for liveness and startup. - Minimum value is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an - action involving a TCP port. properties: host: - description: 'Optional: Host name - to connect to, defaults to the - pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in - seconds the pod needs to terminate - gracefully upon probe failure. The - grace period is the duration in - seconds after the processes running - in the pod are sent a termination - signal and the time when the processes - are forcibly halted with a kill - signal. Set this value longer than - the expected cleanup time for your - process. If this value is nil, the - pod's terminationGracePeriodSeconds - will be used. Otherwise, this value - overrides the value provided by - the pod spec. Value must be non-negative - integer. The value zero indicates - stop immediately via the kill signal - (no opportunity to shut down). This - is a beta field and requires enabling - ProbeTerminationGracePeriod feature - gate. Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after - which the probe times out. Defaults - to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object stdin: - description: Whether this container should - allocate a buffer for stdin in the container - runtime. If this is not set, reads from - stdin in the container will always result - in EOF. Default is false. type: boolean stdinOnce: - description: Whether the container runtime - should close the stdin channel after - it has been opened by a single attach. - When stdin is true the stdin stream - will remain open across multiple attach - sessions. If stdinOnce is set to true, - stdin is opened on container start, - is empty until the first client attaches - to stdin, and then remains open and - accepts data until the client disconnects, - at which time stdin is closed and remains - closed until the container is restarted. - If this flag is false, a container processes - that reads from stdin will never receive - an EOF. Default is false type: boolean terminationMessagePath: - description: 'Optional: Path at which - the file to which the container''s termination - message will be written is mounted into - the container''s filesystem. Message - written is intended to be brief final - status, such as an assertion failure - message. Will be truncated by the node - if greater than 4096 bytes. The total - message length across all containers - will be limited to 12kb. Defaults to - /dev/termination-log. Cannot be updated.' type: string terminationMessagePolicy: - description: Indicate how the termination - message should be populated. File will - use the contents of terminationMessagePath - to populate the container status message - on both success and failure. FallbackToLogsOnError - will use the last chunk of container - log output if the termination message - file is empty and the container exited - with an error. The log output is limited - to 2048 bytes or 80 lines, whichever - is smaller. Defaults to File. Cannot - be updated. type: string tty: - description: Whether this container should - allocate a TTY for itself, also requires - 'stdin' to be true. Default is false. type: boolean volumeDevices: - description: volumeDevices is the list - of block devices to be used by the container. items: - description: volumeDevice describes - a mapping of a raw block device within - a container. properties: devicePath: - description: devicePath is the path - inside of the container that the - device will be mapped to. type: string name: - description: name must match the - name of a persistentVolumeClaim - in the pod type: string required: - devicePath @@ -4970,84 +1861,21 @@ spec: - devicePath x-kubernetes-list-type: map volumeMounts: - description: Pod volumes to mount into - the container's filesystem. Cannot be - updated. items: - description: VolumeMount describes a - mounting of a Volume within a container. properties: mountPath: - description: Path within the container - at which the volume should be - mounted. Must not contain ':'. type: string mountPropagation: - description: mountPropagation determines - how mounts are propagated from - the host to container and the - other way around. When not set, - MountPropagationNone is used. - This field is beta in 1.10. When - RecursiveReadOnly is set to IfPossible - or to Enabled, MountPropagation - must be None or unspecified (which - defaults to None). type: string name: - description: This must match the - Name of a Volume. type: string readOnly: - description: Mounted read-only if - true, read-write otherwise (false - or unspecified). Defaults to false. type: boolean recursiveReadOnly: - description: "RecursiveReadOnly - specifies whether read-only mounts - should be handled recursively. - \n If ReadOnly is false, this - field has no meaning and must - be unspecified. \n If ReadOnly - is true, and this field is set - to Disabled, the mount is not - made recursively read-only. If - this field is set to IfPossible, - the mount is made recursively - read-only, if it is supported - by the container runtime. If - this field is set to Enabled, - the mount is made recursively - read-only if it is supported by - the container runtime, otherwise - the pod will not be started and - an error will be generated to - indicate the reason. \n If this - field is set to IfPossible or - Enabled, MountPropagation must - be set to None (or be unspecified, - which defaults to None). \n If - this field is not specified, it - is treated as an equivalent of - Disabled." type: string subPath: - description: Path within the volume - from which the container's volume - should be mounted. Defaults to - "" (volume's root). type: string subPathExpr: - description: Expanded path within - the volume from which the container's - volume should be mounted. Behaves - similarly to SubPath but environment - variable references $(VAR_NAME) - are expanded using the container's - environment. Defaults to "" (volume's - root). SubPathExpr and SubPath - are mutually exclusive. type: string required: - mountPath @@ -5058,81 +1886,33 @@ spec: - mountPath x-kubernetes-list-type: map workingDir: - description: Container's working directory. - If not specified, the container runtime's - default will be used, which might be - configured in the container image. Cannot - be updated. type: string required: - name type: object type: array lifecycle: - description: Actions that the management system - should take in response to container lifecycle - events. Cannot be updated. properties: postStart: - description: 'PostStart is called immediately - after a container is created. If the handler - fails, the container is terminated and - restarted according to its restart policy. - Other management of the container blocks - until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: Exec specifies the action - to take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the - command is root ('/') in the - container's filesystem. The command - is simply exec'd, it is not run - inside a shell, so traditional - shell instructions ('|', etc) - won't work. To use a shell, you - need to explicitly call out to - that shell. Exit status of 0 is - treated as live/healthy and non-zero - is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the http - request to perform. properties: host: - description: Host name to connect - to, defaults to the pod IP. You - probably want to set "Host" in - httpHeaders instead. type: string httpHeaders: - description: Custom headers to set - in the request. HTTP allows repeated - headers. items: - description: HTTPHeader describes - a custom header to be used in - HTTP probes properties: name: - description: The header field - name. This will be canonicalized - upon output, so case-variant - names will be understood - as the same header. type: string value: - description: The header field - value type: string required: - name @@ -5141,134 +1921,58 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the - HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the - port to access on the container. - Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. type: string required: - port type: object sleep: - description: Sleep represents the duration - that the container should sleep before - being terminated. properties: seconds: - description: Seconds is the number - of seconds to sleep. format: int64 type: integer required: - seconds type: object tcpSocket: - description: Deprecated. TCPSocket is - NOT supported as a LifecycleHandler - and kept for the backward compatibility. - There are no validation of this field - and lifecycle hooks will fail in runtime - when tcp handler is specified. properties: host: - description: 'Optional: Host name - to connect to, defaults to the - pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the - port to access on the container. - Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: - description: 'PreStop is called immediately - before a container is terminated due to - an API request or management event such - as liveness/startup probe failure, preemption, - resource contention, etc. The handler - is not called if the container crashes - or exits. The Pod''s termination grace - period countdown begins before the PreStop - hook is executed. Regardless of the outcome - of the handler, the container will eventually - terminate within the Pod''s termination - grace period (unless delayed by finalizers). - Other management of the container blocks - until the hook completes or until the - termination grace period is reached. More - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: Exec specifies the action - to take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the - command is root ('/') in the - container's filesystem. The command - is simply exec'd, it is not run - inside a shell, so traditional - shell instructions ('|', etc) - won't work. To use a shell, you - need to explicitly call out to - that shell. Exit status of 0 is - treated as live/healthy and non-zero - is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the http - request to perform. properties: host: - description: Host name to connect - to, defaults to the pod IP. You - probably want to set "Host" in - httpHeaders instead. type: string httpHeaders: - description: Custom headers to set - in the request. HTTP allows repeated - headers. items: - description: HTTPHeader describes - a custom header to be used in - HTTP probes properties: name: - description: The header field - name. This will be canonicalized - upon output, so case-variant - names will be understood - as the same header. type: string value: - description: The header field - value type: string required: - name @@ -5277,59 +1981,33 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the - HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the - port to access on the container. - Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. type: string required: - port type: object sleep: - description: Sleep represents the duration - that the container should sleep before - being terminated. properties: seconds: - description: Seconds is the number - of seconds to sleep. format: int64 type: integer required: - seconds type: object tcpSocket: - description: Deprecated. TCPSocket is - NOT supported as a LifecycleHandler - and kept for the backward compatibility. - There are no validation of this field - and lifecycle hooks will fail in runtime - when tcp handler is specified. properties: host: - description: 'Optional: Host name - to connect to, defaults to the - pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the - port to access on the container. - Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -5337,90 +2015,38 @@ spec: type: object type: object livenessProbe: - description: 'Periodic probe of container liveness. - Container will be restarted if the probe fails. - Controllers may set default LivenessProbe - if no liveness probe is provided. To ignore - defaulting, set the value to empty LivenessProbe - "{}". Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action to - take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it is - not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to - explicitly call out to that shell. - Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults to 3. - Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action involving - a GRPC port. properties: port: - description: Port number of the gRPC - service. Number must be in the range - 1 to 65535. format: int32 type: integer service: - description: "Service is the name of - the service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default - behavior is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http - request to perform. properties: host: - description: Host name to connect to, - defaults to the pod IP. You probably - want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers to set in - the request. HTTP allows repeated - headers. items: - description: HTTPHeader describes - a custom header to be used in HTTP - probes properties: name: - description: The header field - name. This will be canonicalized - upon output, so case-variant - names will be understood as - the same header. type: string value: - description: The header field - value type: string required: - name @@ -5429,228 +2055,95 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the HTTP - server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the - container has started before liveness - probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform - the probe. Default to 10 seconds. Minimum - value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to 1. Must - be 1 for liveness and startup. Minimum - value is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action - involving a TCP port. properties: host: - description: 'Optional: Host name to - connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds - the pod needs to terminate gracefully - upon probe failure. The grace period is - the duration in seconds after the processes - running in the pod are sent a termination - signal and the time when the processes - are forcibly halted with a kill signal. - Set this value longer than the expected - cleanup time for your process. If this - value is nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this value overrides - the value provided by the pod spec. Value - must be non-negative integer. The value - zero indicates stop immediately via the - kill signal (no opportunity to shut down). - This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which - the probe times out. Defaults to 1 second. - Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object nodeSelector: additionalProperties: type: string - description: 'NodeSelector is a selector which - must be true for the pod to fit on a node. - Selector which must match a node''s labels - for the pod to be scheduled on that node. - More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' type: object x-kubernetes-map-type: atomic podPlacementPolicy: - description: PodPlacementPolicy is the reference - of the podPlacementPolicy properties: name: default: "" - description: 'Name of the referent. This - field is effectively required, but due - to backwards compatibility is allowed - to be empty. Instances of this type with - an empty value here are almost certainly - wrong. TODO: Add other useful fields. - apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic priority: - description: The priority value. Various system - components use this field to find the priority - of the pod. When Priority Admission Controller - is enabled, it prevents users from setting - this field. The admission controller populates - this field from PriorityClassName. The higher - the value, the higher the priority. format: int32 type: integer priorityClassName: - description: If specified, indicates the pod's - priority. "system-node-critical" and "system-cluster-critical" - are two special keywords which indicate the - highest priorities with the former being the - highest priority. Any other name must be defined - by creating a PriorityClass object with that - name. If not specified, the pod priority will - be default or zero if there is no default. type: string readinessProbe: - description: 'Periodic probe of container service - readiness. Container will be removed from - service endpoints if the probe fails. Cannot - be updated. Controllers may set default ReadinessProbe - if no readyness probe is provided. To ignore - defaulting, set the value to empty ReadynessProbe - "{}". More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action to - take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it is - not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to - explicitly call out to that shell. - Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults to 3. - Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action involving - a GRPC port. properties: port: - description: Port number of the gRPC - service. Number must be in the range - 1 to 65535. format: int32 type: integer service: - description: "Service is the name of - the service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default - behavior is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http - request to perform. properties: host: - description: Host name to connect to, - defaults to the pod IP. You probably - want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers to set in - the request. HTTP allows repeated - headers. items: - description: HTTPHeader describes - a custom header to be used in HTTP - probes properties: name: - description: The header field - name. This will be canonicalized - upon output, so case-variant - names will be understood as - the same header. type: string value: - description: The header field - value type: string required: - name @@ -5659,116 +2152,51 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the HTTP - server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the - container has started before liveness - probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform - the probe. Default to 10 seconds. Minimum - value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to 1. Must - be 1 for liveness and startup. Minimum - value is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action - involving a TCP port. properties: host: - description: 'Optional: Host name to - connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds - the pod needs to terminate gracefully - upon probe failure. The grace period is - the duration in seconds after the processes - running in the pod are sent a termination - signal and the time when the processes - are forcibly halted with a kill signal. - Set this value longer than the expected - cleanup time for your process. If this - value is nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this value overrides - the value provided by the pod spec. Value - must be non-negative integer. The value - zero indicates stop immediately via the - kill signal (no opportunity to shut down). - This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which - the probe times out. Defaults to 1 second. - Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object resources: - description: Compute Resources required by the - sidecar container. properties: claims: - description: "Claims lists the names of - resources, defined in spec.resourceClaims, - that are used by this container. \n This - is an alpha field and requires enabling - the DynamicResourceAllocation feature - gate. \n This field is immutable. It can - only be set for containers." items: - description: ResourceClaim references - one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name - of one entry in pod.spec.resourceClaims - of the Pod where this field is used. - It makes that resource available - inside a container. type: string required: - name @@ -5784,9 +2212,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum - amount of compute resources allowed. More - info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -5795,225 +2220,68 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum - amount of compute resources required. - If Requests is omitted for a container, - it defaults to Limits if that is explicitly - specified, otherwise to an implementation-defined - value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object runtimeClassName: - description: 'RuntimeClassName refers to a RuntimeClass - object in the node.k8s.io group, which should - be used to run this pod. If no RuntimeClass - resource matches the named class, the pod - will not be run. If unset or empty, the "legacy" - RuntimeClass will be used, which is an implicit - class with an empty definition that uses the - default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class' type: string schedulerName: - description: If specified, the pod will be dispatched - by specified scheduler. If not specified, - the pod will be dispatched by default scheduler. type: string securityContext: - description: 'SecurityContext holds pod-level - security attributes and common container settings. - Optional: Defaults to empty. See type description - for default values of each field.' properties: appArmorProfile: - description: appArmorProfile is the AppArmor - options to use by the containers in this - pod. Note that this field cannot be set - when spec.os.name is windows. properties: localhostProfile: - description: localhostProfile indicates - a profile loaded on the node that - should be used. The profile must be - preconfigured on the node to work. - Must match the loaded name of the - profile. Must be set if and only if - type is "Localhost". type: string type: - description: 'type indicates which kind - of AppArmor profile will be applied. - Valid options are: Localhost - a profile - pre-loaded on the node. RuntimeDefault - - the container runtime''s default - profile. Unconfined - no AppArmor - enforcement.' type: string required: - type type: object fsGroup: - description: "A special supplemental group - that applies to all containers in a pod. - Some volume types allow the Kubelet to - change the ownership of that volume to - be owned by the pod: \n 1. The owning - GID will be the FSGroup 2. The setgid - bit is set (new files created in the volume - will be owned by FSGroup) 3. The permission - bits are OR'd with rw-rw---- \n If unset, - the Kubelet will not modify the ownership - and permissions of any volume. Note that - this field cannot be set when spec.os.name - is windows." format: int64 type: integer fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines - behavior of changing ownership and permission - of the volume before being exposed inside - Pod. This field will only apply to volume - types which support fsGroup based ownership(and - permissions). It will have no effect on - ephemeral volume types such as: secret, - configmaps and emptydir. Valid values - are "OnRootMismatch" and "Always". If - not specified, "Always" is used. Note - that this field cannot be set when spec.os.name - is windows.' type: string runAsGroup: - description: The GID to run the entrypoint - of the container process. Uses runtime - default if unset. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence for that container. Note - that this field cannot be set when spec.os.name - is windows. format: int64 type: integer runAsNonRoot: - description: Indicates that the container - must run as a non-root user. If true, - the Kubelet will validate the image at - runtime to ensure that it does not run - as UID 0 (root) and fail to start the - container if it does. If unset or false, - no such validation will be performed. - May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint - of the container process. Defaults to - user specified in image metadata if unspecified. - May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence for that container. Note - that this field cannot be set when spec.os.name - is windows. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be applied - to all containers. If unspecified, the - container runtime will allocate a random - SELinux context for each container. May - also be set in SecurityContext. If set - in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence for that container. Note - that this field cannot be set when spec.os.name - is windows. properties: level: - description: Level is SELinux level - label that applies to the container. type: string role: - description: Role is a SELinux role - label that applies to the container. type: string type: - description: Type is a SELinux type - label that applies to the container. type: string user: - description: User is a SELinux user - label that applies to the container. type: string type: object seccompProfile: - description: The seccomp options to use - by the containers in this pod. Note that - this field cannot be set when spec.os.name - is windows. properties: localhostProfile: - description: localhostProfile indicates - a profile defined in a file on the - node should be used. The profile must - be preconfigured on the node to work. - Must be a descending path, relative - to the kubelet's configured seccomp - profile location. Must be set if type - is "Localhost". Must NOT be set for - any other type. type: string type: - description: "type indicates which kind - of seccomp profile will be applied. - Valid options are: \n Localhost - - a profile defined in a file on the - node should be used. RuntimeDefault - - the container runtime default profile - should be used. Unconfined - no profile - should be applied." type: string required: - type type: object supplementalGroups: - description: A list of groups applied to - the first process run in each container, - in addition to the container's primary - GID, the fsGroup (if specified), and group - memberships defined in the container image - for the uid of the container process. - If unspecified, no additional groups are - added to any container. Note that group - memberships defined in the container image - for the uid of the container process are - still effective, even if they are not - included in this list. Note that this - field cannot be set when spec.os.name - is windows. items: format: int64 type: integer type: array x-kubernetes-list-type: atomic sysctls: - description: Sysctls hold a list of namespaced - sysctls used for the pod. Pods with unsupported - sysctls (by the container runtime) might - fail to launch. Note that this field cannot - be set when spec.os.name is windows. items: - description: Sysctl defines a kernel parameter - to be set properties: name: - description: Name of a property to - set type: string value: - description: Value of a property to - set type: string required: - name @@ -6022,183 +2290,53 @@ spec: type: array x-kubernetes-list-type: atomic windowsOptions: - description: The Windows specific settings - applied to all containers. If unspecified, - the options within a container's SecurityContext - will be used. If set in both SecurityContext - and PodSecurityContext, the value specified - in SecurityContext takes precedence. Note - that this field cannot be set when spec.os.name - is linux. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is where - the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential - spec named by the GMSACredentialSpecName - field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName - is the name of the GMSA credential - spec to use. type: string hostProcess: - description: HostProcess determines - if a container should be run as a - 'Host Process' container. All of a - Pod's containers must have the same - effective HostProcess value (it is - not allowed to have a mix of HostProcess - containers and non-HostProcess containers). - In addition, if HostProcess is true - then HostNetwork must also be set - to true. type: boolean runAsUserName: - description: The UserName in Windows - to run the entrypoint of the container - process. Defaults to the user specified - in image metadata if unspecified. - May also be set in PodSecurityContext. - If set in both SecurityContext and - PodSecurityContext, the value specified - in SecurityContext takes precedence. type: string type: object type: object serviceAccountName: - description: 'ServiceAccountName is the name - of the ServiceAccount to use to run this pod. - More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' type: string shareProcessNamespace: - description: 'Share a single process namespace - between all of the containers in a pod. When - this is set containers will be able to view - and signal processes from other containers - in the same pod, and the first process in - each container will not be assigned PID 1. - HostPID and ShareProcessNamespace cannot both - be set. Optional: Default to false.' type: boolean terminationGracePeriodSeconds: - description: Optional duration in seconds the - pod needs to terminate gracefully. May be - decreased in delete request. Value must be - non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity - to shut down). If this value is nil, the default - grace period will be used instead. The grace - period is the duration in seconds after the - processes running in the pod are sent a termination - signal and the time when the processes are - forcibly halted with a kill signal. Set this - value longer than the expected cleanup time - for your process. Defaults to 30 seconds. format: int64 type: integer tolerations: - description: If specified, the pod's tolerations. items: - description: The pod this Toleration is attached - to tolerates any taint that matches the - triple using the matching - operator . properties: effect: - description: Effect indicates the taint - effect to match. Empty means match all - taint effects. When specified, allowed - values are NoSchedule, PreferNoSchedule - and NoExecute. type: string key: - description: Key is the taint key that - the toleration applies to. Empty means - match all taint keys. If the key is - empty, operator must be Exists; this - combination means to match all values - and all keys. type: string operator: - description: Operator represents a key's - relationship to the value. Valid operators - are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for - value, so that a pod can tolerate all - taints of a particular category. type: string tolerationSeconds: - description: TolerationSeconds represents - the period of time the toleration (which - must be of effect NoExecute, otherwise - this field is ignored) tolerates the - taint. By default, it is not set, which - means tolerate the taint forever (do - not evict). Zero and negative values - will be treated as 0 (evict immediately) - by the system. format: int64 type: integer value: - description: Value is the taint value - the toleration matches to. If the operator - is Exists, the value should be empty, - otherwise just a regular string. type: string type: object type: array topologySpreadConstraints: - description: TopologySpreadConstraints describes - how a group of pods ought to spread across - topology domains. Scheduler will schedule - pods in a way which abides by the constraints. - All topologySpreadConstraints are ANDed. items: - description: TopologySpreadConstraint specifies - how to spread matching pods among the given - topology. properties: labelSelector: - description: LabelSelector is used to - find matching pods. Pods that match - this label selector are counted to determine - the number of pods in their corresponding - topology domain. properties: matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. properties: key: - description: key is the label - key that the selector applies - to. type: string operator: - description: operator represents - a key's relationship to a - set of values. Valid operators - are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an array - of string values. If the operator - is In or NotIn, the values - array must be non-empty. If - the operator is Exists or - DoesNotExist, the values array - must be empty. This array - is replaced during a strategic - merge patch. items: type: string type: array @@ -6212,176 +2350,27 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map - of {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are - ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: "MatchLabelKeys is a set - of pod label keys to select the pods - over which spreading will be calculated. - The keys are used to lookup values from - the incoming pod labels, those key-value - labels are ANDed with labelSelector - to select the group of existing pods - over which spreading will be calculated - for the incoming pod. The same key is - forbidden to exist in both MatchLabelKeys - and LabelSelector. MatchLabelKeys cannot - be set when LabelSelector isn't set. - Keys that don't exist in the incoming - pod labels will be ignored. A null or - empty list means only match against - labelSelector. \n This is a beta field - and requires the MatchLabelKeysInPodTopologySpread - feature gate to be enabled (enabled - by default)." items: type: string type: array x-kubernetes-list-type: atomic maxSkew: - description: 'MaxSkew describes the degree - to which pods may be unevenly distributed. - When `whenUnsatisfiable=DoNotSchedule`, - it is the maximum permitted difference - between the number of matching pods - in the target topology and the global - minimum. The global minimum is the minimum - number of matching pods in an eligible - domain or zero if the number of eligible - domains is less than MinDomains. For - example, in a 3-zone cluster, MaxSkew - is set to 1, and pods with the same - labelSelector spread as 2/2/1: In this - case, the global minimum is 1. | zone1 - | zone2 | zone3 | | P P | P P | P | - - if MaxSkew is 1, incoming pod can - only be scheduled to zone3 to become - 2/2/2; scheduling it onto zone1(zone2) - would make the ActualSkew(3-1) on zone1(zone2) - violate MaxSkew(1). - if MaxSkew is - 2, incoming pod can be scheduled onto - any zone. When `whenUnsatisfiable=ScheduleAnyway`, - it is used to give higher precedence - to topologies that satisfy it. It''s - a required field. Default value is 1 - and 0 is not allowed.' format: int32 type: integer minDomains: - description: "MinDomains indicates a minimum - number of eligible domains. When the - number of eligible domains with matching - topology keys is less than minDomains, - Pod Topology Spread treats \"global - minimum\" as 0, and then the calculation - of Skew is performed. And when the number - of eligible domains with matching topology - keys equals or greater than minDomains, - this value has no effect on scheduling. - As a result, when the number of eligible - domains is less than minDomains, scheduler - won't schedule more than maxSkew Pods - to those domains. If value is nil, the - constraint behaves as if MinDomains - is equal to 1. Valid values are integers - greater than 0. When value is not nil, - WhenUnsatisfiable must be DoNotSchedule. - \n For example, in a 3-zone cluster, - MaxSkew is set to 2, MinDomains is set - to 5 and pods with the same labelSelector - spread as 2/2/2: | zone1 | zone2 | zone3 - | | P P | P P | P P | The number - of domains is less than 5(MinDomains), - so \"global minimum\" is treated as - 0. In this situation, new pod with the - same labelSelector cannot be scheduled, - because computed skew will be 3(3 - - 0) if new Pod is scheduled to any of - the three zones, it will violate MaxSkew." format: int32 type: integer nodeAffinityPolicy: - description: "NodeAffinityPolicy indicates - how we will treat Pod's nodeAffinity/nodeSelector - when calculating pod topology spread - skew. Options are: - Honor: only nodes - matching nodeAffinity/nodeSelector are - included in the calculations. - Ignore: - nodeAffinity/nodeSelector are ignored. - All nodes are included in the calculations. - \n If this value is nil, the behavior - is equivalent to the Honor policy. This - is a beta-level feature default enabled - by the NodeInclusionPolicyInPodTopologySpread - feature flag." type: string nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates - how we will treat node taints when calculating - pod topology spread skew. Options are: - - Honor: nodes without taints, along - with tainted nodes for which the incoming - pod has a toleration, are included. - - Ignore: node taints are ignored. All - nodes are included. \n If this value - is nil, the behavior is equivalent to - the Ignore policy. This is a beta-level - feature default enabled by the NodeInclusionPolicyInPodTopologySpread - feature flag." type: string topologyKey: - description: TopologyKey is the key of - node labels. Nodes that have a label - with this key and identical values are - considered to be in the same topology. - We consider each as a "bucket", - and try to put balanced number of pods - into each bucket. We define a domain - as a particular instance of a topology. - Also, we define an eligible domain as - a domain whose nodes meet the requirements - of nodeAffinityPolicy and nodeTaintsPolicy. - e.g. If TopologyKey is "kubernetes.io/hostname", - each Node is a domain of that topology. - And, if TopologyKey is "topology.kubernetes.io/zone", - each zone is a domain of that topology. - It's a required field. type: string whenUnsatisfiable: - description: 'WhenUnsatisfiable indicates - how to deal with a pod if it doesn''t - satisfy the spread constraint. - DoNotSchedule - (default) tells the scheduler not to - schedule it. - ScheduleAnyway tells - the scheduler to schedule the pod in - any location, but giving higher precedence - to topologies that would help reduce - the skew. A constraint is considered - "Unsatisfiable" for an incoming pod - if and only if every possible node assignment - for that pod would violate "MaxSkew" - on some topology. For example, in a - 3-zone cluster, MaxSkew is set to 1, - and pods with the same labelSelector - spread as 3/1/1: | zone1 | zone2 | zone3 - | | P P P | P | P | If WhenUnsatisfiable - is set to DoNotSchedule, incoming pod - can only be scheduled to zone2(zone3) - to become 3/2/1(3/1/2) as ActualSkew(2-1) - on zone2(zone3) satisfies MaxSkew(1). - In other words, the cluster can still - be imbalanced, but scheduler won''t - make it *more* imbalanced. It''s a required - field.' type: string required: - maxSkew @@ -6394,75 +2383,21 @@ spec: - whenUnsatisfiable x-kubernetes-list-type: map volumeMounts: - description: Pod volumes to mount into the container's - filesystem. Cannot be updated. items: - description: VolumeMount describes a mounting - of a Volume within a container. properties: mountPath: - description: Path within the container - at which the volume should be mounted. Must - not contain ':'. type: string mountPropagation: - description: mountPropagation determines - how mounts are propagated from the host - to container and the other way around. - When not set, MountPropagationNone is - used. This field is beta in 1.10. When - RecursiveReadOnly is set to IfPossible - or to Enabled, MountPropagation must - be None or unspecified (which defaults - to None). type: string name: - description: This must match the Name - of a Volume. type: string readOnly: - description: Mounted read-only if true, - read-write otherwise (false or unspecified). - Defaults to false. type: boolean recursiveReadOnly: - description: "RecursiveReadOnly specifies - whether read-only mounts should be handled - recursively. \n If ReadOnly is false, - this field has no meaning and must be - unspecified. \n If ReadOnly is true, - and this field is set to Disabled, the - mount is not made recursively read-only. - \ If this field is set to IfPossible, - the mount is made recursively read-only, - if it is supported by the container - runtime. If this field is set to Enabled, - the mount is made recursively read-only - if it is supported by the container - runtime, otherwise the pod will not - be started and an error will be generated - to indicate the reason. \n If this field - is set to IfPossible or Enabled, MountPropagation - must be set to None (or be unspecified, - which defaults to None). \n If this - field is not specified, it is treated - as an equivalent of Disabled." type: string subPath: - description: Path within the volume from - which the container's volume should - be mounted. Defaults to "" (volume's - root). type: string subPathExpr: - description: Expanded path within the - volume from which the container's volume - should be mounted. Behaves similarly - to SubPath but environment variable - references $(VAR_NAME) are expanded - using the container's environment. Defaults - to "" (volume's root). SubPathExpr and - SubPath are mutually exclusive. type: string required: - mountPath @@ -6470,309 +2405,109 @@ spec: type: object type: array volumes: - description: 'List of volumes that can be mounted - by containers belonging to the pod. More info: - https://kubernetes.io/docs/concepts/storage/volumes' items: - description: Volume represents a named volume - in a pod that may be accessed by any container - in the pod. properties: awsElasticBlockStore: - description: 'awsElasticBlockStore represents - an AWS Disk resource that is attached - to a kubelet''s host machine and then - exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' properties: fsType: - description: 'fsType is the filesystem - type of the volume that you want - to mount. Tip: Ensure that the filesystem - type is supported by the host operating - system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be - "ext4" if unspecified. More info: - https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in - the filesystem from compromising - the machine' type: string partition: - description: 'partition is the partition - in the volume that you want to mount. - If omitted, the default is to mount - by volume name. Examples: For volume - /dev/sda1, you specify the partition - as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can - leave the property empty).' format: int32 type: integer readOnly: - description: 'readOnly value true - will force the readOnly setting - in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: boolean volumeID: - description: 'volumeID is unique ID - of the persistent disk resource - in AWS (Amazon EBS volume). More - info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: string required: - volumeID type: object azureDisk: - description: azureDisk represents an Azure - Data Disk mount on the host and bind - mount to the pod. properties: cachingMode: - description: 'cachingMode is the Host - Caching mode: None, Read Only, Read - Write.' type: string diskName: - description: diskName is the Name - of the data disk in the blob storage type: string diskURI: - description: diskURI is the URI of - data disk in the blob storage type: string fsType: - description: fsType is Filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. type: string kind: - description: 'kind expected values - are Shared: multiple blob disks - per storage account Dedicated: - single blob disk per storage account Managed: - azure managed data disk (only in - managed availability set). defaults - to shared' type: string readOnly: - description: readOnly Defaults to - false (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. type: boolean required: - diskName - diskURI type: object azureFile: - description: azureFile represents an Azure - File Service mount on the host and bind - mount to the pod. properties: readOnly: - description: readOnly defaults to - false (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. type: boolean secretName: - description: secretName is the name - of secret that contains Azure Storage - Account Name and Key type: string shareName: - description: shareName is the azure - share Name type: string required: - secretName - shareName type: object cephfs: - description: cephFS represents a Ceph - FS mount on the host that shares a pod's - lifetime properties: monitors: - description: 'monitors is Required: - Monitors is a collection of Ceph - monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' items: type: string type: array x-kubernetes-list-type: atomic path: - description: 'path is Optional: Used - as the mounted root, rather than - the full Ceph tree, default is /' type: string readOnly: - description: 'readOnly is Optional: - Defaults to false (read/write). - ReadOnly here will force the ReadOnly - setting in VolumeMounts. More info: - https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: boolean secretFile: - description: 'secretFile is Optional: - SecretFile is the path to key ring - for User, default is /etc/ceph/user.secret - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string secretRef: - description: 'secretRef is Optional: - SecretRef is reference to the authentication - secret for User, default is empty. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is optional: User - is the rados user name, default - is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string required: - monitors type: object cinder: - description: 'cinder represents a cinder - volume attached and mounted on kubelets - host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' properties: fsType: - description: 'fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be - "ext4" if unspecified. More info: - https://examples.k8s.io/mysql-cinder-pd/README.md' type: string readOnly: - description: 'readOnly defaults to - false (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: boolean secretRef: - description: 'secretRef is optional: - points to a secret object containing - parameters used to connect to OpenStack.' properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic volumeID: - description: 'volumeID used to identify - the volume in cinder. More info: - https://examples.k8s.io/mysql-cinder-pd/README.md' type: string required: - volumeID type: object configMap: - description: configMap represents a configMap - that should populate this volume properties: defaultMode: - description: 'defaultMode is optional: - mode bits used to set permissions - on created files by default. Must - be an octal value between 0000 and - 0777 or a decimal value between - 0 and 511. YAML accepts both octal - and decimal values, JSON requires - decimal values for mode bits. Defaults - to 0644. Directories within the - path are not affected by this setting. - This might be in conflict with other - options that affect the file mode, - like fsGroup, and the result can - be other mode bits set.' format: int32 type: integer items: - description: items if unspecified, - each key-value pair in the Data - field of the referenced ConfigMap - will be projected into the volume - as a file whose name is the key - and content is the value. If specified, - the listed keys will be projected - into the specified paths, and unlisted - keys will not be present. If a key - is specified which is not present - in the ConfigMap, the volume setup - will error unless it is marked optional. - Paths must be relative and may not - contain the '..' path or start with - '..'. items: - description: Maps a string key to - a path within a volume. properties: key: - description: key is the key - to project. type: string mode: - description: 'mode is Optional: - mode bits used to set permissions - on this file. Must be an octal - value between 0000 and 0777 - or a decimal value between - 0 and 511. YAML accepts both - octal and decimal values, - JSON requires decimal values - for mode bits. If not specified, - the volume defaultMode will - be used. This might be in - conflict with other options - that affect the file mode, - like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer path: - description: path is the relative - path of the file to map the - key to. May not be an absolute - path. May not contain the - path element '..'. May not - start with the string '..'. type: string required: - key @@ -6782,199 +2517,67 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional specify whether - the ConfigMap or its keys must be - defined type: boolean type: object x-kubernetes-map-type: atomic csi: - description: csi (Container Storage Interface) - represents ephemeral storage that is - handled by certain external CSI drivers - (Beta feature). properties: driver: - description: driver is the name of - the CSI driver that handles this - volume. Consult with your admin - for the correct name as registered - in the cluster. type: string fsType: - description: fsType to mount. Ex. - "ext4", "xfs", "ntfs". If not provided, - the empty value is passed to the - associated CSI driver which will - determine the default filesystem - to apply. type: string nodePublishSecretRef: - description: nodePublishSecretRef - is a reference to the secret object - containing sensitive information - to pass to the CSI driver to complete - the CSI NodePublishVolume and NodeUnpublishVolume - calls. This field is optional, and may - be empty if no secret is required. - If the secret object contains more - than one secret, all secret references - are passed. properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic readOnly: - description: readOnly specifies a - read-only configuration for the - volume. Defaults to false (read/write). type: boolean volumeAttributes: additionalProperties: type: string - description: volumeAttributes stores - driver-specific properties that - are passed to the CSI driver. Consult - your driver's documentation for - supported values. type: object required: - driver type: object downwardAPI: - description: downwardAPI represents downward - API about the pod that should populate - this volume properties: defaultMode: - description: 'Optional: mode bits - to use on created files by default. - Must be a Optional: mode bits used - to set permissions on created files - by default. Must be an octal value - between 0000 and 0777 or a decimal - value between 0 and 511. YAML accepts - both octal and decimal values, JSON - requires decimal values for mode - bits. Defaults to 0644. Directories - within the path are not affected - by this setting. This might be in - conflict with other options that - affect the file mode, like fsGroup, - and the result can be other mode - bits set.' format: int32 type: integer items: - description: Items is a list of downward - API volume file items: - description: DownwardAPIVolumeFile - represents information to create - the file containing the pod field properties: fieldRef: - description: 'Required: Selects - a field of the pod: only annotations, - labels, name, namespace and - uid are supported.' properties: apiVersion: - description: Version of - the schema the FieldPath - is written in terms of, - defaults to "v1". type: string fieldPath: - description: Path of the - field to select in the - specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: mode - bits used to set permissions - on this file, must be an octal - value between 0000 and 0777 - or a decimal value between - 0 and 511. YAML accepts both - octal and decimal values, - JSON requires decimal values - for mode bits. If not specified, - the volume defaultMode will - be used. This might be in - conflict with other options - that affect the file mode, - like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer path: - description: 'Required: Path - is the relative path name - of the file to be created. - Must not be absolute or contain - the ''..'' path. Must be utf-8 - encoded. The first item of - the relative path must not - start with ''..''' type: string resourceFieldRef: - description: 'Selects a resource - of the container: only resources - limits and requests (limits.cpu, - limits.memory, requests.cpu - and requests.memory) are currently - supported.' properties: containerName: - description: 'Container - name: required for volumes, - optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the - output format of the exposed - resources, defaults to - "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: - resource to select' type: string required: - resource @@ -6987,265 +2590,50 @@ spec: x-kubernetes-list-type: atomic type: object emptyDir: - description: 'emptyDir represents a temporary - directory that shares a pod''s lifetime. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' properties: medium: - description: 'medium represents what - type of storage medium should back - this directory. The default is "" - which means to use the node''s default - medium. Must be an empty string - (default) or Memory. More info: - https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: anyOf: - type: integer - type: string - description: 'sizeLimit is the total - amount of local storage required - for this EmptyDir volume. The size - limit is also applicable for memory - medium. The maximum usage on memory - medium EmptyDir would be the minimum - value between the SizeLimit specified - here and the sum of memory limits - of all containers in a pod. The - default is nil which means that - the limit is undefined. More info: - https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object ephemeral: - description: "ephemeral represents a volume - that is handled by a cluster storage - driver. The volume's lifecycle is tied - to the pod that defines it - it will - be created before the pod starts, and - deleted when the pod is removed. \n - Use this if: a) the volume is only needed - while the pod runs, b) features of normal - volumes like restoring from snapshot - or capacity tracking are needed, c) - the storage driver is specified through - a storage class, and d) the storage - driver supports dynamic volume provisioning - through a PersistentVolumeClaim (see - EphemeralVolumeSource for more information - on the connection between this volume - type and PersistentVolumeClaim). \n - Use PersistentVolumeClaim or one of - the vendor-specific APIs for volumes - that persist for longer than the lifecycle - of an individual pod. \n Use CSI for - light-weight local ephemeral volumes - if the CSI driver is meant to be used - that way - see the documentation of - the driver for more information. \n - A pod can use both types of ephemeral - volumes and persistent volumes at the - same time." properties: volumeClaimTemplate: - description: "Will be used to create - a stand-alone PVC to provision the - volume. The pod in which this EphemeralVolumeSource - is embedded will be the owner of - the PVC, i.e. the PVC will be deleted - together with the pod. The name - of the PVC will be `-` where `` is - the name from the `PodSpec.Volumes` - array entry. Pod validation will - reject the pod if the concatenated - name is not valid for a PVC (for - example, too long). \n An existing - PVC with that name that is not owned - by the pod will *not* be used for - the pod to avoid using an unrelated - volume by mistake. Starting the - pod is then blocked until the unrelated - PVC is removed. If such a pre-created - PVC is meant to be used by the pod, - the PVC has to updated with an owner - reference to the pod once the pod - exists. Normally this should not - be necessary, but it may be useful - when manually reconstructing a broken - cluster. \n This field is read-only - and no changes will be made by Kubernetes - to the PVC after it has been created. - \n Required, must not be nil." properties: metadata: - description: May contain labels - and annotations that will be - copied into the PVC when creating - it. No other fields are allowed - and will be rejected during - validation. properties: annotations: additionalProperties: type: string - description: 'Annotations - is an unstructured key value - map stored with a resource - that may be set by external - tools to store and retrieve - arbitrary metadata. They - are not queryable and should - be preserved when modifying - objects. More info: http://kubernetes.io/docs/user-guide/annotations' type: object generateName: - description: "GenerateName - is an optional prefix, used - by the server, to generate - a unique name ONLY IF the - Name field has not been - provided. If this field - is used, the name returned - to the client will be different - than the name passed. This - value will also be combined - with a unique suffix. The - provided value has the same - validation rules as the - Name field, and may be truncated - by the length of the suffix - required to make the value - unique on the server. \n - If this field is specified - and the generated name exists, - the server will NOT return - a 409 - instead, it will - either return 201 Created - or 500 with Reason ServerTimeout - indicating a unique name - could not be found in the - time allotted, and the client - should retry (optionally - after the time indicated - in the Retry-After header). - \n Applied only if Name - is not specified. More info: - https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" type: string labels: additionalProperties: type: string - description: 'Map of string - keys and values that can - be used to organize and - categorize (scope and select) - objects. May match selectors - of replication controllers - and services. More info: - http://kubernetes.io/docs/user-guide/labels' type: object name: - description: 'Name must be - unique within a namespace. - Is required when creating - resources, although some - resources may allow a client - to request the generation - of an appropriate name automatically. - Name is primarily intended - for creation idempotence - and configuration definition. - Cannot be updated. More - info: http://kubernetes.io/docs/user-guide/identifiers#names' type: string namespace: - description: "Namespace defines - the space within each name - must be unique. An empty - namespace is equivalent - to the \"default\" namespace, - but \"default\" is the canonical - representation. Not all - objects are required to - be scoped to a namespace - - the value of this field - for those objects will be - empty. \n Must be a DNS_LABEL. - Cannot be updated. More - info: http://kubernetes.io/docs/user-guide/namespaces" type: string ownerReferences: - description: List of objects - depended by this object. - If ALL objects in the list - have been deleted, this - object will be garbage collected. - If this object is managed - by a controller, then an - entry in this list will - point to this controller, - with the controller field - set to true. There cannot - be more than one managing - controller. items: - description: OwnerReference - contains enough information - to let you identify an - owning object. An owning - object must be in the - same namespace as the - dependent, or be cluster-scoped, - so there is no namespace - field. properties: apiVersion: - description: API version - of the referent. type: string blockOwnerDeletion: - description: If true, - AND if the owner has - the "foregroundDeletion" - finalizer, then the - owner cannot be deleted - from the key-value - store until this reference - is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion - for how the garbage - collector interacts - with this field and - enforces the foreground - deletion. Defaults - to false. To set this - field, a user needs - "delete" permission - of the owner, otherwise - 422 (Unprocessable - Entity) will be returned. type: boolean controller: - description: If true, - this reference points - to the managing controller. type: boolean kind: - description: 'Kind of - the referent. More - info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string name: - description: 'Name of - the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: - description: 'UID of - the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -7257,66 +2645,19 @@ spec: type: array type: object spec: - description: The specification - for the PersistentVolumeClaim. - The entire content is copied - unchanged into the PVC that - gets created from this template. - The same fields as in a PersistentVolumeClaim - are also valid here. properties: accessModes: - description: 'accessModes - contains the desired access - modes the volume should - have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array x-kubernetes-list-type: atomic dataSource: - description: 'dataSource field - can be used to specify either: - * An existing VolumeSnapshot - object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an - external controller can - support the specified data - source, it will create a - new volume based on the - contents of the specified - data source. When the AnyVolumeDataSource - feature gate is enabled, - dataSource contents will - be copied to dataSourceRef, - and dataSourceRef contents - will be copied to dataSource - when dataSourceRef.namespace - is not specified. If the - namespace is specified, - then dataSourceRef will - not be copied to dataSource.' properties: apiGroup: - description: APIGroup - is the group for the - resource being referenced. - If APIGroup is not specified, - the specified Kind must - be in the core API group. - For any other third-party - types, APIGroup is required. type: string kind: - description: Kind is the - type of resource being - referenced type: string name: - description: Name is the - name of resource being - referenced type: string required: - kind @@ -7324,114 +2665,20 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef - specifies the object from - which to populate the volume - with data, if a non-empty - volume is desired. This - may be any object from a - non-empty API group (non - core object) or a PersistentVolumeClaim - object. When this field - is specified, volume binding - will only succeed if the - type of the specified object - matches some installed volume - populator or dynamic provisioner. - This field will replace - the functionality of the - dataSource field and as - such if both fields are - non-empty, they must have - the same value. For backwards - compatibility, when namespace - isn''t specified in dataSourceRef, - both fields (dataSource - and dataSourceRef) will - be set to the same value - automatically if one of - them is empty and the other - is non-empty. When namespace - is specified in dataSourceRef, - dataSource isn''t set to - the same value and must - be empty. There are three - important differences between - dataSource and dataSourceRef: - * While dataSource only - allows two specific types - of objects, dataSourceRef - allows any non-core object, - as well as PersistentVolumeClaim - objects. * While dataSource - ignores disallowed values - (dropping them), dataSourceRef - preserves all values, and - generates an error if a - disallowed value is specified. - * While dataSource only - allows local objects, dataSourceRef - allows objects in any namespaces. - (Beta) Using this field - requires the AnyVolumeDataSource - feature gate to be enabled. - (Alpha) Using the namespace - field of dataSourceRef requires - the CrossNamespaceVolumeDataSource - feature gate to be enabled.' properties: apiGroup: - description: APIGroup - is the group for the - resource being referenced. - If APIGroup is not specified, - the specified Kind must - be in the core API group. - For any other third-party - types, APIGroup is required. type: string kind: - description: Kind is the - type of resource being - referenced type: string name: - description: Name is the - name of resource being - referenced type: string namespace: - description: Namespace - is the namespace of - resource being referenced - Note that when a namespace - is specified, a gateway.networking.k8s.io/ReferenceGrant - object is required in - the referent namespace - to allow that namespace's - owner to accept the - reference. See the ReferenceGrant - documentation for details. - (Alpha) This field requires - the CrossNamespaceVolumeDataSource - feature gate to be enabled. type: string required: - kind - name type: object resources: - description: 'resources represents - the minimum resources the - volume should have. If RecoverVolumeExpansionFailure - feature is enabled users - are allowed to specify resource - requirements that are lower - than previous value but - must still be higher than - capacity recorded in the - status field of the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: @@ -7440,10 +2687,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes - the maximum amount of - compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -7452,70 +2695,18 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests - describes the minimum - amount of compute resources - required. If Requests - is omitted for a container, - it defaults to Limits - if that is explicitly - specified, otherwise - to an implementation-defined - value. Requests cannot - exceed Limits. More - info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: - description: selector is a - label query over volumes - to consider for binding. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. properties: key: - description: key - is the label key - that the selector - applies to. type: string operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. items: type: string type: array @@ -7529,74 +2720,16 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName - is the name of the StorageClass - required by the claim. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeAttributesClassName: - description: 'volumeAttributesClassName - may be used to set the VolumeAttributesClass - used by this claim. If specified, - the CSI driver will create - or update the volume with - the attributes defined in - the corresponding VolumeAttributesClass. - This has a different purpose - than storageClassName, it - can be changed after the - claim is created. An empty - string value means that - no VolumeAttributesClass - will be applied to the claim - but it''s not allowed to - reset this field to empty - string once it is set. If - unspecified and the PersistentVolumeClaim - is unbound, the default - VolumeAttributesClass will - be set by the persistentvolume - controller if it exists. - If the resource referred - to by volumeAttributesClass - does not exist, this PersistentVolumeClaim - will be set to a Pending - state, as reflected by the - modifyVolumeStatus field, - until such as a resource - exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field - requires the VolumeAttributesClass - feature gate to be enabled.' type: string volumeMode: - description: volumeMode defines - what type of volume is required - by the claim. Value of Filesystem - is implied when not included - in claim spec. type: string volumeName: - description: volumeName is - the binding reference to - the PersistentVolume backing - this claim. type: string type: object required: @@ -7604,105 +2737,41 @@ spec: type: object type: object fc: - description: fc represents a Fibre Channel - resource that is attached to a kubelet's - host machine and then exposed to the - pod. properties: fsType: - description: 'fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. TODO: how do we - prevent errors in the filesystem - from compromising the machine' type: string lun: - description: 'lun is Optional: FC - target lun number' format: int32 type: integer readOnly: - description: 'readOnly is Optional: - Defaults to false (read/write). - ReadOnly here will force the ReadOnly - setting in VolumeMounts.' type: boolean targetWWNs: - description: 'targetWWNs is Optional: - FC target worldwide names (WWNs)' items: type: string type: array x-kubernetes-list-type: atomic wwids: - description: 'wwids Optional: FC volume - world wide identifiers (wwids) Either - wwids or combination of targetWWNs - and lun must be set, but not both - simultaneously.' items: type: string type: array x-kubernetes-list-type: atomic type: object flexVolume: - description: flexVolume represents a generic - volume resource that is provisioned/attached - using an exec based plugin. properties: driver: - description: driver is the name of - the driver to use for this volume. type: string fsType: - description: fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - The default filesystem depends on - FlexVolume script. type: string options: additionalProperties: type: string - description: 'options is Optional: - this field holds extra command options - if any.' type: object readOnly: - description: 'readOnly is Optional: - defaults to false (read/write). - ReadOnly here will force the ReadOnly - setting in VolumeMounts.' type: boolean secretRef: - description: 'secretRef is Optional: - secretRef is reference to the secret - object containing sensitive information - to pass to the plugin scripts. This - may be empty if no secret object - is specified. If the secret object - contains more than one secret, all - secrets are passed to the plugin - scripts.' properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic @@ -7710,214 +2779,79 @@ spec: - driver type: object flocker: - description: flocker represents a Flocker - volume attached to a kubelet's host - machine. This depends on the Flocker - control service being running properties: datasetName: - description: datasetName is Name of - the dataset stored as metadata -> - name on the dataset for Flocker - should be considered as deprecated type: string datasetUUID: - description: datasetUUID is the UUID - of the dataset. This is unique identifier - of a Flocker dataset type: string type: object gcePersistentDisk: - description: 'gcePersistentDisk represents - a GCE Disk resource that is attached - to a kubelet''s host machine and then - exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' properties: fsType: - description: 'fsType is filesystem - type of the volume that you want - to mount. Tip: Ensure that the filesystem - type is supported by the host operating - system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be - "ext4" if unspecified. More info: - https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in - the filesystem from compromising - the machine' type: string partition: - description: 'partition is the partition - in the volume that you want to mount. - If omitted, the default is to mount - by volume name. Examples: For volume - /dev/sda1, you specify the partition - as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can - leave the property empty). More - info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' format: int32 type: integer pdName: - description: 'pdName is unique name - of the PD resource in GCE. Used - to identify the disk in GCE. More - info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: string readOnly: - description: 'readOnly here will force - the ReadOnly setting in VolumeMounts. - Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: boolean required: - pdName type: object glusterfs: - description: 'glusterfs represents a Glusterfs - mount on the host that shares a pod''s - lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' properties: endpoints: - description: 'endpoints is the endpoint - name that details Glusterfs topology. - More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string path: - description: 'path is the Glusterfs - volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string readOnly: - description: 'readOnly here will force - the Glusterfs volume to be mounted - with read-only permissions. Defaults - to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: boolean required: - endpoints - path type: object hostPath: - description: 'hostPath represents a pre-existing - file or directory on the host machine - that is directly exposed to the container. - This is generally used for system agents - or other privileged things that are - allowed to see the host machine. Most - containers will NOT need this. More - info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict - who can use host directory mounts and - who can/can not mount host directories - as read/write.' properties: path: - description: 'path of the directory - on the host. If the path is a symlink, - it will follow the link to the real - path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string type: - description: 'type for HostPath Volume - Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string required: - path type: object iscsi: - description: 'iscsi represents an ISCSI - Disk resource that is attached to a - kubelet''s host machine and then exposed - to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' properties: chapAuthDiscovery: - description: chapAuthDiscovery defines - whether support iSCSI Discovery - CHAP authentication type: boolean chapAuthSession: - description: chapAuthSession defines - whether support iSCSI Session CHAP - authentication type: boolean fsType: - description: 'fsType is the filesystem - type of the volume that you want - to mount. Tip: Ensure that the filesystem - type is supported by the host operating - system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be - "ext4" if unspecified. More info: - https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in - the filesystem from compromising - the machine' type: string initiatorName: - description: initiatorName is the - custom iSCSI Initiator Name. If - initiatorName is specified with - iscsiInterface simultaneously, new - iSCSI interface : will be created for the connection. type: string iqn: - description: iqn is the target iSCSI - Qualified Name. type: string iscsiInterface: - description: iscsiInterface is the - interface Name that uses an iSCSI - transport. Defaults to 'default' - (tcp). type: string lun: - description: lun represents iSCSI - Target Lun number. format: int32 type: integer portals: - description: portals is the iSCSI - Target Portal List. The portal is - either an IP or ip_addr:port if - the port is other than default (typically - TCP ports 860 and 3260). items: type: string type: array x-kubernetes-list-type: atomic readOnly: - description: readOnly here will force - the ReadOnly setting in VolumeMounts. - Defaults to false. type: boolean secretRef: - description: secretRef is the CHAP - Secret for iSCSI target and initiator - authentication properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic targetPortal: - description: targetPortal is iSCSI - Target Portal. The Portal is either - an IP or ip_addr:port if the port - is other than default (typically - TCP ports 860 and 3260). type: string required: - iqn @@ -7925,214 +2859,68 @@ spec: - targetPortal type: object name: - description: 'name of the volume. Must - be a DNS_LABEL and unique within the - pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string nfs: - description: 'nfs represents an NFS mount - on the host that shares a pod''s lifetime - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' properties: path: - description: 'path that is exported - by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string readOnly: - description: 'readOnly here will force - the NFS export to be mounted with - read-only permissions. Defaults - to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: boolean server: - description: 'server is the hostname - or IP address of the NFS server. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string required: - path - server type: object persistentVolumeClaim: - description: 'persistentVolumeClaimVolumeSource - represents a reference to a PersistentVolumeClaim - in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: claimName: - description: 'claimName is the name - of a PersistentVolumeClaim in the - same namespace as the pod using - this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' type: string readOnly: - description: readOnly Will force the - ReadOnly setting in VolumeMounts. - Default false. type: boolean required: - claimName type: object photonPersistentDisk: - description: photonPersistentDisk represents - a PhotonController persistent disk attached - and mounted on kubelets host machine properties: fsType: - description: fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. type: string pdID: - description: pdID is the ID that identifies - Photon Controller persistent disk type: string required: - pdID type: object portworxVolume: - description: portworxVolume represents - a portworx volume attached and mounted - on kubelets host machine properties: fsType: - description: fSType represents the - filesystem type to mount Must be - a filesystem type supported by the - host operating system. Ex. "ext4", - "xfs". Implicitly inferred to be - "ext4" if unspecified. type: string readOnly: - description: readOnly defaults to - false (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. type: boolean volumeID: - description: volumeID uniquely identifies - a Portworx volume type: string required: - volumeID type: object projected: - description: projected items for all in - one resources secrets, configmaps, and - downward API properties: defaultMode: - description: defaultMode are the mode - bits used to set permissions on - created files by default. Must be - an octal value between 0000 and - 0777 or a decimal value between - 0 and 511. YAML accepts both octal - and decimal values, JSON requires - decimal values for mode bits. Directories - within the path are not affected - by this setting. This might be in - conflict with other options that - affect the file mode, like fsGroup, - and the result can be other mode - bits set. format: int32 type: integer sources: - description: sources is the list of - volume projections items: - description: Projection that may - be projected along with other - supported volume types properties: clusterTrustBundle: - description: "ClusterTrustBundle - allows a pod to access the - `.spec.trustBundle` field - of ClusterTrustBundle objects - in an auto-updating file. - \n Alpha, gated by the ClusterTrustBundleProjection - feature gate. \n ClusterTrustBundle - objects can either be selected - by name, or by the combination - of signer name and a label - selector. \n Kubelet performs - aggressive normalization of - the PEM contents written into - the pod filesystem. Esoteric - PEM features such as inter-block - comments and block headers - are stripped. Certificates - are deduplicated. The ordering - of certificates within the - file is arbitrary, and Kubelet - may change the order over - time." properties: labelSelector: - description: Select all - ClusterTrustBundles that - match this label selector. Only - has effect if signerName - is set. Mutually-exclusive - with name. If unset, - interpreted as "match - nothing". If set but - empty, interpreted as - "match everything". properties: matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements are - ANDed. items: - description: A label - selector requirement - is a selector that - contains values, - a key, and an operator - that relates the - key and values. properties: key: - description: key - is the label - key that the - selector applies - to. type: string operator: - description: operator - represents a - key's relationship - to a set of - values. Valid - operators are - In, NotIn, Exists - and DoesNotExist. type: string values: - description: values - is an array - of string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or - DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic - merge patch. items: type: string type: array @@ -8146,131 +2934,31 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels - map is equivalent - to an element of matchExpressions, - whose key field is - "key", the operator - is "In", and the values - array contains only - "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic name: - description: Select a single - ClusterTrustBundle by - object name. Mutually-exclusive - with signerName and labelSelector. type: string optional: - description: If true, don't - block pod startup if the - referenced ClusterTrustBundle(s) - aren't available. If - using name, then the named - ClusterTrustBundle is - allowed not to exist. If - using signerName, then - the combination of signerName - and labelSelector is allowed - to match zero ClusterTrustBundles. type: boolean path: - description: Relative path - from the volume root to - write the bundle. type: string signerName: - description: Select all - ClusterTrustBundles that - match this signer name. - Mutually-exclusive with - name. The contents of - all selected ClusterTrustBundles - will be unified and deduplicated. type: string required: - path type: object configMap: - description: configMap information - about the configMap data to - project properties: items: - description: items if unspecified, - each key-value pair in - the Data field of the - referenced ConfigMap will - be projected into the - volume as a file whose - name is the key and content - is the value. If specified, - the listed keys will be - projected into the specified - paths, and unlisted keys - will not be present. If - a key is specified which - is not present in the - ConfigMap, the volume - setup will error unless - it is marked optional. - Paths must be relative - and may not contain the - '..' path or start with - '..'. items: - description: Maps a string - key to a path within - a volume. properties: key: - description: key is - the key to project. type: string mode: - description: 'mode - is Optional: mode - bits used to set - permissions on this - file. Must be an - octal value between - 0000 and 0777 or - a decimal value - between 0 and 511. - YAML accepts both - octal and decimal - values, JSON requires - decimal values for - mode bits. If not - specified, the volume - defaultMode will - be used. This might - be in conflict with - other options that - affect the file - mode, like fsGroup, - and the result can - be other mode bits - set.' format: int32 type: integer path: - description: path - is the relative - path of the file - to map the key to. - May not be an absolute - path. May not contain - the path element - '..'. May not start - with the string - '..'. type: string required: - key @@ -8280,141 +2968,42 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of the - referent. This field is - effectively required, - but due to backwards compatibility - is allowed to be empty. - Instances of this type - with an empty value here - are almost certainly wrong. - TODO: Add other useful - fields. apiVersion, kind, - uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional specify - whether the ConfigMap - or its keys must be defined type: boolean type: object x-kubernetes-map-type: atomic downwardAPI: - description: downwardAPI information - about the downwardAPI data - to project properties: items: - description: Items is a - list of DownwardAPIVolume - file items: - description: DownwardAPIVolumeFile - represents information - to create the file containing - the pod field properties: fieldRef: - description: 'Required: - Selects a field - of the pod: only - annotations, labels, - name, namespace - and uid are supported.' properties: apiVersion: - description: Version - of the schema - the FieldPath - is written in - terms of, defaults - to "v1". type: string fieldPath: - description: Path - of the field - to select in - the specified - API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: - mode bits used to - set permissions - on this file, must - be an octal value - between 0000 and - 0777 or a decimal - value between 0 - and 511. YAML accepts - both octal and decimal - values, JSON requires - decimal values for - mode bits. If not - specified, the volume - defaultMode will - be used. This might - be in conflict with - other options that - affect the file - mode, like fsGroup, - and the result can - be other mode bits - set.' format: int32 type: integer path: - description: 'Required: - Path is the relative - path name of the - file to be created. - Must not be absolute - or contain the ''..'' - path. Must be utf-8 - encoded. The first - item of the relative - path must not start - with ''..''' type: string resourceFieldRef: - description: 'Selects - a resource of the - container: only - resources limits - and requests (limits.cpu, - limits.memory, requests.cpu - and requests.memory) - are currently supported.' properties: containerName: - description: 'Container - name: required - for volumes, - optional for - env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies - the output format - of the exposed - resources, defaults - to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: - resource to - select' type: string required: - resource @@ -8427,77 +3016,16 @@ spec: x-kubernetes-list-type: atomic type: object secret: - description: secret information - about the secret data to project properties: items: - description: items if unspecified, - each key-value pair in - the Data field of the - referenced Secret will - be projected into the - volume as a file whose - name is the key and content - is the value. If specified, - the listed keys will be - projected into the specified - paths, and unlisted keys - will not be present. If - a key is specified which - is not present in the - Secret, the volume setup - will error unless it is - marked optional. Paths - must be relative and may - not contain the '..' path - or start with '..'. items: - description: Maps a string - key to a path within - a volume. properties: key: - description: key is - the key to project. type: string mode: - description: 'mode - is Optional: mode - bits used to set - permissions on this - file. Must be an - octal value between - 0000 and 0777 or - a decimal value - between 0 and 511. - YAML accepts both - octal and decimal - values, JSON requires - decimal values for - mode bits. If not - specified, the volume - defaultMode will - be used. This might - be in conflict with - other options that - affect the file - mode, like fsGroup, - and the result can - be other mode bits - set.' format: int32 type: integer path: - description: path - is the relative - path of the file - to map the key to. - May not be an absolute - path. May not contain - the path element - '..'. May not start - with the string - '..'. type: string required: - key @@ -8507,71 +3035,19 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of the - referent. This field is - effectively required, - but due to backwards compatibility - is allowed to be empty. - Instances of this type - with an empty value here - are almost certainly wrong. - TODO: Add other useful - fields. apiVersion, kind, - uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional field - specify whether the Secret - or its key must be defined type: boolean type: object x-kubernetes-map-type: atomic serviceAccountToken: - description: serviceAccountToken - is information about the serviceAccountToken - data to project properties: audience: - description: audience is - the intended audience - of the token. A recipient - of a token must identify - itself with an identifier - specified in the audience - of the token, and otherwise - should reject the token. - The audience defaults - to the identifier of the - apiserver. type: string expirationSeconds: - description: expirationSeconds - is the requested duration - of validity of the service - account token. As the - token approaches expiration, - the kubelet volume plugin - will proactively rotate - the service account token. - The kubelet will start - trying to rotate the token - if the token is older - than 80 percent of its - time to live or if the - token is older than 24 - hours.Defaults to 1 hour - and must be at least 10 - minutes. format: int64 type: integer path: - description: path is the - path relative to the mount - point of the file to project - the token into. type: string required: - path @@ -8581,202 +3057,79 @@ spec: x-kubernetes-list-type: atomic type: object quobyte: - description: quobyte represents a Quobyte - mount on the host that shares a pod's - lifetime properties: group: - description: group to map volume access - to Default is no group type: string readOnly: - description: readOnly here will force - the Quobyte volume to be mounted - with read-only permissions. Defaults - to false. type: boolean registry: - description: registry represents a - single or multiple Quobyte Registry - services specified as a string as - host:port pair (multiple entries - are separated with commas) which - acts as the central registry for - volumes type: string tenant: - description: tenant owning the given - Quobyte volume in the Backend Used - with dynamically provisioned Quobyte - volumes, value is set by the plugin type: string user: - description: user to map volume access - to Defaults to serivceaccount user type: string volume: - description: volume is a string that - references an already created Quobyte - volume by name. type: string required: - registry - volume type: object rbd: - description: 'rbd represents a Rados Block - Device mount on the host that shares - a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' properties: fsType: - description: 'fsType is the filesystem - type of the volume that you want - to mount. Tip: Ensure that the filesystem - type is supported by the host operating - system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be - "ext4" if unspecified. More info: - https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in - the filesystem from compromising - the machine' type: string image: - description: 'image is the rados image - name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string keyring: - description: 'keyring is the path - to key ring for RBDUser. Default - is /etc/ceph/keyring. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string monitors: - description: 'monitors is a collection - of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' items: type: string type: array x-kubernetes-list-type: atomic pool: - description: 'pool is the rados pool - name. Default is rbd. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string readOnly: - description: 'readOnly here will force - the ReadOnly setting in VolumeMounts. - Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: boolean secretRef: - description: 'secretRef is name of - the authentication secret for RBDUser. - If provided overrides keyring. Default - is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is the rados user - name. Default is admin. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string required: - image - monitors type: object scaleIO: - description: scaleIO represents a ScaleIO - persistent volume attached and mounted - on Kubernetes nodes. properties: fsType: - description: fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Default is "xfs". type: string gateway: - description: gateway is the host address - of the ScaleIO API Gateway. type: string protectionDomain: - description: protectionDomain is the - name of the ScaleIO Protection Domain - for the configured storage. type: string readOnly: - description: readOnly Defaults to - false (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. type: boolean secretRef: - description: secretRef references - to the secret for ScaleIO user and - other sensitive information. If - this is not provided, Login operation - will fail. properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic sslEnabled: - description: sslEnabled Flag enable/disable - SSL communication with Gateway, - default false type: boolean storageMode: - description: storageMode indicates - whether the storage for a volume - should be ThickProvisioned or ThinProvisioned. - Default is ThinProvisioned. type: string storagePool: - description: storagePool is the ScaleIO - Storage Pool associated with the - protection domain. type: string system: - description: system is the name of - the storage system as configured - in ScaleIO. type: string volumeName: - description: volumeName is the name - of a volume already created in the - ScaleIO system that is associated - with this volume source. type: string required: - gateway @@ -8784,76 +3137,19 @@ spec: - system type: object secret: - description: 'secret represents a secret - that should populate this volume. More - info: https://kubernetes.io/docs/concepts/storage/volumes#secret' properties: defaultMode: - description: 'defaultMode is Optional: - mode bits used to set permissions - on created files by default. Must - be an octal value between 0000 and - 0777 or a decimal value between - 0 and 511. YAML accepts both octal - and decimal values, JSON requires - decimal values for mode bits. Defaults - to 0644. Directories within the - path are not affected by this setting. - This might be in conflict with other - options that affect the file mode, - like fsGroup, and the result can - be other mode bits set.' format: int32 type: integer items: - description: items If unspecified, - each key-value pair in the Data - field of the referenced Secret will - be projected into the volume as - a file whose name is the key and - content is the value. If specified, - the listed keys will be projected - into the specified paths, and unlisted - keys will not be present. If a key - is specified which is not present - in the Secret, the volume setup - will error unless it is marked optional. - Paths must be relative and may not - contain the '..' path or start with - '..'. items: - description: Maps a string key to - a path within a volume. properties: key: - description: key is the key - to project. type: string mode: - description: 'mode is Optional: - mode bits used to set permissions - on this file. Must be an octal - value between 0000 and 0777 - or a decimal value between - 0 and 511. YAML accepts both - octal and decimal values, - JSON requires decimal values - for mode bits. If not specified, - the volume defaultMode will - be used. This might be in - conflict with other options - that affect the file mode, - like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer path: - description: path is the relative - path of the file to map the - key to. May not be an absolute - path. May not contain the - path element '..'. May not - start with the string '..'. type: string required: - key @@ -8862,107 +3158,37 @@ spec: type: array x-kubernetes-list-type: atomic optional: - description: optional field specify - whether the Secret or its keys must - be defined type: boolean secretName: - description: 'secretName is the name - of the secret in the pod''s namespace - to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' type: string type: object storageos: - description: storageOS represents a StorageOS - volume attached and mounted on Kubernetes - nodes. properties: fsType: - description: fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. type: string readOnly: - description: readOnly defaults to - false (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. type: boolean secretRef: - description: secretRef specifies the - secret to use for obtaining the - StorageOS API credentials. If not - specified, default values will be - attempted. properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic volumeName: - description: volumeName is the human-readable - name of the StorageOS volume. Volume - names are only unique within a namespace. type: string volumeNamespace: - description: volumeNamespace specifies - the scope of the volume within StorageOS. If - no namespace is specified then the - Pod's namespace will be used. This - allows the Kubernetes name scoping - to be mirrored within StorageOS - for tighter integration. Set VolumeName - to any name to override the default - behaviour. Set to "default" if you - are not using namespaces within - StorageOS. Namespaces that do not - pre-exist within StorageOS will - be created. type: string type: object vsphereVolume: - description: vsphereVolume represents - a vSphere volume attached and mounted - on kubelets host machine properties: fsType: - description: fsType is filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. type: string storagePolicyID: - description: storagePolicyID is the - storage Policy Based Management - (SPBM) profile ID associated with - the StoragePolicyName. type: string storagePolicyName: - description: storagePolicyName is - the storage Policy Based Management - (SPBM) profile name. type: string volumePath: - description: volumePath is the path - that identifies vSphere volume vmdk type: string required: - volumePath @@ -8974,338 +3200,118 @@ spec: type: object type: object name: - description: Name specifies the name of the addon that - will be used for the backup/restore purpose type: string tasks: - description: Tasks specifies a list of backup/restore - tasks and their configuration parameters items: - description: TaskReference specifies a task and its - configuration parameters properties: addonVolumes: - description: AddonVolumes lets you overwrite the - volume sources used in the VolumeTemplate section - of Addon. Make sure that name of your volume - matches with the name of the volume you want - to overwrite. items: - description: AddonVolumeInfo specifies the name - and the source of volume properties: name: - description: Name specifies the name of - the volume type: string source: - description: Source specifies the source - of this volume. properties: awsElasticBlockStore: - description: 'awsElasticBlockStore represents - an AWS Disk resource that is attached - to a kubelet''s host machine and then - exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' properties: fsType: - description: 'fsType is the filesystem - type of the volume that you want - to mount. Tip: Ensure that the - filesystem type is supported by - the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors - in the filesystem from compromising - the machine' type: string partition: - description: 'partition is the partition - in the volume that you want to - mount. If omitted, the default - is to mount by volume name. Examples: - For volume /dev/sda1, you specify - the partition as "1". Similarly, - the volume partition for /dev/sda - is "0" (or you can leave the property - empty).' format: int32 type: integer readOnly: - description: 'readOnly value true - will force the readOnly setting - in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: boolean volumeID: - description: 'volumeID is unique - ID of the persistent disk resource - in AWS (Amazon EBS volume). More - info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: string required: - volumeID type: object azureDisk: - description: azureDisk represents an - Azure Data Disk mount on the host - and bind mount to the pod. properties: cachingMode: - description: 'cachingMode is the - Host Caching mode: None, Read - Only, Read Write.' type: string diskName: - description: diskName is the Name - of the data disk in the blob storage type: string diskURI: - description: diskURI is the URI - of data disk in the blob storage type: string fsType: - description: fsType is Filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. type: string kind: - description: 'kind expected values - are Shared: multiple blob disks - per storage account Dedicated: - single blob disk per storage account Managed: - azure managed data disk (only - in managed availability set). - defaults to shared' type: string readOnly: - description: readOnly Defaults to - false (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. type: boolean required: - diskName - diskURI type: object azureFile: - description: azureFile represents an - Azure File Service mount on the host - and bind mount to the pod. properties: readOnly: - description: readOnly defaults to - false (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. type: boolean secretName: - description: secretName is the name - of secret that contains Azure - Storage Account Name and Key type: string shareName: - description: shareName is the azure - share Name type: string required: - secretName - shareName type: object cephfs: - description: cephFS represents a Ceph - FS mount on the host that shares a - pod's lifetime properties: monitors: - description: 'monitors is Required: - Monitors is a collection of Ceph - monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' items: type: string type: array x-kubernetes-list-type: atomic path: - description: 'path is Optional: - Used as the mounted root, rather - than the full Ceph tree, default - is /' type: string readOnly: - description: 'readOnly is Optional: - Defaults to false (read/write). - ReadOnly here will force the ReadOnly - setting in VolumeMounts. More - info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: boolean secretFile: - description: 'secretFile is Optional: - SecretFile is the path to key - ring for User, default is /etc/ceph/user.secret - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string secretRef: - description: 'secretRef is Optional: - SecretRef is reference to the - authentication secret for User, - default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' properties: name: default: "" - description: 'Name of the referent. - This field is effectively - required, but due to backwards - compatibility is allowed to - be empty. Instances of this - type with an empty value here - are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is optional: - User is the rados user name, default - is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string required: - monitors type: object cinder: - description: 'cinder represents a cinder - volume attached and mounted on kubelets - host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' properties: fsType: - description: 'fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to - be "ext4" if unspecified. More - info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string readOnly: - description: 'readOnly defaults - to false (read/write). ReadOnly - here will force the ReadOnly setting - in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: boolean secretRef: - description: 'secretRef is optional: - points to a secret object containing - parameters used to connect to - OpenStack.' properties: name: default: "" - description: 'Name of the referent. - This field is effectively - required, but due to backwards - compatibility is allowed to - be empty. Instances of this - type with an empty value here - are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic volumeID: - description: 'volumeID used to identify - the volume in cinder. More info: - https://examples.k8s.io/mysql-cinder-pd/README.md' type: string required: - volumeID type: object configMap: - description: configMap represents a - configMap that should populate this - volume properties: defaultMode: - description: 'defaultMode is optional: - mode bits used to set permissions - on created files by default. Must - be an octal value between 0000 - and 0777 or a decimal value between - 0 and 511. YAML accepts both octal - and decimal values, JSON requires - decimal values for mode bits. - Defaults to 0644. Directories - within the path are not affected - by this setting. This might be - in conflict with other options - that affect the file mode, like - fsGroup, and the result can be - other mode bits set.' format: int32 type: integer items: - description: items if unspecified, - each key-value pair in the Data - field of the referenced ConfigMap - will be projected into the volume - as a file whose name is the key - and content is the value. If specified, - the listed keys will be projected - into the specified paths, and - unlisted keys will not be present. - If a key is specified which is - not present in the ConfigMap, - the volume setup will error unless - it is marked optional. Paths must - be relative and may not contain - the '..' path or start with '..'. items: - description: Maps a string key - to a path within a volume. properties: key: - description: key is the key - to project. type: string mode: - description: 'mode is Optional: - mode bits used to set permissions - on this file. Must be an - octal value between 0000 - and 0777 or a decimal value - between 0 and 511. YAML - accepts both octal and decimal - values, JSON requires decimal - values for mode bits. If - not specified, the volume - defaultMode will be used. - This might be in conflict - with other options that - affect the file mode, like - fsGroup, and the result - can be other mode bits set.' format: int32 type: integer path: - description: path is the relative - path of the file to map - the key to. May not be an - absolute path. May not contain - the path element '..'. May - not start with the string - '..'. type: string required: - key @@ -9315,207 +3321,67 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional specify whether - the ConfigMap or its keys must - be defined type: boolean type: object x-kubernetes-map-type: atomic csi: - description: csi (Container Storage - Interface) represents ephemeral storage - that is handled by certain external - CSI drivers (Beta feature). properties: driver: - description: driver is the name - of the CSI driver that handles - this volume. Consult with your - admin for the correct name as - registered in the cluster. type: string fsType: - description: fsType to mount. Ex. - "ext4", "xfs", "ntfs". If not - provided, the empty value is passed - to the associated CSI driver which - will determine the default filesystem - to apply. type: string nodePublishSecretRef: - description: nodePublishSecretRef - is a reference to the secret object - containing sensitive information - to pass to the CSI driver to complete - the CSI NodePublishVolume and - NodeUnpublishVolume calls. This - field is optional, and may be - empty if no secret is required. - If the secret object contains - more than one secret, all secret - references are passed. properties: name: default: "" - description: 'Name of the referent. - This field is effectively - required, but due to backwards - compatibility is allowed to - be empty. Instances of this - type with an empty value here - are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic readOnly: - description: readOnly specifies - a read-only configuration for - the volume. Defaults to false - (read/write). type: boolean volumeAttributes: additionalProperties: type: string - description: volumeAttributes stores - driver-specific properties that - are passed to the CSI driver. - Consult your driver's documentation - for supported values. type: object required: - driver type: object downwardAPI: - description: downwardAPI represents - downward API about the pod that should - populate this volume properties: defaultMode: - description: 'Optional: mode bits - to use on created files by default. - Must be a Optional: mode bits - used to set permissions on created - files by default. Must be an octal - value between 0000 and 0777 or - a decimal value between 0 and - 511. YAML accepts both octal and - decimal values, JSON requires - decimal values for mode bits. - Defaults to 0644. Directories - within the path are not affected - by this setting. This might be - in conflict with other options - that affect the file mode, like - fsGroup, and the result can be - other mode bits set.' format: int32 type: integer items: - description: Items is a list of - downward API volume file items: - description: DownwardAPIVolumeFile - represents information to create - the file containing the pod - field properties: fieldRef: - description: 'Required: Selects - a field of the pod: only - annotations, labels, name, - namespace and uid are supported.' properties: apiVersion: - description: Version of - the schema the FieldPath - is written in terms - of, defaults to "v1". type: string fieldPath: - description: Path of the - field to select in the - specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: mode - bits used to set permissions - on this file, must be an - octal value between 0000 - and 0777 or a decimal value - between 0 and 511. YAML - accepts both octal and decimal - values, JSON requires decimal - values for mode bits. If - not specified, the volume - defaultMode will be used. - This might be in conflict - with other options that - affect the file mode, like - fsGroup, and the result - can be other mode bits set.' format: int32 type: integer path: - description: 'Required: Path - is the relative path name - of the file to be created. - Must not be absolute or - contain the ''..'' path. - Must be utf-8 encoded. The - first item of the relative - path must not start with - ''..''' type: string resourceFieldRef: - description: 'Selects a resource - of the container: only resources - limits and requests (limits.cpu, - limits.memory, requests.cpu - and requests.memory) are - currently supported.' properties: containerName: - description: 'Container - name: required for volumes, - optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies - the output format of - the exposed resources, - defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: - resource to select' type: string required: - resource @@ -9528,279 +3394,50 @@ spec: x-kubernetes-list-type: atomic type: object emptyDir: - description: 'emptyDir represents a - temporary directory that shares a - pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' properties: medium: - description: 'medium represents - what type of storage medium should - back this directory. The default - is "" which means to use the node''s - default medium. Must be an empty - string (default) or Memory. More - info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: anyOf: - type: integer - type: string - description: 'sizeLimit is the total - amount of local storage required - for this EmptyDir volume. The - size limit is also applicable - for memory medium. The maximum - usage on memory medium EmptyDir - would be the minimum value between - the SizeLimit specified here and - the sum of memory limits of all - containers in a pod. The default - is nil which means that the limit - is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object ephemeral: - description: "ephemeral represents a - volume that is handled by a cluster - storage driver. The volume's lifecycle - is tied to the pod that defines it - - it will be created before the pod - starts, and deleted when the pod is - removed. \n Use this if: a) the volume - is only needed while the pod runs, - b) features of normal volumes like - restoring from snapshot or capacity - tracking are needed, c) the storage - driver is specified through a storage - class, and d) the storage driver supports - dynamic volume provisioning through - a PersistentVolumeClaim (see EphemeralVolumeSource - for more information on the connection - between this volume type and PersistentVolumeClaim). - \n Use PersistentVolumeClaim or one - of the vendor-specific APIs for volumes - that persist for longer than the lifecycle - of an individual pod. \n Use CSI for - light-weight local ephemeral volumes - if the CSI driver is meant to be used - that way - see the documentation of - the driver for more information. \n - A pod can use both types of ephemeral - volumes and persistent volumes at - the same time." properties: volumeClaimTemplate: - description: "Will be used to create - a stand-alone PVC to provision - the volume. The pod in which this - EphemeralVolumeSource is embedded - will be the owner of the PVC, - i.e. the PVC will be deleted together - with the pod. The name of the - PVC will be `-` where `` is - the name from the `PodSpec.Volumes` - array entry. Pod validation will - reject the pod if the concatenated - name is not valid for a PVC (for - example, too long). \n An existing - PVC with that name that is not - owned by the pod will *not* be - used for the pod to avoid using - an unrelated volume by mistake. - Starting the pod is then blocked - until the unrelated PVC is removed. - If such a pre-created PVC is meant - to be used by the pod, the PVC - has to updated with an owner reference - to the pod once the pod exists. - Normally this should not be necessary, - but it may be useful when manually - reconstructing a broken cluster. - \n This field is read-only and - no changes will be made by Kubernetes - to the PVC after it has been created. - \n Required, must not be nil." properties: metadata: - description: May contain labels - and annotations that will - be copied into the PVC when - creating it. No other fields - are allowed and will be rejected - during validation. properties: annotations: additionalProperties: type: string - description: 'Annotations - is an unstructured key - value map stored with - a resource that may be - set by external tools - to store and retrieve - arbitrary metadata. They - are not queryable and - should be preserved when - modifying objects. More - info: http://kubernetes.io/docs/user-guide/annotations' type: object generateName: - description: "GenerateName - is an optional prefix, - used by the server, to - generate a unique name - ONLY IF the Name field - has not been provided. - If this field is used, - the name returned to the - client will be different - than the name passed. - This value will also be - combined with a unique - suffix. The provided value - has the same validation - rules as the Name field, - and may be truncated by - the length of the suffix - required to make the value - unique on the server. - \n If this field is specified - and the generated name - exists, the server will - NOT return a 409 - instead, - it will either return - 201 Created or 500 with - Reason ServerTimeout indicating - a unique name could not - be found in the time allotted, - and the client should - retry (optionally after - the time indicated in - the Retry-After header). - \n Applied only if Name - is not specified. More - info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" type: string labels: additionalProperties: type: string - description: 'Map of string - keys and values that can - be used to organize and - categorize (scope and - select) objects. May match - selectors of replication - controllers and services. - More info: http://kubernetes.io/docs/user-guide/labels' type: object name: - description: 'Name must - be unique within a namespace. - Is required when creating - resources, although some - resources may allow a - client to request the - generation of an appropriate - name automatically. Name - is primarily intended - for creation idempotence - and configuration definition. - Cannot be updated. More - info: http://kubernetes.io/docs/user-guide/identifiers#names' type: string namespace: - description: "Namespace - defines the space within - each name must be unique. - An empty namespace is - equivalent to the \"default\" - namespace, but \"default\" - is the canonical representation. - Not all objects are required - to be scoped to a namespace - - the value of this field - for those objects will - be empty. \n Must be a - DNS_LABEL. Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/namespaces" type: string ownerReferences: - description: List of objects - depended by this object. - If ALL objects in the - list have been deleted, - this object will be garbage - collected. If this object - is managed by a controller, - then an entry in this - list will point to this - controller, with the controller - field set to true. There - cannot be more than one - managing controller. items: - description: OwnerReference - contains enough information - to let you identify - an owning object. An - owning object must be - in the same namespace - as the dependent, or - be cluster-scoped, so - there is no namespace - field. properties: apiVersion: - description: API version - of the referent. type: string blockOwnerDeletion: - description: If true, - AND if the owner - has the "foregroundDeletion" - finalizer, then - the owner cannot - be deleted from - the key-value store - until this reference - is removed. See - https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion - for how the garbage - collector interacts - with this field - and enforces the - foreground deletion. - Defaults to false. - To set this field, - a user needs "delete" - permission of the - owner, otherwise - 422 (Unprocessable - Entity) will be - returned. type: boolean controller: - description: If true, - this reference points - to the managing - controller. type: boolean kind: - description: 'Kind - of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string name: - description: 'Name - of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: - description: 'UID - of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -9812,70 +3449,19 @@ spec: type: array type: object spec: - description: The specification - for the PersistentVolumeClaim. - The entire content is copied - unchanged into the PVC that - gets created from this template. - The same fields as in a PersistentVolumeClaim - are also valid here. properties: accessModes: - description: 'accessModes - contains the desired access - modes the volume should - have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array x-kubernetes-list-type: atomic dataSource: - description: 'dataSource - field can be used to specify - either: * An existing - VolumeSnapshot object - (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or - an external controller - can support the specified - data source, it will create - a new volume based on - the contents of the specified - data source. When the - AnyVolumeDataSource feature - gate is enabled, dataSource - contents will be copied - to dataSourceRef, and - dataSourceRef contents - will be copied to dataSource - when dataSourceRef.namespace - is not specified. If the - namespace is specified, - then dataSourceRef will - not be copied to dataSource.' properties: apiGroup: - description: APIGroup - is the group for the - resource being referenced. - If APIGroup is not - specified, the specified - Kind must be in the - core API group. For - any other third-party - types, APIGroup is - required. type: string kind: - description: Kind is - the type of resource - being referenced type: string name: - description: Name is - the name of resource - being referenced type: string required: - kind @@ -9883,125 +3469,20 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef - specifies the object from - which to populate the - volume with data, if a - non-empty volume is desired. - This may be any object - from a non-empty API group - (non core object) or a - PersistentVolumeClaim - object. When this field - is specified, volume binding - will only succeed if the - type of the specified - object matches some installed - volume populator or dynamic - provisioner. This field - will replace the functionality - of the dataSource field - and as such if both fields - are non-empty, they must - have the same value. For - backwards compatibility, - when namespace isn''t - specified in dataSourceRef, - both fields (dataSource - and dataSourceRef) will - be set to the same value - automatically if one of - them is empty and the - other is non-empty. When - namespace is specified - in dataSourceRef, dataSource - isn''t set to the same - value and must be empty. - There are three important - differences between dataSource - and dataSourceRef: * While - dataSource only allows - two specific types of - objects, dataSourceRef - allows any non-core object, - as well as PersistentVolumeClaim - objects. * While dataSource - ignores disallowed values - (dropping them), dataSourceRef - preserves all values, - and generates an error - if a disallowed value - is specified. * While - dataSource only allows - local objects, dataSourceRef - allows objects in any - namespaces. (Beta) Using - this field requires the - AnyVolumeDataSource feature - gate to be enabled. (Alpha) - Using the namespace field - of dataSourceRef requires - the CrossNamespaceVolumeDataSource - feature gate to be enabled.' properties: apiGroup: - description: APIGroup - is the group for the - resource being referenced. - If APIGroup is not - specified, the specified - Kind must be in the - core API group. For - any other third-party - types, APIGroup is - required. type: string kind: - description: Kind is - the type of resource - being referenced type: string name: - description: Name is - the name of resource - being referenced type: string namespace: - description: Namespace - is the namespace of - resource being referenced - Note that when a namespace - is specified, a gateway.networking.k8s.io/ReferenceGrant - object is required - in the referent namespace - to allow that namespace's - owner to accept the - reference. See the - ReferenceGrant documentation - for details. (Alpha) - This field requires - the CrossNamespaceVolumeDataSource - feature gate to be - enabled. type: string required: - kind - name type: object resources: - description: 'resources - represents the minimum - resources the volume should - have. If RecoverVolumeExpansionFailure - feature is enabled users - are allowed to specify - resource requirements - that are lower than previous - value but must still be - higher than capacity recorded - in the status field of - the claim. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: @@ -10010,11 +3491,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits - describes the maximum - amount of compute - resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -10023,75 +3499,18 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests - describes the minimum - amount of compute - resources required. - If Requests is omitted - for a container, it - defaults to Limits - if that is explicitly - specified, otherwise - to an implementation-defined - value. Requests cannot - exceed Limits. More - info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: - description: selector is - a label query over volumes - to consider for binding. properties: matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements are - ANDed. items: - description: A label - selector requirement - is a selector that - contains values, - a key, and an operator - that relates the - key and values. properties: key: - description: key - is the label - key that the - selector applies - to. type: string operator: - description: operator - represents a - key's relationship - to a set of - values. Valid - operators are - In, NotIn, Exists - and DoesNotExist. type: string values: - description: values - is an array - of string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or - DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic - merge patch. items: type: string type: array @@ -10105,79 +3524,16 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels - map is equivalent - to an element of matchExpressions, - whose key field is - "key", the operator - is "In", and the values - array contains only - "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName - is the name of the StorageClass - required by the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeAttributesClassName: - description: 'volumeAttributesClassName - may be used to set the - VolumeAttributesClass - used by this claim. If - specified, the CSI driver - will create or update - the volume with the attributes - defined in the corresponding - VolumeAttributesClass. - This has a different purpose - than storageClassName, - it can be changed after - the claim is created. - An empty string value - means that no VolumeAttributesClass - will be applied to the - claim but it''s not allowed - to reset this field to - empty string once it is - set. If unspecified and - the PersistentVolumeClaim - is unbound, the default - VolumeAttributesClass - will be set by the persistentvolume - controller if it exists. - If the resource referred - to by volumeAttributesClass - does not exist, this PersistentVolumeClaim - will be set to a Pending - state, as reflected by - the modifyVolumeStatus - field, until such as a - resource exists. More - info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field - requires the VolumeAttributesClass - feature gate to be enabled.' type: string volumeMode: - description: volumeMode - defines what type of volume - is required by the claim. - Value of Filesystem is - implied when not included - in claim spec. type: string volumeName: - description: volumeName - is the binding reference - to the PersistentVolume - backing this claim. type: string type: object required: @@ -10185,107 +3541,41 @@ spec: type: object type: object fc: - description: fc represents a Fibre Channel - resource that is attached to a kubelet's - host machine and then exposed to the - pod. properties: fsType: - description: 'fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. TODO: how do we - prevent errors in the filesystem - from compromising the machine' type: string lun: - description: 'lun is Optional: FC - target lun number' format: int32 type: integer readOnly: - description: 'readOnly is Optional: - Defaults to false (read/write). - ReadOnly here will force the ReadOnly - setting in VolumeMounts.' type: boolean targetWWNs: - description: 'targetWWNs is Optional: - FC target worldwide names (WWNs)' items: type: string type: array x-kubernetes-list-type: atomic wwids: - description: 'wwids Optional: FC - volume world wide identifiers - (wwids) Either wwids or combination - of targetWWNs and lun must be - set, but not both simultaneously.' items: type: string type: array x-kubernetes-list-type: atomic type: object flexVolume: - description: flexVolume represents a - generic volume resource that is provisioned/attached - using an exec based plugin. properties: driver: - description: driver is the name - of the driver to use for this - volume. type: string fsType: - description: fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - The default filesystem depends - on FlexVolume script. type: string options: additionalProperties: type: string - description: 'options is Optional: - this field holds extra command - options if any.' type: object readOnly: - description: 'readOnly is Optional: - defaults to false (read/write). - ReadOnly here will force the ReadOnly - setting in VolumeMounts.' type: boolean secretRef: - description: 'secretRef is Optional: - secretRef is reference to the - secret object containing sensitive - information to pass to the plugin - scripts. This may be empty if - no secret object is specified. - If the secret object contains - more than one secret, all secrets - are passed to the plugin scripts.' properties: name: default: "" - description: 'Name of the referent. - This field is effectively - required, but due to backwards - compatibility is allowed to - be empty. Instances of this - type with an empty value here - are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic @@ -10293,219 +3583,79 @@ spec: - driver type: object flocker: - description: flocker represents a Flocker - volume attached to a kubelet's host - machine. This depends on the Flocker - control service being running properties: datasetName: - description: datasetName is Name - of the dataset stored as metadata - -> name on the dataset for Flocker - should be considered as deprecated type: string datasetUUID: - description: datasetUUID is the - UUID of the dataset. This is unique - identifier of a Flocker dataset type: string type: object gcePersistentDisk: - description: 'gcePersistentDisk represents - a GCE Disk resource that is attached - to a kubelet''s host machine and then - exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' properties: fsType: - description: 'fsType is filesystem - type of the volume that you want - to mount. Tip: Ensure that the - filesystem type is supported by - the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors - in the filesystem from compromising - the machine' type: string partition: - description: 'partition is the partition - in the volume that you want to - mount. If omitted, the default - is to mount by volume name. Examples: - For volume /dev/sda1, you specify - the partition as "1". Similarly, - the volume partition for /dev/sda - is "0" (or you can leave the property - empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' format: int32 type: integer pdName: - description: 'pdName is unique name - of the PD resource in GCE. Used - to identify the disk in GCE. More - info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: string readOnly: - description: 'readOnly here will - force the ReadOnly setting in - VolumeMounts. Defaults to false. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: boolean required: - pdName type: object glusterfs: - description: 'glusterfs represents a - Glusterfs mount on the host that shares - a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' properties: endpoints: - description: 'endpoints is the endpoint - name that details Glusterfs topology. - More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string path: - description: 'path is the Glusterfs - volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string readOnly: - description: 'readOnly here will - force the Glusterfs volume to - be mounted with read-only permissions. - Defaults to false. More info: - https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: boolean required: - endpoints - path type: object hostPath: - description: 'hostPath represents a - pre-existing file or directory on - the host machine that is directly - exposed to the container. This is - generally used for system agents or - other privileged things that are allowed - to see the host machine. Most containers - will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict - who can use host directory mounts - and who can/can not mount host directories - as read/write.' properties: path: - description: 'path of the directory - on the host. If the path is a - symlink, it will follow the link - to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string type: - description: 'type for HostPath - Volume Defaults to "" More info: - https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string required: - path type: object iscsi: - description: 'iscsi represents an ISCSI - Disk resource that is attached to - a kubelet''s host machine and then - exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' properties: chapAuthDiscovery: - description: chapAuthDiscovery defines - whether support iSCSI Discovery - CHAP authentication type: boolean chapAuthSession: - description: chapAuthSession defines - whether support iSCSI Session - CHAP authentication type: boolean fsType: - description: 'fsType is the filesystem - type of the volume that you want - to mount. Tip: Ensure that the - filesystem type is supported by - the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors - in the filesystem from compromising - the machine' type: string initiatorName: - description: initiatorName is the - custom iSCSI Initiator Name. If - initiatorName is specified with - iscsiInterface simultaneously, - new iSCSI interface : will be created for the - connection. type: string iqn: - description: iqn is the target iSCSI - Qualified Name. type: string iscsiInterface: - description: iscsiInterface is the - interface Name that uses an iSCSI - transport. Defaults to 'default' - (tcp). type: string lun: - description: lun represents iSCSI - Target Lun number. format: int32 type: integer portals: - description: portals is the iSCSI - Target Portal List. The portal - is either an IP or ip_addr:port - if the port is other than default - (typically TCP ports 860 and 3260). items: type: string type: array x-kubernetes-list-type: atomic readOnly: - description: readOnly here will - force the ReadOnly setting in - VolumeMounts. Defaults to false. type: boolean secretRef: - description: secretRef is the CHAP - Secret for iSCSI target and initiator - authentication properties: name: default: "" - description: 'Name of the referent. - This field is effectively - required, but due to backwards - compatibility is allowed to - be empty. Instances of this - type with an empty value here - are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic targetPortal: - description: targetPortal is iSCSI - Target Portal. The Portal is either - an IP or ip_addr:port if the port - is other than default (typically - TCP ports 860 and 3260). type: string required: - iqn @@ -10513,221 +3663,66 @@ spec: - targetPortal type: object nfs: - description: 'nfs represents an NFS - mount on the host that shares a pod''s - lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' properties: path: - description: 'path that is exported - by the NFS server. More info: - https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string readOnly: - description: 'readOnly here will - force the NFS export to be mounted - with read-only permissions. Defaults - to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: boolean server: - description: 'server is the hostname - or IP address of the NFS server. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string required: - path - server type: object persistentVolumeClaim: - description: 'persistentVolumeClaimVolumeSource - represents a reference to a PersistentVolumeClaim - in the same namespace. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: claimName: - description: 'claimName is the name - of a PersistentVolumeClaim in - the same namespace as the pod - using this volume. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' type: string readOnly: - description: readOnly Will force - the ReadOnly setting in VolumeMounts. - Default false. type: boolean required: - claimName type: object photonPersistentDisk: - description: photonPersistentDisk represents - a PhotonController persistent disk - attached and mounted on kubelets host - machine properties: fsType: - description: fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. type: string pdID: - description: pdID is the ID that - identifies Photon Controller persistent - disk type: string required: - pdID type: object portworxVolume: - description: portworxVolume represents - a portworx volume attached and mounted - on kubelets host machine properties: fsType: - description: fSType represents the - filesystem type to mount Must - be a filesystem type supported - by the host operating system. - Ex. "ext4", "xfs". Implicitly - inferred to be "ext4" if unspecified. type: string readOnly: - description: readOnly defaults to - false (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. type: boolean volumeID: - description: volumeID uniquely identifies - a Portworx volume type: string required: - volumeID type: object projected: - description: projected items for all - in one resources secrets, configmaps, - and downward API properties: defaultMode: - description: defaultMode are the - mode bits used to set permissions - on created files by default. Must - be an octal value between 0000 - and 0777 or a decimal value between - 0 and 511. YAML accepts both octal - and decimal values, JSON requires - decimal values for mode bits. - Directories within the path are - not affected by this setting. - This might be in conflict with - other options that affect the - file mode, like fsGroup, and the - result can be other mode bits - set. format: int32 type: integer sources: - description: sources is the list - of volume projections items: - description: Projection that may - be projected along with other - supported volume types properties: clusterTrustBundle: - description: "ClusterTrustBundle - allows a pod to access the - `.spec.trustBundle` field - of ClusterTrustBundle objects - in an auto-updating file. - \n Alpha, gated by the ClusterTrustBundleProjection - feature gate. \n ClusterTrustBundle - objects can either be selected - by name, or by the combination - of signer name and a label - selector. \n Kubelet performs - aggressive normalization - of the PEM contents written - into the pod filesystem. - \ Esoteric PEM features - such as inter-block comments - and block headers are stripped. - \ Certificates are deduplicated. - The ordering of certificates - within the file is arbitrary, - and Kubelet may change the - order over time." properties: labelSelector: - description: Select all - ClusterTrustBundles - that match this label - selector. Only has - effect if signerName - is set. Mutually-exclusive - with name. If unset, - interpreted as "match - nothing". If set but - empty, interpreted as - "match everything". properties: matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements - are ANDed. items: - description: A label - selector requirement - is a selector - that contains - values, a key, - and an operator - that relates the - key and values. properties: key: - description: key - is the label - key that the - selector applies - to. type: string operator: - description: operator - represents - a key's relationship - to a set of - values. Valid - operators - are In, NotIn, - Exists and - DoesNotExist. type: string values: - description: values - is an array - of string - values. If - the operator - is In or NotIn, - the values - array must - be non-empty. - If the operator - is Exists - or DoesNotExist, - the values - array must - be empty. - This array - is replaced - during a strategic - merge patch. items: type: string type: array @@ -10741,142 +3736,31 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single - {key,value} in the - matchLabels map - is equivalent to - an element of matchExpressions, - whose key field - is "key", the operator - is "In", and the - values array contains - only "value". The - requirements are - ANDed. type: object type: object x-kubernetes-map-type: atomic name: - description: Select a - single ClusterTrustBundle - by object name. Mutually-exclusive - with signerName and - labelSelector. type: string optional: - description: If true, - don't block pod startup - if the referenced ClusterTrustBundle(s) - aren't available. If - using name, then the - named ClusterTrustBundle - is allowed not to exist. If - using signerName, then - the combination of signerName - and labelSelector is - allowed to match zero - ClusterTrustBundles. type: boolean path: - description: Relative - path from the volume - root to write the bundle. type: string signerName: - description: Select all - ClusterTrustBundles - that match this signer - name. Mutually-exclusive - with name. The contents - of all selected ClusterTrustBundles - will be unified and - deduplicated. type: string required: - path type: object configMap: - description: configMap information - about the configMap data - to project properties: items: - description: items if - unspecified, each key-value - pair in the Data field - of the referenced ConfigMap - will be projected into - the volume as a file - whose name is the key - and content is the value. - If specified, the listed - keys will be projected - into the specified paths, - and unlisted keys will - not be present. If a - key is specified which - is not present in the - ConfigMap, the volume - setup will error unless - it is marked optional. - Paths must be relative - and may not contain - the '..' path or start - with '..'. items: - description: Maps a - string key to a path - within a volume. properties: key: - description: key - is the key to - project. type: string mode: - description: 'mode - is Optional: mode - bits used to set - permissions on - this file. Must - be an octal value - between 0000 and - 0777 or a decimal - value between - 0 and 511. YAML - accepts both octal - and decimal values, - JSON requires - decimal values - for mode bits. - If not specified, - the volume defaultMode - will be used. - This might be - in conflict with - other options - that affect the - file mode, like - fsGroup, and the - result can be - other mode bits - set.' format: int32 type: integer path: - description: path - is the relative - path of the file - to map the key - to. May not be - an absolute path. - May not contain - the path element - '..'. May not - start with the - string '..'. type: string required: - key @@ -10886,155 +3770,42 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of - the referent. This field - is effectively required, - but due to backwards - compatibility is allowed - to be empty. Instances - of this type with an - empty value here are - almost certainly wrong. - TODO: Add other useful - fields. apiVersion, - kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional - specify whether the - ConfigMap or its keys - must be defined type: boolean type: object x-kubernetes-map-type: atomic downwardAPI: - description: downwardAPI information - about the downwardAPI data - to project properties: items: - description: Items is - a list of DownwardAPIVolume - file items: - description: DownwardAPIVolumeFile - represents information - to create the file - containing the pod - field properties: fieldRef: - description: 'Required: - Selects a field - of the pod: only - annotations, labels, - name, namespace - and uid are supported.' properties: apiVersion: - description: Version - of the schema - the FieldPath - is written - in terms of, - defaults to - "v1". type: string fieldPath: - description: Path - of the field - to select - in the specified - API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: - mode bits used - to set permissions - on this file, - must be an octal - value between - 0000 and 0777 - or a decimal value - between 0 and - 511. YAML accepts - both octal and - decimal values, - JSON requires - decimal values - for mode bits. - If not specified, - the volume defaultMode - will be used. - This might be - in conflict with - other options - that affect the - file mode, like - fsGroup, and the - result can be - other mode bits - set.' format: int32 type: integer path: - description: 'Required: - Path is the relative - path name of the - file to be created. - Must not be absolute - or contain the - ''..'' path. Must - be utf-8 encoded. - The first item - of the relative - path must not - start with ''..''' type: string resourceFieldRef: - description: 'Selects - a resource of - the container: - only resources - limits and requests - (limits.cpu, limits.memory, - requests.cpu and - requests.memory) - are currently - supported.' properties: containerName: - description: 'Container - name: required - for volumes, - optional for - env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies - the output - format of - the exposed - resources, - defaults to - "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: - resource to - select' type: string required: - resource @@ -11047,85 +3818,16 @@ spec: x-kubernetes-list-type: atomic type: object secret: - description: secret information - about the secret data to - project properties: items: - description: items if - unspecified, each key-value - pair in the Data field - of the referenced Secret - will be projected into - the volume as a file - whose name is the key - and content is the value. - If specified, the listed - keys will be projected - into the specified paths, - and unlisted keys will - not be present. If a - key is specified which - is not present in the - Secret, the volume setup - will error unless it - is marked optional. - Paths must be relative - and may not contain - the '..' path or start - with '..'. items: - description: Maps a - string key to a path - within a volume. properties: key: - description: key - is the key to - project. type: string mode: - description: 'mode - is Optional: mode - bits used to set - permissions on - this file. Must - be an octal value - between 0000 and - 0777 or a decimal - value between - 0 and 511. YAML - accepts both octal - and decimal values, - JSON requires - decimal values - for mode bits. - If not specified, - the volume defaultMode - will be used. - This might be - in conflict with - other options - that affect the - file mode, like - fsGroup, and the - result can be - other mode bits - set.' format: int32 type: integer path: - description: path - is the relative - path of the file - to map the key - to. May not be - an absolute path. - May not contain - the path element - '..'. May not - start with the - string '..'. type: string required: - key @@ -11135,76 +3837,19 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of - the referent. This field - is effectively required, - but due to backwards - compatibility is allowed - to be empty. Instances - of this type with an - empty value here are - almost certainly wrong. - TODO: Add other useful - fields. apiVersion, - kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional - field specify whether - the Secret or its key - must be defined type: boolean type: object x-kubernetes-map-type: atomic serviceAccountToken: - description: serviceAccountToken - is information about the - serviceAccountToken data - to project properties: audience: - description: audience - is the intended audience - of the token. A recipient - of a token must identify - itself with an identifier - specified in the audience - of the token, and otherwise - should reject the token. - The audience defaults - to the identifier of - the apiserver. type: string expirationSeconds: - description: expirationSeconds - is the requested duration - of validity of the service - account token. As the - token approaches expiration, - the kubelet volume plugin - will proactively rotate - the service account - token. The kubelet will - start trying to rotate - the token if the token - is older than 80 percent - of its time to live - or if the token is older - than 24 hours.Defaults - to 1 hour and must be - at least 10 minutes. format: int64 type: integer path: - description: path is the - path relative to the - mount point of the file - to project the token - into. type: string required: - path @@ -11214,209 +3859,79 @@ spec: x-kubernetes-list-type: atomic type: object quobyte: - description: quobyte represents a Quobyte - mount on the host that shares a pod's - lifetime properties: group: - description: group to map volume - access to Default is no group type: string readOnly: - description: readOnly here will - force the Quobyte volume to be - mounted with read-only permissions. - Defaults to false. type: boolean registry: - description: registry represents - a single or multiple Quobyte Registry - services specified as a string - as host:port pair (multiple entries - are separated with commas) which - acts as the central registry for - volumes type: string tenant: - description: tenant owning the given - Quobyte volume in the Backend - Used with dynamically provisioned - Quobyte volumes, value is set - by the plugin type: string user: - description: user to map volume - access to Defaults to serivceaccount - user type: string volume: - description: volume is a string - that references an already created - Quobyte volume by name. type: string required: - registry - volume type: object rbd: - description: 'rbd represents a Rados - Block Device mount on the host that - shares a pod''s lifetime. More info: - https://examples.k8s.io/volumes/rbd/README.md' properties: fsType: - description: 'fsType is the filesystem - type of the volume that you want - to mount. Tip: Ensure that the - filesystem type is supported by - the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors - in the filesystem from compromising - the machine' type: string image: - description: 'image is the rados - image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string keyring: - description: 'keyring is the path - to key ring for RBDUser. Default - is /etc/ceph/keyring. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string monitors: - description: 'monitors is a collection - of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' items: type: string type: array x-kubernetes-list-type: atomic pool: - description: 'pool is the rados - pool name. Default is rbd. More - info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string readOnly: - description: 'readOnly here will - force the ReadOnly setting in - VolumeMounts. Defaults to false. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: boolean secretRef: - description: 'secretRef is name - of the authentication secret for - RBDUser. If provided overrides - keyring. Default is nil. More - info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' properties: name: default: "" - description: 'Name of the referent. - This field is effectively - required, but due to backwards - compatibility is allowed to - be empty. Instances of this - type with an empty value here - are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is the rados - user name. Default is admin. More - info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string required: - image - monitors type: object scaleIO: - description: scaleIO represents a ScaleIO - persistent volume attached and mounted - on Kubernetes nodes. properties: fsType: - description: fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Default is "xfs". type: string gateway: - description: gateway is the host - address of the ScaleIO API Gateway. type: string protectionDomain: - description: protectionDomain is - the name of the ScaleIO Protection - Domain for the configured storage. type: string readOnly: - description: readOnly Defaults to - false (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. type: boolean secretRef: - description: secretRef references - to the secret for ScaleIO user - and other sensitive information. - If this is not provided, Login - operation will fail. properties: name: default: "" - description: 'Name of the referent. - This field is effectively - required, but due to backwards - compatibility is allowed to - be empty. Instances of this - type with an empty value here - are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic sslEnabled: - description: sslEnabled Flag enable/disable - SSL communication with Gateway, - default false type: boolean storageMode: - description: storageMode indicates - whether the storage for a volume - should be ThickProvisioned or - ThinProvisioned. Default is ThinProvisioned. type: string storagePool: - description: storagePool is the - ScaleIO Storage Pool associated - with the protection domain. type: string system: - description: system is the name - of the storage system as configured - in ScaleIO. type: string volumeName: - description: volumeName is the name - of a volume already created in - the ScaleIO system that is associated - with this volume source. type: string required: - gateway @@ -11424,79 +3939,19 @@ spec: - system type: object secret: - description: 'secret represents a secret - that should populate this volume. - More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' properties: defaultMode: - description: 'defaultMode is Optional: - mode bits used to set permissions - on created files by default. Must - be an octal value between 0000 - and 0777 or a decimal value between - 0 and 511. YAML accepts both octal - and decimal values, JSON requires - decimal values for mode bits. - Defaults to 0644. Directories - within the path are not affected - by this setting. This might be - in conflict with other options - that affect the file mode, like - fsGroup, and the result can be - other mode bits set.' format: int32 type: integer items: - description: items If unspecified, - each key-value pair in the Data - field of the referenced Secret - will be projected into the volume - as a file whose name is the key - and content is the value. If specified, - the listed keys will be projected - into the specified paths, and - unlisted keys will not be present. - If a key is specified which is - not present in the Secret, the - volume setup will error unless - it is marked optional. Paths must - be relative and may not contain - the '..' path or start with '..'. items: - description: Maps a string key - to a path within a volume. properties: key: - description: key is the key - to project. type: string mode: - description: 'mode is Optional: - mode bits used to set permissions - on this file. Must be an - octal value between 0000 - and 0777 or a decimal value - between 0 and 511. YAML - accepts both octal and decimal - values, JSON requires decimal - values for mode bits. If - not specified, the volume - defaultMode will be used. - This might be in conflict - with other options that - affect the file mode, like - fsGroup, and the result - can be other mode bits set.' format: int32 type: integer path: - description: path is the relative - path of the file to map - the key to. May not be an - absolute path. May not contain - the path element '..'. May - not start with the string - '..'. type: string required: - key @@ -11505,245 +3960,60 @@ spec: type: array x-kubernetes-list-type: atomic optional: - description: optional field specify - whether the Secret or its keys - must be defined type: boolean secretName: - description: 'secretName is the - name of the secret in the pod''s - namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' type: string type: object storageos: - description: storageOS represents a - StorageOS volume attached and mounted - on Kubernetes nodes. properties: fsType: - description: fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. type: string readOnly: - description: readOnly defaults to - false (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. type: boolean secretRef: - description: secretRef specifies - the secret to use for obtaining - the StorageOS API credentials. If - not specified, default values - will be attempted. properties: name: default: "" - description: 'Name of the referent. - This field is effectively - required, but due to backwards - compatibility is allowed to - be empty. Instances of this - type with an empty value here - are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic volumeName: - description: volumeName is the human-readable - name of the StorageOS volume. Volume - names are only unique within a - namespace. type: string volumeNamespace: - description: volumeNamespace specifies - the scope of the volume within - StorageOS. If no namespace is - specified then the Pod's namespace - will be used. This allows the - Kubernetes name scoping to be - mirrored within StorageOS for - tighter integration. Set VolumeName - to any name to override the default - behaviour. Set to "default" if - you are not using namespaces within - StorageOS. Namespaces that do - not pre-exist within StorageOS - will be created. type: string type: object volumeClaimTemplate: - description: VolumeClaimTemplate specifies - a template for volume to use by the - backup/restore executor properties: metadata: - description: May contain labels - and annotations that will be copied - into the PVC when creating it. - No other fields are allowed and - will be rejected during validation. properties: annotations: additionalProperties: type: string - description: 'Annotations is - an unstructured key value - map stored with a resource - that may be set by external - tools to store and retrieve - arbitrary metadata. They are - not queryable and should be - preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations' type: object generateName: - description: "GenerateName is - an optional prefix, used by - the server, to generate a - unique name ONLY IF the Name - field has not been provided. - If this field is used, the - name returned to the client - will be different than the - name passed. This value will - also be combined with a unique - suffix. The provided value - has the same validation rules - as the Name field, and may - be truncated by the length - of the suffix required to - make the value unique on the - server. \n If this field is - specified and the generated - name exists, the server will - NOT return a 409 - instead, - it will either return 201 - Created or 500 with Reason - ServerTimeout indicating a - unique name could not be found - in the time allotted, and - the client should retry (optionally - after the time indicated in - the Retry-After header). \n - Applied only if Name is not - specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" type: string labels: additionalProperties: type: string - description: 'Map of string - keys and values that can be - used to organize and categorize - (scope and select) objects. - May match selectors of replication - controllers and services. - More info: http://kubernetes.io/docs/user-guide/labels' type: object name: - description: 'Name must be unique - within a namespace. Is required - when creating resources, although - some resources may allow a - client to request the generation - of an appropriate name automatically. - Name is primarily intended - for creation idempotence and - configuration definition. - Cannot be updated. More info: - http://kubernetes.io/docs/user-guide/identifiers#names' type: string namespace: - description: "Namespace defines - the space within each name - must be unique. An empty namespace - is equivalent to the \"default\" - namespace, but \"default\" - is the canonical representation. - Not all objects are required - to be scoped to a namespace - - the value of this field - for those objects will be - empty. \n Must be a DNS_LABEL. - Cannot be updated. More info: - http://kubernetes.io/docs/user-guide/namespaces" type: string ownerReferences: - description: List of objects - depended by this object. If - ALL objects in the list have - been deleted, this object - will be garbage collected. - If this object is managed - by a controller, then an entry - in this list will point to - this controller, with the - controller field set to true. - There cannot be more than - one managing controller. items: - description: OwnerReference - contains enough information - to let you identify an owning - object. An owning object - must be in the same namespace - as the dependent, or be - cluster-scoped, so there - is no namespace field. properties: apiVersion: - description: API version - of the referent. type: string blockOwnerDeletion: - description: If true, - AND if the owner has - the "foregroundDeletion" - finalizer, then the - owner cannot be deleted - from the key-value store - until this reference - is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion - for how the garbage - collector interacts - with this field and - enforces the foreground - deletion. Defaults to - false. To set this field, - a user needs "delete" - permission of the owner, - otherwise 422 (Unprocessable - Entity) will be returned. type: boolean controller: - description: If true, - this reference points - to the managing controller. type: boolean kind: - description: 'Kind of - the referent. More info: - https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string name: - description: 'Name of - the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: - description: 'UID of the - referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -11755,63 +4025,19 @@ spec: type: array type: object spec: - description: The specification for - the PersistentVolumeClaim. The - entire content is copied unchanged - into the PVC that gets created - from this template. The same fields - as in a PersistentVolumeClaim - are also valid here. properties: accessModes: - description: 'accessModes contains - the desired access modes the - volume should have. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array x-kubernetes-list-type: atomic dataSource: - description: 'dataSource field - can be used to specify either: - * An existing VolumeSnapshot - object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an external - controller can support the - specified data source, it - will create a new volume based - on the contents of the specified - data source. When the AnyVolumeDataSource - feature gate is enabled, dataSource - contents will be copied to - dataSourceRef, and dataSourceRef - contents will be copied to - dataSource when dataSourceRef.namespace - is not specified. If the namespace - is specified, then dataSourceRef - will not be copied to dataSource.' properties: apiGroup: - description: APIGroup is - the group for the resource - being referenced. If APIGroup - is not specified, the - specified Kind must be - in the core API group. - For any other third-party - types, APIGroup is required. type: string kind: - description: Kind is the - type of resource being - referenced type: string name: - description: Name is the - name of resource being - referenced type: string required: - kind @@ -11819,110 +4045,20 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef - specifies the object from - which to populate the volume - with data, if a non-empty - volume is desired. This may - be any object from a non-empty - API group (non core object) - or a PersistentVolumeClaim - object. When this field is - specified, volume binding - will only succeed if the type - of the specified object matches - some installed volume populator - or dynamic provisioner. This - field will replace the functionality - of the dataSource field and - as such if both fields are - non-empty, they must have - the same value. For backwards - compatibility, when namespace - isn''t specified in dataSourceRef, - both fields (dataSource and - dataSourceRef) will be set - to the same value automatically - if one of them is empty and - the other is non-empty. When - namespace is specified in - dataSourceRef, dataSource - isn''t set to the same value - and must be empty. There are - three important differences - between dataSource and dataSourceRef: - * While dataSource only allows - two specific types of objects, - dataSourceRef allows any non-core - object, as well as PersistentVolumeClaim - objects. * While dataSource - ignores disallowed values - (dropping them), dataSourceRef - preserves all values, and - generates an error if a disallowed - value is specified. * While - dataSource only allows local - objects, dataSourceRef allows - objects in any namespaces. - (Beta) Using this field requires - the AnyVolumeDataSource feature - gate to be enabled. (Alpha) - Using the namespace field - of dataSourceRef requires - the CrossNamespaceVolumeDataSource - feature gate to be enabled.' properties: apiGroup: - description: APIGroup is - the group for the resource - being referenced. If APIGroup - is not specified, the - specified Kind must be - in the core API group. - For any other third-party - types, APIGroup is required. type: string kind: - description: Kind is the - type of resource being - referenced type: string name: - description: Name is the - name of resource being - referenced type: string namespace: - description: Namespace is - the namespace of resource - being referenced Note - that when a namespace - is specified, a gateway.networking.k8s.io/ReferenceGrant - object is required in - the referent namespace - to allow that namespace's - owner to accept the reference. - See the ReferenceGrant - documentation for details. - (Alpha) This field requires - the CrossNamespaceVolumeDataSource - feature gate to be enabled. type: string required: - kind - name type: object resources: - description: 'resources represents - the minimum resources the - volume should have. If RecoverVolumeExpansionFailure - feature is enabled users are - allowed to specify resource - requirements that are lower - than previous value but must - still be higher than capacity - recorded in the status field - of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: @@ -11931,10 +4067,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes - the maximum amount of - compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -11943,66 +4075,18 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes - the minimum amount of - compute resources required. - If Requests is omitted - for a container, it defaults - to Limits if that is explicitly - specified, otherwise to - an implementation-defined - value. Requests cannot - exceed Limits. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: - description: selector is a label - query over volumes to consider - for binding. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key - and values. properties: key: - description: key is - the label key that - the selector applies - to. type: string operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values - is an array of string - values. If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. This - array is replaced - during a strategic - merge patch. items: type: string type: array @@ -12016,102 +4100,30 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an element - of matchExpressions, whose - key field is "key", the - operator is "In", and - the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName - is the name of the StorageClass - required by the claim. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeAttributesClassName: - description: 'volumeAttributesClassName - may be used to set the VolumeAttributesClass - used by this claim. If specified, - the CSI driver will create - or update the volume with - the attributes defined in - the corresponding VolumeAttributesClass. - This has a different purpose - than storageClassName, it - can be changed after the claim - is created. An empty string - value means that no VolumeAttributesClass - will be applied to the claim - but it''s not allowed to reset - this field to empty string - once it is set. If unspecified - and the PersistentVolumeClaim - is unbound, the default VolumeAttributesClass - will be set by the persistentvolume - controller if it exists. If - the resource referred to by - volumeAttributesClass does - not exist, this PersistentVolumeClaim - will be set to a Pending state, - as reflected by the modifyVolumeStatus - field, until such as a resource - exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires - the VolumeAttributesClass - feature gate to be enabled.' type: string volumeMode: - description: volumeMode defines - what type of volume is required - by the claim. Value of Filesystem - is implied when not included - in claim spec. type: string volumeName: - description: volumeName is the - binding reference to the PersistentVolume - backing this claim. type: string type: object required: - spec type: object vsphereVolume: - description: vsphereVolume represents - a vSphere volume attached and mounted - on kubelets host machine properties: fsType: - description: fsType is filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. type: string storagePolicyID: - description: storagePolicyID is - the storage Policy Based Management - (SPBM) profile ID associated with - the StoragePolicyName. type: string storagePolicyName: - description: storagePolicyName is - the storage Policy Based Management - (SPBM) profile name. type: string volumePath: - description: volumePath is the path - that identifies vSphere volume - vmdk type: string required: - volumePath @@ -12120,183 +4132,49 @@ spec: type: object type: array name: - description: Name indicates to the name of the - task type: string params: - description: Params specifies parameters for the - task. You must provide the parameter in the - Addon desired structure. type: object x-kubernetes-preserve-unknown-fields: true targetVolumes: - description: TargetVolumes specifies which volumes - from the target should be mounted in the backup/restore - job/container. properties: volumeClaimTemplates: - description: VolumeClaimTemplates specifies - a template for the PersistentVolumeClaims - that will be created for each Pod in a StatefulSet. items: - description: PersistentVolumeClaim is a - user's request for and claim to a persistent - volume properties: apiVersion: - description: 'APIVersion defines the - versioned schema of this representation - of an object. Servers should convert - recognized schemas to the latest internal - value, and may reject unrecognized - values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value - representing the REST resource this - object represents. Servers may infer - this from the endpoint the client - submits requests to. Cannot be updated. - In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: - description: 'Standard object''s metadata. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' properties: annotations: additionalProperties: type: string - description: 'Annotations is an - unstructured key value map stored - with a resource that may be set - by external tools to store and - retrieve arbitrary metadata. They - are not queryable and should be - preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations' type: object generateName: - description: "GenerateName is an - optional prefix, used by the server, - to generate a unique name ONLY - IF the Name field has not been - provided. If this field is used, - the name returned to the client - will be different than the name - passed. This value will also be - combined with a unique suffix. - The provided value has the same - validation rules as the Name field, - and may be truncated by the length - of the suffix required to make - the value unique on the server. - \n If this field is specified - and the generated name exists, - the server will NOT return a 409 - - instead, it will either return - 201 Created or 500 with Reason - ServerTimeout indicating a unique - name could not be found in the - time allotted, and the client - should retry (optionally after - the time indicated in the Retry-After - header). \n Applied only if Name - is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" type: string labels: additionalProperties: type: string - description: 'Map of string keys - and values that can be used to - organize and categorize (scope - and select) objects. May match - selectors of replication controllers - and services. More info: http://kubernetes.io/docs/user-guide/labels' type: object name: - description: 'Name must be unique - within a namespace. Is required - when creating resources, although - some resources may allow a client - to request the generation of an - appropriate name automatically. - Name is primarily intended for - creation idempotence and configuration - definition. Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' type: string namespace: - description: "Namespace defines - the space within each name must - be unique. An empty namespace - is equivalent to the \"default\" - namespace, but \"default\" is - the canonical representation. - Not all objects are required to - be scoped to a namespace - the - value of this field for those - objects will be empty. \n Must - be a DNS_LABEL. Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/namespaces" type: string ownerReferences: - description: List of objects depended - by this object. If ALL objects - in the list have been deleted, - this object will be garbage collected. - If this object is managed by a - controller, then an entry in this - list will point to this controller, - with the controller field set - to true. There cannot be more - than one managing controller. items: - description: OwnerReference contains - enough information to let you - identify an owning object. An - owning object must be in the - same namespace as the dependent, - or be cluster-scoped, so there - is no namespace field. properties: apiVersion: - description: API version of - the referent. type: string blockOwnerDeletion: - description: If true, AND - if the owner has the "foregroundDeletion" - finalizer, then the owner - cannot be deleted from the - key-value store until this - reference is removed. See - https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion - for how the garbage collector - interacts with this field - and enforces the foreground - deletion. Defaults to false. - To set this field, a user - needs "delete" permission - of the owner, otherwise - 422 (Unprocessable Entity) - will be returned. type: boolean controller: - description: If true, this - reference points to the - managing controller. type: boolean kind: - description: 'Kind of the - referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: - description: 'UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -12308,54 +4186,19 @@ spec: type: array type: object spec: - description: 'Spec defines the desired - characteristics of a volume requested - by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: accessModes: - description: 'accessModes contains - the desired access modes the volume - should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array x-kubernetes-list-type: atomic dataSource: - description: 'dataSource field can - be used to specify either: * An - existing VolumeSnapshot object - (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an external - controller can support the specified - data source, it will create a - new volume based on the contents - of the specified data source. - When the AnyVolumeDataSource feature - gate is enabled, dataSource contents - will be copied to dataSourceRef, - and dataSourceRef contents will - be copied to dataSource when dataSourceRef.namespace - is not specified. If the namespace - is specified, then dataSourceRef - will not be copied to dataSource.' properties: apiGroup: - description: APIGroup is the - group for the resource being - referenced. If APIGroup is - not specified, the specified - Kind must be in the core API - group. For any other third-party - types, APIGroup is required. type: string kind: - description: Kind is the type - of resource being referenced type: string name: - description: Name is the name - of resource being referenced type: string required: - kind @@ -12363,98 +4206,20 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef specifies - the object from which to populate - the volume with data, if a non-empty - volume is desired. This may be - any object from a non-empty API - group (non core object) or a PersistentVolumeClaim - object. When this field is specified, - volume binding will only succeed - if the type of the specified object - matches some installed volume - populator or dynamic provisioner. - This field will replace the functionality - of the dataSource field and as - such if both fields are non-empty, - they must have the same value. - For backwards compatibility, when - namespace isn''t specified in - dataSourceRef, both fields (dataSource - and dataSourceRef) will be set - to the same value automatically - if one of them is empty and the - other is non-empty. When namespace - is specified in dataSourceRef, - dataSource isn''t set to the same - value and must be empty. There - are three important differences - between dataSource and dataSourceRef: - * While dataSource only allows - two specific types of objects, - dataSourceRef allows any non-core - object, as well as PersistentVolumeClaim - objects. * While dataSource ignores - disallowed values (dropping them), - dataSourceRef preserves all values, - and generates an error if a disallowed - value is specified. * While dataSource - only allows local objects, dataSourceRef - allows objects in any namespaces. - (Beta) Using this field requires - the AnyVolumeDataSource feature - gate to be enabled. (Alpha) Using - the namespace field of dataSourceRef - requires the CrossNamespaceVolumeDataSource - feature gate to be enabled.' properties: apiGroup: - description: APIGroup is the - group for the resource being - referenced. If APIGroup is - not specified, the specified - Kind must be in the core API - group. For any other third-party - types, APIGroup is required. type: string kind: - description: Kind is the type - of resource being referenced type: string name: - description: Name is the name - of resource being referenced type: string namespace: - description: Namespace is the - namespace of resource being - referenced Note that when - a namespace is specified, - a gateway.networking.k8s.io/ReferenceGrant - object is required in the - referent namespace to allow - that namespace's owner to - accept the reference. See - the ReferenceGrant documentation - for details. (Alpha) This - field requires the CrossNamespaceVolumeDataSource - feature gate to be enabled. type: string required: - kind - name type: object resources: - description: 'resources represents - the minimum resources the volume - should have. If RecoverVolumeExpansionFailure - feature is enabled users are allowed - to specify resource requirements - that are lower than previous value - but must still be higher than - capacity recorded in the status - field of the claim. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: @@ -12463,10 +4228,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes - the maximum amount of compute - resources allowed. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -12475,59 +4236,18 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes - the minimum amount of compute - resources required. If Requests - is omitted for a container, - it defaults to Limits if that - is explicitly specified, otherwise - to an implementation-defined - value. Requests cannot exceed - Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: - description: selector is a label - query over volumes to consider - for binding. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, a - key, and an operator that - relates the key and values. properties: key: - description: key is the - label key that the selector - applies to. type: string operator: - description: operator - represents a key's relationship - to a set of values. - Valid operators are - In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is - an array of string values. - If the operator is In - or NotIn, the values - array must be non-empty. - If the operator is Exists - or DoesNotExist, the - values array must be - empty. This array is - replaced during a strategic - merge patch. items: type: string type: array @@ -12541,148 +4261,28 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in the - matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName is - the name of the StorageClass required - by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeAttributesClassName: - description: 'volumeAttributesClassName - may be used to set the VolumeAttributesClass - used by this claim. If specified, - the CSI driver will create or - update the volume with the attributes - defined in the corresponding VolumeAttributesClass. - This has a different purpose than - storageClassName, it can be changed - after the claim is created. An - empty string value means that - no VolumeAttributesClass will - be applied to the claim but it''s - not allowed to reset this field - to empty string once it is set. - If unspecified and the PersistentVolumeClaim - is unbound, the default VolumeAttributesClass - will be set by the persistentvolume - controller if it exists. If the - resource referred to by volumeAttributesClass - does not exist, this PersistentVolumeClaim - will be set to a Pending state, - as reflected by the modifyVolumeStatus - field, until such as a resource - exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires - the VolumeAttributesClass feature - gate to be enabled.' type: string volumeMode: - description: volumeMode defines - what type of volume is required - by the claim. Value of Filesystem - is implied when not included in - claim spec. type: string volumeName: - description: volumeName is the binding - reference to the PersistentVolume - backing this claim. type: string type: object status: - description: 'Status represents the - current information/status of a persistent - volume claim. Read-only. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: accessModes: - description: 'accessModes contains - the actual access modes the volume - backing the PVC has. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array x-kubernetes-list-type: atomic allocatedResourceStatuses: additionalProperties: - description: When a controller - receives persistentvolume claim - update with ClaimResourceStatus - for a resource that it does - not recognizes, then it should - ignore that update and let other - controllers handle it. type: string - description: "allocatedResourceStatuses - stores status of resource being - resized for the given PVC. Key - names follow standard Kubernetes - label syntax. Valid values are - either: * Un-prefixed keys: - - storage - the capacity of the - volume. * Custom resources must - use implementation-defined prefixed - names such as \"example.com/my-custom-resource\" - Apart from above values - keys - that are unprefixed or have kubernetes.io - prefix are considered reserved - and hence may not be used. \n - ClaimResourceStatus can be in - any of following states: - ControllerResizeInProgress: - State set when resize controller - starts resizing the volume in - control-plane. - ControllerResizeFailed: - State set when resize has failed - in resize controller with a terminal - error. - NodeResizePending: State - set when resize controller has - finished resizing the volume but - further resizing of volume is - needed on the node. - NodeResizeInProgress: - State set when kubelet starts - resizing the volume. - NodeResizeFailed: - State set when resizing has failed - in kubelet with a terminal error. - Transient errors don't set NodeResizeFailed. - For example: if expanding a PVC - for more capacity - this field - can be one of the following states: - - pvc.status.allocatedResourceStatus['storage'] - = \"ControllerResizeInProgress\" - - pvc.status.allocatedResourceStatus['storage'] - = \"ControllerResizeFailed\" - - pvc.status.allocatedResourceStatus['storage'] - = \"NodeResizePending\" - pvc.status.allocatedResourceStatus['storage'] - = \"NodeResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] - = \"NodeResizeFailed\" When this - field is not set, it means that - no resize operation is in progress - for the given PVC. \n A controller - that receives PVC update with - previously unknown resourceName - or ClaimResourceStatus should - ignore the update for the purpose - it was designed. For example - - a controller that only is responsible - for resizing capacity of the volume, - should ignore PVC updates that - change other valid resources associated - with PVC. \n This is an alpha - field and requires enabling RecoverVolumeExpansionFailure - feature." type: object x-kubernetes-map-type: granular allocatedResources: @@ -12692,47 +4292,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: "allocatedResources - tracks the resources allocated - to a PVC including its capacity. - Key names follow standard Kubernetes - label syntax. Valid values are - either: * Un-prefixed keys: - - storage - the capacity of the - volume. * Custom resources must - use implementation-defined prefixed - names such as \"example.com/my-custom-resource\" - Apart from above values - keys - that are unprefixed or have kubernetes.io - prefix are considered reserved - and hence may not be used. \n - Capacity reported here may be - larger than the actual capacity - when a volume expansion operation - is requested. For storage quota, - the larger value from allocatedResources - and PVC.spec.resources is used. - If allocatedResources is not set, - PVC.spec.resources alone is used - for quota calculation. If a volume - expansion capacity request is - lowered, allocatedResources is - only lowered if there are no expansion - operations in progress and if - the actual volume capacity is - equal or lower than the requested - capacity. \n A controller that - receives PVC update with previously - unknown resourceName should ignore - the update for the purpose it - was designed. For example - a - controller that only is responsible - for resizing capacity of the volume, - should ignore PVC updates that - change other valid resources associated - with PVC. \n This is an alpha - field and requires enabling RecoverVolumeExpansionFailure - feature." type: object capacity: additionalProperties: @@ -12741,55 +4300,23 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: capacity represents - the actual resources of the underlying - volume. type: object conditions: - description: conditions is the current - Condition of persistent volume - claim. If underlying persistent - volume is being resized then the - Condition will be set to 'Resizing'. items: - description: PersistentVolumeClaimCondition - contains details about state - of pvc properties: lastProbeTime: - description: lastProbeTime - is the time we probed the - condition. format: date-time type: string lastTransitionTime: - description: lastTransitionTime - is the time the condition - transitioned from one status - to another. format: date-time type: string message: - description: message is the - human-readable message indicating - details about last transition. type: string reason: - description: reason is a unique, - this should be a short, - machine understandable string - that gives the reason for - condition's last transition. - If it reports "Resizing" - that means the underlying - persistent volume is being - resized. type: string status: type: string type: - description: PersistentVolumeClaimConditionType - is a valid value of PersistentVolumeClaimCondition.Type type: string required: - status @@ -12800,134 +4327,37 @@ spec: - type x-kubernetes-list-type: map currentVolumeAttributesClassName: - description: currentVolumeAttributesClassName - is the current name of the VolumeAttributesClass - the PVC is using. When unset, - there is no VolumeAttributeClass - applied to this PersistentVolumeClaim - This is an alpha field and requires - enabling VolumeAttributesClass - feature. type: string modifyVolumeStatus: - description: ModifyVolumeStatus - represents the status object of - ControllerModifyVolume operation. - When this is unset, there is no - ModifyVolume operation being attempted. - This is an alpha field and requires - enabling VolumeAttributesClass - feature. properties: status: - description: 'status is the - status of the ControllerModifyVolume - operation. It can be in any - of following states: - Pending - Pending indicates that the - PersistentVolumeClaim cannot - be modified due to unmet requirements, - such as the specified VolumeAttributesClass - not existing. - InProgress - InProgress indicates that - the volume is being modified. - - Infeasible Infeasible indicates - that the request has been - rejected as invalid by the - CSI driver. To resolve the - error, a valid VolumeAttributesClass - needs to be specified. Note: - New statuses can be added - in the future. Consumers should - check for unknown statuses - and fail appropriately.' type: string targetVolumeAttributesClassName: - description: targetVolumeAttributesClassName - is the name of the VolumeAttributesClass - the PVC currently being reconciled type: string required: - status type: object phase: - description: phase represents the - current phase of PersistentVolumeClaim. type: string type: object type: object type: array volumeMounts: - description: VolumeMounts specifies the mount - for the volumes specified in `Volumes` section items: - description: VolumeMount describes a mounting - of a Volume within a container. properties: mountPath: - description: Path within the container - at which the volume should be mounted. Must - not contain ':'. type: string mountPropagation: - description: mountPropagation determines - how mounts are propagated from the - host to container and the other way - around. When not set, MountPropagationNone - is used. This field is beta in 1.10. - When RecursiveReadOnly is set to IfPossible - or to Enabled, MountPropagation must - be None or unspecified (which defaults - to None). type: string name: - description: This must match the Name - of a Volume. type: string readOnly: - description: Mounted read-only if true, - read-write otherwise (false or unspecified). - Defaults to false. type: boolean recursiveReadOnly: - description: "RecursiveReadOnly specifies - whether read-only mounts should be - handled recursively. \n If ReadOnly - is false, this field has no meaning - and must be unspecified. \n If ReadOnly - is true, and this field is set to - Disabled, the mount is not made recursively - read-only. If this field is set to - IfPossible, the mount is made recursively - read-only, if it is supported by the - container runtime. If this field - is set to Enabled, the mount is made - recursively read-only if it is supported - by the container runtime, otherwise - the pod will not be started and an - error will be generated to indicate - the reason. \n If this field is set - to IfPossible or Enabled, MountPropagation - must be set to None (or be unspecified, - which defaults to None). \n If this - field is not specified, it is treated - as an equivalent of Disabled." type: string subPath: - description: Path within the volume - from which the container's volume - should be mounted. Defaults to "" - (volume's root). type: string subPathExpr: - description: Expanded path within the - volume from which the container's - volume should be mounted. Behaves - similarly to SubPath but environment - variable references $(VAR_NAME) are - expanded using the container's environment. - Defaults to "" (volume's root). SubPathExpr - and SubPath are mutually exclusive. type: string required: - mountPath @@ -12935,318 +4365,109 @@ spec: type: object type: array volumes: - description: Volumes indicates the list of - volumes of targeted application that should - be mounted on the backup/restore job. items: - description: Volume represents a named volume - in a pod that may be accessed by any container - in the pod. properties: awsElasticBlockStore: - description: 'awsElasticBlockStore represents - an AWS Disk resource that is attached - to a kubelet''s host machine and then - exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' properties: fsType: - description: 'fsType is the filesystem - type of the volume that you want - to mount. Tip: Ensure that the - filesystem type is supported by - the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors - in the filesystem from compromising - the machine' type: string partition: - description: 'partition is the partition - in the volume that you want to - mount. If omitted, the default - is to mount by volume name. Examples: - For volume /dev/sda1, you specify - the partition as "1". Similarly, - the volume partition for /dev/sda - is "0" (or you can leave the property - empty).' format: int32 type: integer readOnly: - description: 'readOnly value true - will force the readOnly setting - in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: boolean volumeID: - description: 'volumeID is unique - ID of the persistent disk resource - in AWS (Amazon EBS volume). More - info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: string required: - volumeID type: object azureDisk: - description: azureDisk represents an - Azure Data Disk mount on the host - and bind mount to the pod. properties: cachingMode: - description: 'cachingMode is the - Host Caching mode: None, Read - Only, Read Write.' type: string diskName: - description: diskName is the Name - of the data disk in the blob storage type: string diskURI: - description: diskURI is the URI - of data disk in the blob storage type: string fsType: - description: fsType is Filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. type: string kind: - description: 'kind expected values - are Shared: multiple blob disks - per storage account Dedicated: - single blob disk per storage account Managed: - azure managed data disk (only - in managed availability set). - defaults to shared' type: string readOnly: - description: readOnly Defaults to - false (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. type: boolean required: - diskName - diskURI type: object azureFile: - description: azureFile represents an - Azure File Service mount on the host - and bind mount to the pod. properties: readOnly: - description: readOnly defaults to - false (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. type: boolean secretName: - description: secretName is the name - of secret that contains Azure - Storage Account Name and Key type: string shareName: - description: shareName is the azure - share Name type: string required: - secretName - shareName type: object cephfs: - description: cephFS represents a Ceph - FS mount on the host that shares a - pod's lifetime properties: monitors: - description: 'monitors is Required: - Monitors is a collection of Ceph - monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' items: type: string type: array x-kubernetes-list-type: atomic path: - description: 'path is Optional: - Used as the mounted root, rather - than the full Ceph tree, default - is /' type: string readOnly: - description: 'readOnly is Optional: - Defaults to false (read/write). - ReadOnly here will force the ReadOnly - setting in VolumeMounts. More - info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: boolean secretFile: - description: 'secretFile is Optional: - SecretFile is the path to key - ring for User, default is /etc/ceph/user.secret - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string secretRef: - description: 'secretRef is Optional: - SecretRef is reference to the - authentication secret for User, - default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' properties: name: default: "" - description: 'Name of the referent. - This field is effectively - required, but due to backwards - compatibility is allowed to - be empty. Instances of this - type with an empty value here - are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is optional: - User is the rados user name, default - is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string required: - monitors type: object cinder: - description: 'cinder represents a cinder - volume attached and mounted on kubelets - host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' properties: fsType: - description: 'fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to - be "ext4" if unspecified. More - info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string readOnly: - description: 'readOnly defaults - to false (read/write). ReadOnly - here will force the ReadOnly setting - in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: boolean secretRef: - description: 'secretRef is optional: - points to a secret object containing - parameters used to connect to - OpenStack.' properties: name: default: "" - description: 'Name of the referent. - This field is effectively - required, but due to backwards - compatibility is allowed to - be empty. Instances of this - type with an empty value here - are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic volumeID: - description: 'volumeID used to identify - the volume in cinder. More info: - https://examples.k8s.io/mysql-cinder-pd/README.md' type: string required: - volumeID type: object configMap: - description: configMap represents a - configMap that should populate this - volume properties: defaultMode: - description: 'defaultMode is optional: - mode bits used to set permissions - on created files by default. Must - be an octal value between 0000 - and 0777 or a decimal value between - 0 and 511. YAML accepts both octal - and decimal values, JSON requires - decimal values for mode bits. - Defaults to 0644. Directories - within the path are not affected - by this setting. This might be - in conflict with other options - that affect the file mode, like - fsGroup, and the result can be - other mode bits set.' format: int32 type: integer items: - description: items if unspecified, - each key-value pair in the Data - field of the referenced ConfigMap - will be projected into the volume - as a file whose name is the key - and content is the value. If specified, - the listed keys will be projected - into the specified paths, and - unlisted keys will not be present. - If a key is specified which is - not present in the ConfigMap, - the volume setup will error unless - it is marked optional. Paths must - be relative and may not contain - the '..' path or start with '..'. items: - description: Maps a string key - to a path within a volume. properties: key: - description: key is the key - to project. type: string mode: - description: 'mode is Optional: - mode bits used to set permissions - on this file. Must be an - octal value between 0000 - and 0777 or a decimal value - between 0 and 511. YAML - accepts both octal and decimal - values, JSON requires decimal - values for mode bits. If - not specified, the volume - defaultMode will be used. - This might be in conflict - with other options that - affect the file mode, like - fsGroup, and the result - can be other mode bits set.' format: int32 type: integer path: - description: path is the relative - path of the file to map - the key to. May not be an - absolute path. May not contain - the path element '..'. May - not start with the string - '..'. type: string required: - key @@ -13256,207 +4477,67 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional specify whether - the ConfigMap or its keys must - be defined type: boolean type: object x-kubernetes-map-type: atomic csi: - description: csi (Container Storage - Interface) represents ephemeral storage - that is handled by certain external - CSI drivers (Beta feature). properties: driver: - description: driver is the name - of the CSI driver that handles - this volume. Consult with your - admin for the correct name as - registered in the cluster. type: string fsType: - description: fsType to mount. Ex. - "ext4", "xfs", "ntfs". If not - provided, the empty value is passed - to the associated CSI driver which - will determine the default filesystem - to apply. type: string nodePublishSecretRef: - description: nodePublishSecretRef - is a reference to the secret object - containing sensitive information - to pass to the CSI driver to complete - the CSI NodePublishVolume and - NodeUnpublishVolume calls. This - field is optional, and may be - empty if no secret is required. - If the secret object contains - more than one secret, all secret - references are passed. properties: name: default: "" - description: 'Name of the referent. - This field is effectively - required, but due to backwards - compatibility is allowed to - be empty. Instances of this - type with an empty value here - are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic readOnly: - description: readOnly specifies - a read-only configuration for - the volume. Defaults to false - (read/write). type: boolean volumeAttributes: additionalProperties: type: string - description: volumeAttributes stores - driver-specific properties that - are passed to the CSI driver. - Consult your driver's documentation - for supported values. type: object required: - driver type: object downwardAPI: - description: downwardAPI represents - downward API about the pod that should - populate this volume properties: defaultMode: - description: 'Optional: mode bits - to use on created files by default. - Must be a Optional: mode bits - used to set permissions on created - files by default. Must be an octal - value between 0000 and 0777 or - a decimal value between 0 and - 511. YAML accepts both octal and - decimal values, JSON requires - decimal values for mode bits. - Defaults to 0644. Directories - within the path are not affected - by this setting. This might be - in conflict with other options - that affect the file mode, like - fsGroup, and the result can be - other mode bits set.' format: int32 type: integer items: - description: Items is a list of - downward API volume file items: - description: DownwardAPIVolumeFile - represents information to create - the file containing the pod - field properties: fieldRef: - description: 'Required: Selects - a field of the pod: only - annotations, labels, name, - namespace and uid are supported.' properties: apiVersion: - description: Version of - the schema the FieldPath - is written in terms - of, defaults to "v1". type: string fieldPath: - description: Path of the - field to select in the - specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: mode - bits used to set permissions - on this file, must be an - octal value between 0000 - and 0777 or a decimal value - between 0 and 511. YAML - accepts both octal and decimal - values, JSON requires decimal - values for mode bits. If - not specified, the volume - defaultMode will be used. - This might be in conflict - with other options that - affect the file mode, like - fsGroup, and the result - can be other mode bits set.' format: int32 type: integer path: - description: 'Required: Path - is the relative path name - of the file to be created. - Must not be absolute or - contain the ''..'' path. - Must be utf-8 encoded. The - first item of the relative - path must not start with - ''..''' type: string resourceFieldRef: - description: 'Selects a resource - of the container: only resources - limits and requests (limits.cpu, - limits.memory, requests.cpu - and requests.memory) are - currently supported.' properties: containerName: - description: 'Container - name: required for volumes, - optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies - the output format of - the exposed resources, - defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: - resource to select' type: string required: - resource @@ -13469,279 +4550,50 @@ spec: x-kubernetes-list-type: atomic type: object emptyDir: - description: 'emptyDir represents a - temporary directory that shares a - pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' properties: medium: - description: 'medium represents - what type of storage medium should - back this directory. The default - is "" which means to use the node''s - default medium. Must be an empty - string (default) or Memory. More - info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: anyOf: - type: integer - type: string - description: 'sizeLimit is the total - amount of local storage required - for this EmptyDir volume. The - size limit is also applicable - for memory medium. The maximum - usage on memory medium EmptyDir - would be the minimum value between - the SizeLimit specified here and - the sum of memory limits of all - containers in a pod. The default - is nil which means that the limit - is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object ephemeral: - description: "ephemeral represents a - volume that is handled by a cluster - storage driver. The volume's lifecycle - is tied to the pod that defines it - - it will be created before the pod - starts, and deleted when the pod is - removed. \n Use this if: a) the volume - is only needed while the pod runs, - b) features of normal volumes like - restoring from snapshot or capacity - tracking are needed, c) the storage - driver is specified through a storage - class, and d) the storage driver supports - dynamic volume provisioning through - a PersistentVolumeClaim (see EphemeralVolumeSource - for more information on the connection - between this volume type and PersistentVolumeClaim). - \n Use PersistentVolumeClaim or one - of the vendor-specific APIs for volumes - that persist for longer than the lifecycle - of an individual pod. \n Use CSI for - light-weight local ephemeral volumes - if the CSI driver is meant to be used - that way - see the documentation of - the driver for more information. \n - A pod can use both types of ephemeral - volumes and persistent volumes at - the same time." properties: volumeClaimTemplate: - description: "Will be used to create - a stand-alone PVC to provision - the volume. The pod in which this - EphemeralVolumeSource is embedded - will be the owner of the PVC, - i.e. the PVC will be deleted together - with the pod. The name of the - PVC will be `-` where `` is - the name from the `PodSpec.Volumes` - array entry. Pod validation will - reject the pod if the concatenated - name is not valid for a PVC (for - example, too long). \n An existing - PVC with that name that is not - owned by the pod will *not* be - used for the pod to avoid using - an unrelated volume by mistake. - Starting the pod is then blocked - until the unrelated PVC is removed. - If such a pre-created PVC is meant - to be used by the pod, the PVC - has to updated with an owner reference - to the pod once the pod exists. - Normally this should not be necessary, - but it may be useful when manually - reconstructing a broken cluster. - \n This field is read-only and - no changes will be made by Kubernetes - to the PVC after it has been created. - \n Required, must not be nil." properties: metadata: - description: May contain labels - and annotations that will - be copied into the PVC when - creating it. No other fields - are allowed and will be rejected - during validation. properties: annotations: additionalProperties: type: string - description: 'Annotations - is an unstructured key - value map stored with - a resource that may be - set by external tools - to store and retrieve - arbitrary metadata. They - are not queryable and - should be preserved when - modifying objects. More - info: http://kubernetes.io/docs/user-guide/annotations' type: object generateName: - description: "GenerateName - is an optional prefix, - used by the server, to - generate a unique name - ONLY IF the Name field - has not been provided. - If this field is used, - the name returned to the - client will be different - than the name passed. - This value will also be - combined with a unique - suffix. The provided value - has the same validation - rules as the Name field, - and may be truncated by - the length of the suffix - required to make the value - unique on the server. - \n If this field is specified - and the generated name - exists, the server will - NOT return a 409 - instead, - it will either return - 201 Created or 500 with - Reason ServerTimeout indicating - a unique name could not - be found in the time allotted, - and the client should - retry (optionally after - the time indicated in - the Retry-After header). - \n Applied only if Name - is not specified. More - info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" type: string labels: additionalProperties: type: string - description: 'Map of string - keys and values that can - be used to organize and - categorize (scope and - select) objects. May match - selectors of replication - controllers and services. - More info: http://kubernetes.io/docs/user-guide/labels' type: object name: - description: 'Name must - be unique within a namespace. - Is required when creating - resources, although some - resources may allow a - client to request the - generation of an appropriate - name automatically. Name - is primarily intended - for creation idempotence - and configuration definition. - Cannot be updated. More - info: http://kubernetes.io/docs/user-guide/identifiers#names' type: string namespace: - description: "Namespace - defines the space within - each name must be unique. - An empty namespace is - equivalent to the \"default\" - namespace, but \"default\" - is the canonical representation. - Not all objects are required - to be scoped to a namespace - - the value of this field - for those objects will - be empty. \n Must be a - DNS_LABEL. Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/namespaces" type: string ownerReferences: - description: List of objects - depended by this object. - If ALL objects in the - list have been deleted, - this object will be garbage - collected. If this object - is managed by a controller, - then an entry in this - list will point to this - controller, with the controller - field set to true. There - cannot be more than one - managing controller. items: - description: OwnerReference - contains enough information - to let you identify - an owning object. An - owning object must be - in the same namespace - as the dependent, or - be cluster-scoped, so - there is no namespace - field. properties: apiVersion: - description: API version - of the referent. type: string blockOwnerDeletion: - description: If true, - AND if the owner - has the "foregroundDeletion" - finalizer, then - the owner cannot - be deleted from - the key-value store - until this reference - is removed. See - https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion - for how the garbage - collector interacts - with this field - and enforces the - foreground deletion. - Defaults to false. - To set this field, - a user needs "delete" - permission of the - owner, otherwise - 422 (Unprocessable - Entity) will be - returned. type: boolean controller: - description: If true, - this reference points - to the managing - controller. type: boolean kind: - description: 'Kind - of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string name: - description: 'Name - of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: - description: 'UID - of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -13753,70 +4605,19 @@ spec: type: array type: object spec: - description: The specification - for the PersistentVolumeClaim. - The entire content is copied - unchanged into the PVC that - gets created from this template. - The same fields as in a PersistentVolumeClaim - are also valid here. properties: accessModes: - description: 'accessModes - contains the desired access - modes the volume should - have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array x-kubernetes-list-type: atomic dataSource: - description: 'dataSource - field can be used to specify - either: * An existing - VolumeSnapshot object - (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or - an external controller - can support the specified - data source, it will create - a new volume based on - the contents of the specified - data source. When the - AnyVolumeDataSource feature - gate is enabled, dataSource - contents will be copied - to dataSourceRef, and - dataSourceRef contents - will be copied to dataSource - when dataSourceRef.namespace - is not specified. If the - namespace is specified, - then dataSourceRef will - not be copied to dataSource.' properties: apiGroup: - description: APIGroup - is the group for the - resource being referenced. - If APIGroup is not - specified, the specified - Kind must be in the - core API group. For - any other third-party - types, APIGroup is - required. type: string kind: - description: Kind is - the type of resource - being referenced type: string name: - description: Name is - the name of resource - being referenced type: string required: - kind @@ -13824,125 +4625,20 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef - specifies the object from - which to populate the - volume with data, if a - non-empty volume is desired. - This may be any object - from a non-empty API group - (non core object) or a - PersistentVolumeClaim - object. When this field - is specified, volume binding - will only succeed if the - type of the specified - object matches some installed - volume populator or dynamic - provisioner. This field - will replace the functionality - of the dataSource field - and as such if both fields - are non-empty, they must - have the same value. For - backwards compatibility, - when namespace isn''t - specified in dataSourceRef, - both fields (dataSource - and dataSourceRef) will - be set to the same value - automatically if one of - them is empty and the - other is non-empty. When - namespace is specified - in dataSourceRef, dataSource - isn''t set to the same - value and must be empty. - There are three important - differences between dataSource - and dataSourceRef: * While - dataSource only allows - two specific types of - objects, dataSourceRef - allows any non-core object, - as well as PersistentVolumeClaim - objects. * While dataSource - ignores disallowed values - (dropping them), dataSourceRef - preserves all values, - and generates an error - if a disallowed value - is specified. * While - dataSource only allows - local objects, dataSourceRef - allows objects in any - namespaces. (Beta) Using - this field requires the - AnyVolumeDataSource feature - gate to be enabled. (Alpha) - Using the namespace field - of dataSourceRef requires - the CrossNamespaceVolumeDataSource - feature gate to be enabled.' properties: apiGroup: - description: APIGroup - is the group for the - resource being referenced. - If APIGroup is not - specified, the specified - Kind must be in the - core API group. For - any other third-party - types, APIGroup is - required. type: string kind: - description: Kind is - the type of resource - being referenced type: string name: - description: Name is - the name of resource - being referenced type: string namespace: - description: Namespace - is the namespace of - resource being referenced - Note that when a namespace - is specified, a gateway.networking.k8s.io/ReferenceGrant - object is required - in the referent namespace - to allow that namespace's - owner to accept the - reference. See the - ReferenceGrant documentation - for details. (Alpha) - This field requires - the CrossNamespaceVolumeDataSource - feature gate to be - enabled. type: string required: - kind - name type: object resources: - description: 'resources - represents the minimum - resources the volume should - have. If RecoverVolumeExpansionFailure - feature is enabled users - are allowed to specify - resource requirements - that are lower than previous - value but must still be - higher than capacity recorded - in the status field of - the claim. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: @@ -13951,11 +4647,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits - describes the maximum - amount of compute - resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -13964,75 +4655,18 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests - describes the minimum - amount of compute - resources required. - If Requests is omitted - for a container, it - defaults to Limits - if that is explicitly - specified, otherwise - to an implementation-defined - value. Requests cannot - exceed Limits. More - info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: - description: selector is - a label query over volumes - to consider for binding. properties: matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements are - ANDed. items: - description: A label - selector requirement - is a selector that - contains values, - a key, and an operator - that relates the - key and values. properties: key: - description: key - is the label - key that the - selector applies - to. type: string operator: - description: operator - represents a - key's relationship - to a set of - values. Valid - operators are - In, NotIn, Exists - and DoesNotExist. type: string values: - description: values - is an array - of string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or - DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic - merge patch. items: type: string type: array @@ -14046,79 +4680,16 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels - map is equivalent - to an element of matchExpressions, - whose key field is - "key", the operator - is "In", and the values - array contains only - "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName - is the name of the StorageClass - required by the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeAttributesClassName: - description: 'volumeAttributesClassName - may be used to set the - VolumeAttributesClass - used by this claim. If - specified, the CSI driver - will create or update - the volume with the attributes - defined in the corresponding - VolumeAttributesClass. - This has a different purpose - than storageClassName, - it can be changed after - the claim is created. - An empty string value - means that no VolumeAttributesClass - will be applied to the - claim but it''s not allowed - to reset this field to - empty string once it is - set. If unspecified and - the PersistentVolumeClaim - is unbound, the default - VolumeAttributesClass - will be set by the persistentvolume - controller if it exists. - If the resource referred - to by volumeAttributesClass - does not exist, this PersistentVolumeClaim - will be set to a Pending - state, as reflected by - the modifyVolumeStatus - field, until such as a - resource exists. More - info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field - requires the VolumeAttributesClass - feature gate to be enabled.' type: string volumeMode: - description: volumeMode - defines what type of volume - is required by the claim. - Value of Filesystem is - implied when not included - in claim spec. type: string volumeName: - description: volumeName - is the binding reference - to the PersistentVolume - backing this claim. type: string type: object required: @@ -14126,107 +4697,41 @@ spec: type: object type: object fc: - description: fc represents a Fibre Channel - resource that is attached to a kubelet's - host machine and then exposed to the - pod. properties: fsType: - description: 'fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. TODO: how do we - prevent errors in the filesystem - from compromising the machine' type: string lun: - description: 'lun is Optional: FC - target lun number' format: int32 type: integer readOnly: - description: 'readOnly is Optional: - Defaults to false (read/write). - ReadOnly here will force the ReadOnly - setting in VolumeMounts.' type: boolean targetWWNs: - description: 'targetWWNs is Optional: - FC target worldwide names (WWNs)' items: type: string type: array x-kubernetes-list-type: atomic wwids: - description: 'wwids Optional: FC - volume world wide identifiers - (wwids) Either wwids or combination - of targetWWNs and lun must be - set, but not both simultaneously.' items: type: string type: array x-kubernetes-list-type: atomic type: object flexVolume: - description: flexVolume represents a - generic volume resource that is provisioned/attached - using an exec based plugin. properties: driver: - description: driver is the name - of the driver to use for this - volume. type: string fsType: - description: fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - The default filesystem depends - on FlexVolume script. type: string options: additionalProperties: type: string - description: 'options is Optional: - this field holds extra command - options if any.' type: object readOnly: - description: 'readOnly is Optional: - defaults to false (read/write). - ReadOnly here will force the ReadOnly - setting in VolumeMounts.' type: boolean secretRef: - description: 'secretRef is Optional: - secretRef is reference to the - secret object containing sensitive - information to pass to the plugin - scripts. This may be empty if - no secret object is specified. - If the secret object contains - more than one secret, all secrets - are passed to the plugin scripts.' properties: name: default: "" - description: 'Name of the referent. - This field is effectively - required, but due to backwards - compatibility is allowed to - be empty. Instances of this - type with an empty value here - are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic @@ -14234,219 +4739,79 @@ spec: - driver type: object flocker: - description: flocker represents a Flocker - volume attached to a kubelet's host - machine. This depends on the Flocker - control service being running properties: datasetName: - description: datasetName is Name - of the dataset stored as metadata - -> name on the dataset for Flocker - should be considered as deprecated type: string datasetUUID: - description: datasetUUID is the - UUID of the dataset. This is unique - identifier of a Flocker dataset type: string type: object gcePersistentDisk: - description: 'gcePersistentDisk represents - a GCE Disk resource that is attached - to a kubelet''s host machine and then - exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' properties: fsType: - description: 'fsType is filesystem - type of the volume that you want - to mount. Tip: Ensure that the - filesystem type is supported by - the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors - in the filesystem from compromising - the machine' type: string partition: - description: 'partition is the partition - in the volume that you want to - mount. If omitted, the default - is to mount by volume name. Examples: - For volume /dev/sda1, you specify - the partition as "1". Similarly, - the volume partition for /dev/sda - is "0" (or you can leave the property - empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' format: int32 type: integer pdName: - description: 'pdName is unique name - of the PD resource in GCE. Used - to identify the disk in GCE. More - info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: string readOnly: - description: 'readOnly here will - force the ReadOnly setting in - VolumeMounts. Defaults to false. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: boolean required: - pdName type: object glusterfs: - description: 'glusterfs represents a - Glusterfs mount on the host that shares - a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' properties: endpoints: - description: 'endpoints is the endpoint - name that details Glusterfs topology. - More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string path: - description: 'path is the Glusterfs - volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string readOnly: - description: 'readOnly here will - force the Glusterfs volume to - be mounted with read-only permissions. - Defaults to false. More info: - https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: boolean required: - endpoints - path type: object hostPath: - description: 'hostPath represents a - pre-existing file or directory on - the host machine that is directly - exposed to the container. This is - generally used for system agents or - other privileged things that are allowed - to see the host machine. Most containers - will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict - who can use host directory mounts - and who can/can not mount host directories - as read/write.' properties: path: - description: 'path of the directory - on the host. If the path is a - symlink, it will follow the link - to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string type: - description: 'type for HostPath - Volume Defaults to "" More info: - https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string required: - path type: object iscsi: - description: 'iscsi represents an ISCSI - Disk resource that is attached to - a kubelet''s host machine and then - exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' properties: chapAuthDiscovery: - description: chapAuthDiscovery defines - whether support iSCSI Discovery - CHAP authentication type: boolean chapAuthSession: - description: chapAuthSession defines - whether support iSCSI Session - CHAP authentication type: boolean fsType: - description: 'fsType is the filesystem - type of the volume that you want - to mount. Tip: Ensure that the - filesystem type is supported by - the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors - in the filesystem from compromising - the machine' type: string initiatorName: - description: initiatorName is the - custom iSCSI Initiator Name. If - initiatorName is specified with - iscsiInterface simultaneously, - new iSCSI interface : will be created for the - connection. type: string iqn: - description: iqn is the target iSCSI - Qualified Name. type: string iscsiInterface: - description: iscsiInterface is the - interface Name that uses an iSCSI - transport. Defaults to 'default' - (tcp). type: string lun: - description: lun represents iSCSI - Target Lun number. format: int32 type: integer portals: - description: portals is the iSCSI - Target Portal List. The portal - is either an IP or ip_addr:port - if the port is other than default - (typically TCP ports 860 and 3260). items: type: string type: array x-kubernetes-list-type: atomic readOnly: - description: readOnly here will - force the ReadOnly setting in - VolumeMounts. Defaults to false. type: boolean secretRef: - description: secretRef is the CHAP - Secret for iSCSI target and initiator - authentication properties: name: default: "" - description: 'Name of the referent. - This field is effectively - required, but due to backwards - compatibility is allowed to - be empty. Instances of this - type with an empty value here - are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic targetPortal: - description: targetPortal is iSCSI - Target Portal. The Portal is either - an IP or ip_addr:port if the port - is other than default (typically - TCP ports 860 and 3260). type: string required: - iqn @@ -14454,226 +4819,68 @@ spec: - targetPortal type: object name: - description: 'name of the volume. Must - be a DNS_LABEL and unique within the - pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string nfs: - description: 'nfs represents an NFS - mount on the host that shares a pod''s - lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' properties: path: - description: 'path that is exported - by the NFS server. More info: - https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string readOnly: - description: 'readOnly here will - force the NFS export to be mounted - with read-only permissions. Defaults - to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: boolean server: - description: 'server is the hostname - or IP address of the NFS server. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string required: - path - server type: object persistentVolumeClaim: - description: 'persistentVolumeClaimVolumeSource - represents a reference to a PersistentVolumeClaim - in the same namespace. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: claimName: - description: 'claimName is the name - of a PersistentVolumeClaim in - the same namespace as the pod - using this volume. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' type: string readOnly: - description: readOnly Will force - the ReadOnly setting in VolumeMounts. - Default false. type: boolean required: - claimName type: object photonPersistentDisk: - description: photonPersistentDisk represents - a PhotonController persistent disk - attached and mounted on kubelets host - machine properties: fsType: - description: fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. type: string pdID: - description: pdID is the ID that - identifies Photon Controller persistent - disk type: string required: - pdID type: object portworxVolume: - description: portworxVolume represents - a portworx volume attached and mounted - on kubelets host machine properties: fsType: - description: fSType represents the - filesystem type to mount Must - be a filesystem type supported - by the host operating system. - Ex. "ext4", "xfs". Implicitly - inferred to be "ext4" if unspecified. type: string readOnly: - description: readOnly defaults to - false (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. type: boolean volumeID: - description: volumeID uniquely identifies - a Portworx volume type: string required: - volumeID type: object projected: - description: projected items for all - in one resources secrets, configmaps, - and downward API properties: defaultMode: - description: defaultMode are the - mode bits used to set permissions - on created files by default. Must - be an octal value between 0000 - and 0777 or a decimal value between - 0 and 511. YAML accepts both octal - and decimal values, JSON requires - decimal values for mode bits. - Directories within the path are - not affected by this setting. - This might be in conflict with - other options that affect the - file mode, like fsGroup, and the - result can be other mode bits - set. format: int32 type: integer sources: - description: sources is the list - of volume projections items: - description: Projection that may - be projected along with other - supported volume types properties: clusterTrustBundle: - description: "ClusterTrustBundle - allows a pod to access the - `.spec.trustBundle` field - of ClusterTrustBundle objects - in an auto-updating file. - \n Alpha, gated by the ClusterTrustBundleProjection - feature gate. \n ClusterTrustBundle - objects can either be selected - by name, or by the combination - of signer name and a label - selector. \n Kubelet performs - aggressive normalization - of the PEM contents written - into the pod filesystem. - \ Esoteric PEM features - such as inter-block comments - and block headers are stripped. - \ Certificates are deduplicated. - The ordering of certificates - within the file is arbitrary, - and Kubelet may change the - order over time." properties: labelSelector: - description: Select all - ClusterTrustBundles - that match this label - selector. Only has - effect if signerName - is set. Mutually-exclusive - with name. If unset, - interpreted as "match - nothing". If set but - empty, interpreted as - "match everything". properties: matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements - are ANDed. items: - description: A label - selector requirement - is a selector - that contains - values, a key, - and an operator - that relates the - key and values. properties: key: - description: key - is the label - key that the - selector applies - to. type: string operator: - description: operator - represents - a key's relationship - to a set of - values. Valid - operators - are In, NotIn, - Exists and - DoesNotExist. type: string values: - description: values - is an array - of string - values. If - the operator - is In or NotIn, - the values - array must - be non-empty. - If the operator - is Exists - or DoesNotExist, - the values - array must - be empty. - This array - is replaced - during a strategic - merge patch. items: type: string type: array @@ -14687,142 +4894,31 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single - {key,value} in the - matchLabels map - is equivalent to - an element of matchExpressions, - whose key field - is "key", the operator - is "In", and the - values array contains - only "value". The - requirements are - ANDed. type: object type: object x-kubernetes-map-type: atomic name: - description: Select a - single ClusterTrustBundle - by object name. Mutually-exclusive - with signerName and - labelSelector. type: string optional: - description: If true, - don't block pod startup - if the referenced ClusterTrustBundle(s) - aren't available. If - using name, then the - named ClusterTrustBundle - is allowed not to exist. If - using signerName, then - the combination of signerName - and labelSelector is - allowed to match zero - ClusterTrustBundles. type: boolean path: - description: Relative - path from the volume - root to write the bundle. type: string signerName: - description: Select all - ClusterTrustBundles - that match this signer - name. Mutually-exclusive - with name. The contents - of all selected ClusterTrustBundles - will be unified and - deduplicated. type: string required: - path type: object configMap: - description: configMap information - about the configMap data - to project properties: items: - description: items if - unspecified, each key-value - pair in the Data field - of the referenced ConfigMap - will be projected into - the volume as a file - whose name is the key - and content is the value. - If specified, the listed - keys will be projected - into the specified paths, - and unlisted keys will - not be present. If a - key is specified which - is not present in the - ConfigMap, the volume - setup will error unless - it is marked optional. - Paths must be relative - and may not contain - the '..' path or start - with '..'. items: - description: Maps a - string key to a path - within a volume. properties: key: - description: key - is the key to - project. type: string mode: - description: 'mode - is Optional: mode - bits used to set - permissions on - this file. Must - be an octal value - between 0000 and - 0777 or a decimal - value between - 0 and 511. YAML - accepts both octal - and decimal values, - JSON requires - decimal values - for mode bits. - If not specified, - the volume defaultMode - will be used. - This might be - in conflict with - other options - that affect the - file mode, like - fsGroup, and the - result can be - other mode bits - set.' format: int32 type: integer path: - description: path - is the relative - path of the file - to map the key - to. May not be - an absolute path. - May not contain - the path element - '..'. May not - start with the - string '..'. type: string required: - key @@ -14832,155 +4928,42 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of - the referent. This field - is effectively required, - but due to backwards - compatibility is allowed - to be empty. Instances - of this type with an - empty value here are - almost certainly wrong. - TODO: Add other useful - fields. apiVersion, - kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional - specify whether the - ConfigMap or its keys - must be defined type: boolean type: object x-kubernetes-map-type: atomic downwardAPI: - description: downwardAPI information - about the downwardAPI data - to project properties: items: - description: Items is - a list of DownwardAPIVolume - file items: - description: DownwardAPIVolumeFile - represents information - to create the file - containing the pod - field properties: fieldRef: - description: 'Required: - Selects a field - of the pod: only - annotations, labels, - name, namespace - and uid are supported.' properties: apiVersion: - description: Version - of the schema - the FieldPath - is written - in terms of, - defaults to - "v1". type: string fieldPath: - description: Path - of the field - to select - in the specified - API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: - mode bits used - to set permissions - on this file, - must be an octal - value between - 0000 and 0777 - or a decimal value - between 0 and - 511. YAML accepts - both octal and - decimal values, - JSON requires - decimal values - for mode bits. - If not specified, - the volume defaultMode - will be used. - This might be - in conflict with - other options - that affect the - file mode, like - fsGroup, and the - result can be - other mode bits - set.' format: int32 type: integer path: - description: 'Required: - Path is the relative - path name of the - file to be created. - Must not be absolute - or contain the - ''..'' path. Must - be utf-8 encoded. - The first item - of the relative - path must not - start with ''..''' type: string resourceFieldRef: - description: 'Selects - a resource of - the container: - only resources - limits and requests - (limits.cpu, limits.memory, - requests.cpu and - requests.memory) - are currently - supported.' properties: containerName: - description: 'Container - name: required - for volumes, - optional for - env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies - the output - format of - the exposed - resources, - defaults to - "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: - resource to - select' type: string required: - resource @@ -14993,85 +4976,16 @@ spec: x-kubernetes-list-type: atomic type: object secret: - description: secret information - about the secret data to - project properties: items: - description: items if - unspecified, each key-value - pair in the Data field - of the referenced Secret - will be projected into - the volume as a file - whose name is the key - and content is the value. - If specified, the listed - keys will be projected - into the specified paths, - and unlisted keys will - not be present. If a - key is specified which - is not present in the - Secret, the volume setup - will error unless it - is marked optional. - Paths must be relative - and may not contain - the '..' path or start - with '..'. items: - description: Maps a - string key to a path - within a volume. properties: key: - description: key - is the key to - project. type: string mode: - description: 'mode - is Optional: mode - bits used to set - permissions on - this file. Must - be an octal value - between 0000 and - 0777 or a decimal - value between - 0 and 511. YAML - accepts both octal - and decimal values, - JSON requires - decimal values - for mode bits. - If not specified, - the volume defaultMode - will be used. - This might be - in conflict with - other options - that affect the - file mode, like - fsGroup, and the - result can be - other mode bits - set.' format: int32 type: integer path: - description: path - is the relative - path of the file - to map the key - to. May not be - an absolute path. - May not contain - the path element - '..'. May not - start with the - string '..'. type: string required: - key @@ -15081,76 +4995,19 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of - the referent. This field - is effectively required, - but due to backwards - compatibility is allowed - to be empty. Instances - of this type with an - empty value here are - almost certainly wrong. - TODO: Add other useful - fields. apiVersion, - kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional - field specify whether - the Secret or its key - must be defined type: boolean type: object x-kubernetes-map-type: atomic serviceAccountToken: - description: serviceAccountToken - is information about the - serviceAccountToken data - to project properties: audience: - description: audience - is the intended audience - of the token. A recipient - of a token must identify - itself with an identifier - specified in the audience - of the token, and otherwise - should reject the token. - The audience defaults - to the identifier of - the apiserver. type: string expirationSeconds: - description: expirationSeconds - is the requested duration - of validity of the service - account token. As the - token approaches expiration, - the kubelet volume plugin - will proactively rotate - the service account - token. The kubelet will - start trying to rotate - the token if the token - is older than 80 percent - of its time to live - or if the token is older - than 24 hours.Defaults - to 1 hour and must be - at least 10 minutes. format: int64 type: integer path: - description: path is the - path relative to the - mount point of the file - to project the token - into. type: string required: - path @@ -15160,209 +5017,79 @@ spec: x-kubernetes-list-type: atomic type: object quobyte: - description: quobyte represents a Quobyte - mount on the host that shares a pod's - lifetime properties: group: - description: group to map volume - access to Default is no group type: string readOnly: - description: readOnly here will - force the Quobyte volume to be - mounted with read-only permissions. - Defaults to false. type: boolean registry: - description: registry represents - a single or multiple Quobyte Registry - services specified as a string - as host:port pair (multiple entries - are separated with commas) which - acts as the central registry for - volumes type: string tenant: - description: tenant owning the given - Quobyte volume in the Backend - Used with dynamically provisioned - Quobyte volumes, value is set - by the plugin type: string user: - description: user to map volume - access to Defaults to serivceaccount - user type: string volume: - description: volume is a string - that references an already created - Quobyte volume by name. type: string required: - registry - volume type: object rbd: - description: 'rbd represents a Rados - Block Device mount on the host that - shares a pod''s lifetime. More info: - https://examples.k8s.io/volumes/rbd/README.md' properties: fsType: - description: 'fsType is the filesystem - type of the volume that you want - to mount. Tip: Ensure that the - filesystem type is supported by - the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors - in the filesystem from compromising - the machine' type: string image: - description: 'image is the rados - image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string keyring: - description: 'keyring is the path - to key ring for RBDUser. Default - is /etc/ceph/keyring. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string monitors: - description: 'monitors is a collection - of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' items: type: string type: array x-kubernetes-list-type: atomic pool: - description: 'pool is the rados - pool name. Default is rbd. More - info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string readOnly: - description: 'readOnly here will - force the ReadOnly setting in - VolumeMounts. Defaults to false. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: boolean secretRef: - description: 'secretRef is name - of the authentication secret for - RBDUser. If provided overrides - keyring. Default is nil. More - info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' properties: name: default: "" - description: 'Name of the referent. - This field is effectively - required, but due to backwards - compatibility is allowed to - be empty. Instances of this - type with an empty value here - are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is the rados - user name. Default is admin. More - info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string required: - image - monitors type: object scaleIO: - description: scaleIO represents a ScaleIO - persistent volume attached and mounted - on Kubernetes nodes. properties: fsType: - description: fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Default is "xfs". type: string gateway: - description: gateway is the host - address of the ScaleIO API Gateway. type: string protectionDomain: - description: protectionDomain is - the name of the ScaleIO Protection - Domain for the configured storage. type: string readOnly: - description: readOnly Defaults to - false (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. type: boolean secretRef: - description: secretRef references - to the secret for ScaleIO user - and other sensitive information. - If this is not provided, Login - operation will fail. properties: name: default: "" - description: 'Name of the referent. - This field is effectively - required, but due to backwards - compatibility is allowed to - be empty. Instances of this - type with an empty value here - are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic sslEnabled: - description: sslEnabled Flag enable/disable - SSL communication with Gateway, - default false type: boolean storageMode: - description: storageMode indicates - whether the storage for a volume - should be ThickProvisioned or - ThinProvisioned. Default is ThinProvisioned. type: string storagePool: - description: storagePool is the - ScaleIO Storage Pool associated - with the protection domain. type: string system: - description: system is the name - of the storage system as configured - in ScaleIO. type: string volumeName: - description: volumeName is the name - of a volume already created in - the ScaleIO system that is associated - with this volume source. type: string required: - gateway @@ -15370,79 +5097,19 @@ spec: - system type: object secret: - description: 'secret represents a secret - that should populate this volume. - More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' properties: defaultMode: - description: 'defaultMode is Optional: - mode bits used to set permissions - on created files by default. Must - be an octal value between 0000 - and 0777 or a decimal value between - 0 and 511. YAML accepts both octal - and decimal values, JSON requires - decimal values for mode bits. - Defaults to 0644. Directories - within the path are not affected - by this setting. This might be - in conflict with other options - that affect the file mode, like - fsGroup, and the result can be - other mode bits set.' format: int32 type: integer items: - description: items If unspecified, - each key-value pair in the Data - field of the referenced Secret - will be projected into the volume - as a file whose name is the key - and content is the value. If specified, - the listed keys will be projected - into the specified paths, and - unlisted keys will not be present. - If a key is specified which is - not present in the Secret, the - volume setup will error unless - it is marked optional. Paths must - be relative and may not contain - the '..' path or start with '..'. items: - description: Maps a string key - to a path within a volume. properties: key: - description: key is the key - to project. type: string mode: - description: 'mode is Optional: - mode bits used to set permissions - on this file. Must be an - octal value between 0000 - and 0777 or a decimal value - between 0 and 511. YAML - accepts both octal and decimal - values, JSON requires decimal - values for mode bits. If - not specified, the volume - defaultMode will be used. - This might be in conflict - with other options that - affect the file mode, like - fsGroup, and the result - can be other mode bits set.' format: int32 type: integer path: - description: path is the relative - path of the file to map - the key to. May not be an - absolute path. May not contain - the path element '..'. May - not start with the string - '..'. type: string required: - key @@ -15451,111 +5118,37 @@ spec: type: array x-kubernetes-list-type: atomic optional: - description: optional field specify - whether the Secret or its keys - must be defined type: boolean secretName: - description: 'secretName is the - name of the secret in the pod''s - namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' type: string type: object storageos: - description: storageOS represents a - StorageOS volume attached and mounted - on Kubernetes nodes. properties: fsType: - description: fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. type: string readOnly: - description: readOnly defaults to - false (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. type: boolean secretRef: - description: secretRef specifies - the secret to use for obtaining - the StorageOS API credentials. If - not specified, default values - will be attempted. properties: name: default: "" - description: 'Name of the referent. - This field is effectively - required, but due to backwards - compatibility is allowed to - be empty. Instances of this - type with an empty value here - are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic volumeName: - description: volumeName is the human-readable - name of the StorageOS volume. Volume - names are only unique within a - namespace. type: string volumeNamespace: - description: volumeNamespace specifies - the scope of the volume within - StorageOS. If no namespace is - specified then the Pod's namespace - will be used. This allows the - Kubernetes name scoping to be - mirrored within StorageOS for - tighter integration. Set VolumeName - to any name to override the default - behaviour. Set to "default" if - you are not using namespaces within - StorageOS. Namespaces that do - not pre-exist within StorageOS - will be created. type: string type: object vsphereVolume: - description: vsphereVolume represents - a vSphere volume attached and mounted - on kubelets host machine properties: fsType: - description: fsType is filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. type: string storagePolicyID: - description: storagePolicyID is - the storage Policy Based Management - (SPBM) profile ID associated with - the StoragePolicyName. type: string storagePolicyName: - description: storagePolicyName is - the storage Policy Based Management - (SPBM) profile name. type: string volumePath: - description: volumePath is the path - that identifies vSphere volume - vmdk type: string required: - volumePath @@ -15566,143 +5159,61 @@ spec: type: array type: object variables: - description: Variables specifies a list of variables - and their sources that will be used to resolve - the task. items: - description: EnvVar represents an environment - variable present in a Container. properties: name: - description: Name of the environment variable. - Must be a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) - are expanded using the previously defined - environment variables in the container - and any service environment variables. - If a variable cannot be resolved, the - reference in the input string will be - unchanged. Double $$ are reduced to a - single $, which allows for escaping the - $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" - will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, - regardless of whether the variable exists - or not. Defaults to "".' type: string valueFrom: - description: Source for the environment - variable's value. Cannot be used if value - is not empty. properties: configMapKeyRef: - description: Selects a key of a ConfigMap. properties: key: - description: The key to select. type: string name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the - ConfigMap or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of the - pod: supports metadata.name, metadata.namespace, - `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, status.podIPs.' properties: apiVersion: - description: Version of the schema - the FieldPath is written in terms - of, defaults to "v1". type: string fieldPath: - description: Path of the field to - select in the specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource of - the container: only resources limits - and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' properties: containerName: - description: 'Container name: required - for volumes, optional for env - vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output - format of the exposed resources, - defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource - to select' type: string required: - resource type: object x-kubernetes-map-type: atomic secretKeyRef: - description: Selects a key of a secret - in the pod's namespace properties: key: - description: The key of the secret - to select from. Must be a valid - secret key. type: string name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the - Secret or its key must be defined type: boolean required: - key @@ -15717,233 +5228,97 @@ spec: type: array type: object backupTimeout: - description: BackupTimeout specifies the maximum duration - of backup. Backup will be considered Failed if backup - tasks do not complete within this time limit. By default, - KubeStash don't set any timeout for backup. type: string hooks: - description: Hooks specifies the backup hooks that should - be executed before and/or after the backup. properties: postBackup: - description: PostBackup specifies a list of hooks that - will be executed after backup items: - description: HookInfo specifies the information about - the backup/restore hooks properties: executionPolicy: default: Always - description: 'ExecutionPolicy specifies when to - execute the hook. Valid values are: - "Always": - KubeStash will execute this hook no matter the - backup/restore failed. This is the default execution - policy. - "OnSuccess": KubeStash will execute - this hook only if the backup/restore has succeeded. - - "OnFailure": KubeStash will execute this hook - only if the backup/restore has failed.' enum: - Always - OnSuccess - OnFailure type: string hookTemplate: - description: HookTemplate points to a HookTemplate - CR that will be used to execute the hook. You - can refer to a HookTemplate from other namespaces - as long as your current namespace is allowed - by the `usagePolicy` in the respective HookTemplate. properties: name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string required: - name type: object maxRetry: - description: MaxRetry specifies how many times - KubeStash should retry the hook execution in - case of failure. The default value of this field - is 0 which means no retry. format: int32 minimum: 0 type: integer name: - description: Name specifies a name for the hook type: string params: - description: Params specifies parameters for the - hook. You must provide the parameter in the - HookTemplates desired structure. type: object x-kubernetes-preserve-unknown-fields: true runtimeSettings: - description: RuntimeSettings specifies runtime - configurations for the hook executor Job. Use - this field only for `Function` type hook executor. properties: container: properties: env: - description: List of environment variables - to set in the container. Cannot be updated. items: - description: EnvVar represents an environment - variable present in a Container. properties: name: - description: Name of the environment - variable. Must be a C_IDENTIFIER. type: string value: - description: 'Variable references - $(VAR_NAME) are expanded using - the previously defined environment - variables in the container and - any service environment variables. - If a variable cannot be resolved, - the reference in the input string - will be unchanged. Double $$ are - reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: - i.e. "$$(VAR_NAME)" will produce - the string literal "$(VAR_NAME)". - Escaped references will never - be expanded, regardless of whether - the variable exists or not. Defaults - to "".' type: string valueFrom: - description: Source for the environment - variable's value. Cannot be used - if value is not empty. properties: configMapKeyRef: - description: Selects a key of - a ConfigMap. properties: key: - description: The key to - select. type: string name: default: "" - description: 'Name of the - referent. This field is - effectively required, - but due to backwards compatibility - is allowed to be empty. - Instances of this type - with an empty value here - are almost certainly wrong. - TODO: Add other useful - fields. apiVersion, kind, - uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether - the ConfigMap or its key - must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field - of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, - status.podIPs.' properties: apiVersion: - description: Version of - the schema the FieldPath - is written in terms of, - defaults to "v1". type: string fieldPath: - description: Path of the - field to select in the - specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource - of the container: only resources - limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, - requests.cpu, requests.memory - and requests.ephemeral-storage) - are currently supported.' properties: containerName: - description: 'Container - name: required for volumes, - optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the - output format of the exposed - resources, defaults to - "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: - resource to select' type: string required: - resource type: object x-kubernetes-map-type: atomic secretKeyRef: - description: Selects a key of - a secret in the pod's namespace properties: key: - description: The key of - the secret to select from. Must - be a valid secret key. type: string name: default: "" - description: 'Name of the - referent. This field is - effectively required, - but due to backwards compatibility - is allowed to be empty. - Instances of this type - with an empty value here - are almost certainly wrong. - TODO: Add other useful - fields. apiVersion, kind, - uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether - the Secret or its key - must be defined type: boolean required: - key @@ -15955,85 +5330,31 @@ spec: type: object type: array envFrom: - description: List of sources to populate - environment variables in the container. - The keys defined within a source must - be a C_IDENTIFIER. All invalid keys - will be reported as an event when the - container is starting. When a key exists - in multiple sources, the value associated - with the last source will take precedence. - Values defined by an Env with a duplicate - key will take precedence. Cannot be - updated. items: - description: EnvFromSource represents - the source of a set of ConfigMaps properties: configMapRef: - description: The ConfigMap to select - from properties: name: default: "" - description: 'Name of the referent. - This field is effectively - required, but due to backwards - compatibility is allowed to - be empty. Instances of this - type with an empty value here - are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether - the ConfigMap must be defined type: boolean type: object x-kubernetes-map-type: atomic prefix: - description: An optional identifier - to prepend to each key in the - ConfigMap. Must be a C_IDENTIFIER. type: string secretRef: - description: The Secret to select - from properties: name: default: "" - description: 'Name of the referent. - This field is effectively - required, but due to backwards - compatibility is allowed to - be empty. Instances of this - type with an empty value here - are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether - the Secret must be defined type: boolean type: object x-kubernetes-map-type: atomic type: object type: array ionice: - description: 'Settings to configure `ionice` - to throttle the load on disk. More info: - http://kennystechtalk.blogspot.com/2015/04/throttling-cpu-usage-with-linux-cgroups.html - More info: https://oakbytes.wordpress.com/2012/06/06/linux-scheduler-cfs-and-nice/' properties: class: format: int32 @@ -16043,76 +5364,27 @@ spec: type: integer type: object lifecycle: - description: Actions that the management - system should take in response to container - lifecycle events. Cannot be updated. properties: postStart: - description: 'PostStart is called - immediately after a container is - created. If the handler fails, the - container is terminated and restarted - according to its restart policy. - Other management of the container - blocks until the hook completes. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: Exec specifies the - action to take. properties: command: - description: Command is the - command line to execute - inside the container, the - working directory for the - command is root ('/') in - the container's filesystem. - The command is simply exec'd, - it is not run inside a shell, - so traditional shell instructions - ('|', etc) won't work. To - use a shell, you need to - explicitly call out to that - shell. Exit status of 0 - is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies - the http request to perform. properties: host: - description: Host name to - connect to, defaults to - the pod IP. You probably - want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. items: - description: HTTPHeader - describes a custom header - to be used in HTTP probes properties: name: - description: The header - field name. This will - be canonicalized upon - output, so case-variant - names will be understood - as the same header. type: string value: - description: The header - field value type: string required: - name @@ -16121,144 +5393,58 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access - on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use - for connecting to the host. - Defaults to HTTP. type: string required: - port type: object sleep: - description: Sleep represents - the duration that the container - should sleep before being terminated. properties: seconds: - description: Seconds is the - number of seconds to sleep. format: int64 type: integer required: - seconds type: object tcpSocket: - description: Deprecated. TCPSocket - is NOT supported as a LifecycleHandler - and kept for the backward compatibility. - There are no validation of this - field and lifecycle hooks will - fail in runtime when tcp handler - is specified. properties: host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: - description: 'PreStop is called immediately - before a container is terminated - due to an API request or management - event such as liveness/startup probe - failure, preemption, resource contention, - etc. The handler is not called if - the container crashes or exits. - The Pod''s termination grace period - countdown begins before the PreStop - hook is executed. Regardless of - the outcome of the handler, the - container will eventually terminate - within the Pod''s termination grace - period (unless delayed by finalizers). - Other management of the container - blocks until the hook completes - or until the termination grace period - is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: Exec specifies the - action to take. properties: command: - description: Command is the - command line to execute - inside the container, the - working directory for the - command is root ('/') in - the container's filesystem. - The command is simply exec'd, - it is not run inside a shell, - so traditional shell instructions - ('|', etc) won't work. To - use a shell, you need to - explicitly call out to that - shell. Exit status of 0 - is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies - the http request to perform. properties: host: - description: Host name to - connect to, defaults to - the pod IP. You probably - want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. items: - description: HTTPHeader - describes a custom header - to be used in HTTP probes properties: name: - description: The header - field name. This will - be canonicalized upon - output, so case-variant - names will be understood - as the same header. type: string value: - description: The header - field value type: string required: - name @@ -16267,63 +5453,33 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access - on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use - for connecting to the host. - Defaults to HTTP. type: string required: - port type: object sleep: - description: Sleep represents - the duration that the container - should sleep before being terminated. properties: seconds: - description: Seconds is the - number of seconds to sleep. format: int64 type: integer required: - seconds type: object tcpSocket: - description: Deprecated. TCPSocket - is NOT supported as a LifecycleHandler - and kept for the backward compatibility. - There are no validation of this - field and lifecycle hooks will - fail in runtime when tcp handler - is specified. properties: host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -16331,93 +5487,38 @@ spec: type: object type: object livenessProbe: - description: 'Periodic probe of container - liveness. Container will be restarted - if the probe fails. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action - to take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the - command is root ('/') in the - container's filesystem. The - command is simply exec'd, it - is not run inside a shell, so - traditional shell instructions - ('|', etc) won't work. To use - a shell, you need to explicitly - call out to that shell. Exit - status of 0 is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults - to 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action - involving a GRPC port. properties: port: - description: Port number of the - gRPC service. Number must be - in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name - of the service to place in the - gRPC HealthCheckRequest (see - https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, - the default behavior is defined - by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the - http request to perform. properties: host: - description: Host name to connect - to, defaults to the pod IP. - You probably want to set "Host" - in httpHeaders instead. type: string httpHeaders: - description: Custom headers to - set in the request. HTTP allows - repeated headers. items: - description: HTTPHeader describes - a custom header to be used - in HTTP probes properties: name: - description: The header - field name. This will - be canonicalized upon - output, so case-variant - names will be understood - as the same header. type: string value: - description: The header - field value type: string required: - name @@ -16426,202 +5527,84 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on - the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for - connecting to the host. Defaults - to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after - the container has started before - liveness probes are initiated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) - to perform the probe. Default to - 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to - 1. Must be 1 for liveness and startup. - Minimum value is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an - action involving a TCP port. properties: host: - description: 'Optional: Host name - to connect to, defaults to the - pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in - seconds the pod needs to terminate - gracefully upon probe failure. The - grace period is the duration in - seconds after the processes running - in the pod are sent a termination - signal and the time when the processes - are forcibly halted with a kill - signal. Set this value longer than - the expected cleanup time for your - process. If this value is nil, the - pod's terminationGracePeriodSeconds - will be used. Otherwise, this value - overrides the value provided by - the pod spec. Value must be non-negative - integer. The value zero indicates - stop immediately via the kill signal - (no opportunity to shut down). This - is a beta field and requires enabling - ProbeTerminationGracePeriod feature - gate. Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after - which the probe times out. Defaults - to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object nice: - description: 'Settings to configure `nice` - to throttle the load on cpu. More info: - http://kennystechtalk.blogspot.com/2015/04/throttling-cpu-usage-with-linux-cgroups.html - More info: https://oakbytes.wordpress.com/2012/06/06/linux-scheduler-cfs-and-nice/' properties: adjustment: format: int32 type: integer type: object readinessProbe: - description: 'Periodic probe of container - service readiness. Container will be - removed from service endpoints if the - probe fails. Cannot be updated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action - to take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the - command is root ('/') in the - container's filesystem. The - command is simply exec'd, it - is not run inside a shell, so - traditional shell instructions - ('|', etc) won't work. To use - a shell, you need to explicitly - call out to that shell. Exit - status of 0 is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults - to 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action - involving a GRPC port. properties: port: - description: Port number of the - gRPC service. Number must be - in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name - of the service to place in the - gRPC HealthCheckRequest (see - https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, - the default behavior is defined - by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the - http request to perform. properties: host: - description: Host name to connect - to, defaults to the pod IP. - You probably want to set "Host" - in httpHeaders instead. type: string httpHeaders: - description: Custom headers to - set in the request. HTTP allows - repeated headers. items: - description: HTTPHeader describes - a custom header to be used - in HTTP probes properties: name: - description: The header - field name. This will - be canonicalized upon - output, so case-variant - names will be understood - as the same header. type: string value: - description: The header - field value type: string required: - name @@ -16630,126 +5613,51 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on - the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for - connecting to the host. Defaults - to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after - the container has started before - liveness probes are initiated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) - to perform the probe. Default to - 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to - 1. Must be 1 for liveness and startup. - Minimum value is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an - action involving a TCP port. properties: host: - description: 'Optional: Host name - to connect to, defaults to the - pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in - seconds the pod needs to terminate - gracefully upon probe failure. The - grace period is the duration in - seconds after the processes running - in the pod are sent a termination - signal and the time when the processes - are forcibly halted with a kill - signal. Set this value longer than - the expected cleanup time for your - process. If this value is nil, the - pod's terminationGracePeriodSeconds - will be used. Otherwise, this value - overrides the value provided by - the pod spec. Value must be non-negative - integer. The value zero indicates - stop immediately via the kill signal - (no opportunity to shut down). This - is a beta field and requires enabling - ProbeTerminationGracePeriod feature - gate. Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after - which the probe times out. Defaults - to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object resources: - description: 'Compute Resources required - by container. Cannot be updated. More - info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' properties: claims: - description: "Claims lists the names - of resources, defined in spec.resourceClaims, - that are used by this container. - \n This is an alpha field and requires - enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. - It can only be set for containers." items: - description: ResourceClaim references - one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match - the name of one entry in pod.spec.resourceClaims - of the Pod where this field - is used. It makes that resource - available inside a container. type: string required: - name @@ -16765,9 +5673,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the - maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -16776,273 +5681,77 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the - minimum amount of compute resources - required. If Requests is omitted - for a container, it defaults to - Limits if that is explicitly specified, - otherwise to an implementation-defined - value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: - description: 'Security options the pod - should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation - controls whether a process can gain - more privileges than its parent - process. This bool directly controls - if the no_new_privs flag will be - set on the container process. AllowPrivilegeEscalation - is true always when the container - is: 1) run as Privileged 2) has - CAP_SYS_ADMIN Note that this field - cannot be set when spec.os.name - is windows.' type: boolean appArmorProfile: - description: appArmorProfile is the - AppArmor options to use by this - container. If set, this profile - overrides the pod's appArmorProfile. - Note that this field cannot be set - when spec.os.name is windows. properties: localhostProfile: - description: localhostProfile - indicates a profile loaded on - the node that should be used. - The profile must be preconfigured - on the node to work. Must match - the loaded name of the profile. - Must be set if and only if type - is "Localhost". type: string type: - description: 'type indicates which - kind of AppArmor profile will - be applied. Valid options are: - Localhost - a profile pre-loaded - on the node. RuntimeDefault - - the container runtime''s default - profile. Unconfined - no AppArmor - enforcement.' type: string required: - type type: object capabilities: - description: The capabilities to add/drop - when running containers. Defaults - to the default set of capabilities - granted by the container runtime. - Note that this field cannot be set - when spec.os.name is windows. properties: add: - description: Added capabilities items: - description: Capability represent - POSIX capabilities type type: string type: array x-kubernetes-list-type: atomic drop: - description: Removed capabilities items: - description: Capability represent - POSIX capabilities type type: string type: array x-kubernetes-list-type: atomic type: object privileged: - description: Run container in privileged - mode. Processes in privileged containers - are essentially equivalent to root - on the host. Defaults to false. - Note that this field cannot be set - when spec.os.name is windows. type: boolean procMount: - description: procMount denotes the - type of proc mount to use for the - containers. The default is DefaultProcMount - which uses the container runtime - defaults for readonly paths and - masked paths. This requires the - ProcMountType feature flag to be - enabled. Note that this field cannot - be set when spec.os.name is windows. type: string readOnlyRootFilesystem: - description: Whether this container - has a read-only root filesystem. - Default is false. Note that this - field cannot be set when spec.os.name - is windows. type: boolean runAsGroup: - description: The GID to run the entrypoint - of the container process. Uses runtime - default if unset. May also be set - in PodSecurityContext. If set in - both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this - field cannot be set when spec.os.name - is windows. format: int64 type: integer runAsNonRoot: - description: Indicates that the container - must run as a non-root user. If - true, the Kubelet will validate - the image at runtime to ensure that - it does not run as UID 0 (root) - and fail to start the container - if it does. If unset or false, no - such validation will be performed. - May also be set in PodSecurityContext. If - set in both SecurityContext and - PodSecurityContext, the value specified - in SecurityContext takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint - of the container process. Defaults - to user specified in image metadata - if unspecified. May also be set - in PodSecurityContext. If set in - both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this - field cannot be set when spec.os.name - is windows. format: int64 type: integer seLinuxOptions: - description: The SELinux context to - be applied to the container. If - unspecified, the container runtime - will allocate a random SELinux context - for each container. May also be - set in PodSecurityContext. If set - in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this - field cannot be set when spec.os.name - is windows. properties: level: - description: Level is SELinux - level label that applies to - the container. type: string role: - description: Role is a SELinux - role label that applies to the - container. type: string type: - description: Type is a SELinux - type label that applies to the - container. type: string user: - description: User is a SELinux - user label that applies to the - container. type: string type: object seccompProfile: - description: The seccomp options to - use by this container. If seccomp - options are provided at both the - pod & container level, the container - options override the pod options. - Note that this field cannot be set - when spec.os.name is windows. properties: localhostProfile: - description: localhostProfile - indicates a profile defined - in a file on the node should - be used. The profile must be - preconfigured on the node to - work. Must be a descending path, - relative to the kubelet's configured - seccomp profile location. Must - be set if type is "Localhost". - Must NOT be set for any other - type. type: string type: - description: "type indicates which - kind of seccomp profile will - be applied. Valid options are: - \n Localhost - a profile defined - in a file on the node should - be used. RuntimeDefault - the - container runtime default profile - should be used. Unconfined - - no profile should be applied." type: string required: - type type: object windowsOptions: - description: The Windows specific - settings applied to all containers. - If unspecified, the options from - the PodSecurityContext will be used. - If set in both SecurityContext and - PodSecurityContext, the value specified - in SecurityContext takes precedence. - Note that this field cannot be set - when spec.os.name is linux. properties: gmsaCredentialSpec: - description: GMSACredentialSpec - is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the - GMSA credential spec named by - the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName - is the name of the GMSA credential - spec to use. type: string hostProcess: - description: HostProcess determines - if a container should be run - as a 'Host Process' container. - All of a Pod's containers must - have the same effective HostProcess - value (it is not allowed to - have a mix of HostProcess containers - and non-HostProcess containers). - In addition, if HostProcess - is true then HostNetwork must - also be set to true. type: boolean runAsUserName: - description: The UserName in Windows - to run the entrypoint of the - container process. Defaults - to the user specified in image - metadata if unspecified. May - also be set in PodSecurityContext. - If set in both SecurityContext - and PodSecurityContext, the - value specified in SecurityContext - takes precedence. type: string type: object type: object @@ -17050,101 +5759,22 @@ spec: pod: properties: affinity: - description: If specified, the pod's scheduling - constraints properties: nodeAffinity: - description: Describes node affinity - scheduling rules for the pod. properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will - prefer to schedule pods to nodes - that satisfy the affinity expressions - specified by this field, but - it may choose a node that violates - one or more of the expressions. - The node that is most preferred - is the one with the greatest - sum of weights, i.e. for each - node that meets all of the scheduling - requirements (resource request, - requiredDuringScheduling affinity - expressions, etc.), compute - a sum by iterating through the - elements of this field and adding - "weight" to the sum if the node - matches the corresponding matchExpressions; - the node(s) with the highest - sum are the most preferred. items: - description: An empty preferred - scheduling term matches all - objects with implicit weight - 0 (i.e. it's a no-op). A null - preferred scheduling term - matches no objects (i.e. is - also a no-op). properties: preference: - description: A node selector - term, associated with - the corresponding weight. properties: matchExpressions: - description: A list - of node selector requirements - by node's labels. items: - description: A node - selector requirement - is a selector that - contains values, - a key, and an operator - that relates the - key and values. properties: key: - description: The - label key that - the selector - applies to. type: string operator: - description: Represents - a key's relationship - to a set of - values. Valid - operators are - In, NotIn, Exists, - DoesNotExist. - Gt, and Lt. type: string values: - description: An - array of string - values. If the - operator is - In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or - DoesNotExist, - the values array - must be empty. - If the operator - is Gt or Lt, - the values array - must have a - single element, - which will be - interpreted - as an integer. - This array is - replaced during - a strategic - merge patch. items: type: string type: array @@ -17156,59 +5786,13 @@ spec: type: array x-kubernetes-list-type: atomic matchFields: - description: A list - of node selector requirements - by node's fields. items: - description: A node - selector requirement - is a selector that - contains values, - a key, and an operator - that relates the - key and values. properties: key: - description: The - label key that - the selector - applies to. type: string operator: - description: Represents - a key's relationship - to a set of - values. Valid - operators are - In, NotIn, Exists, - DoesNotExist. - Gt, and Lt. type: string values: - description: An - array of string - values. If the - operator is - In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or - DoesNotExist, - the values array - must be empty. - If the operator - is Gt or Lt, - the values array - must have a - single element, - which will be - interpreted - as an integer. - This array is - replaced during - a strategic - merge patch. items: type: string type: array @@ -17222,10 +5806,6 @@ spec: type: object x-kubernetes-map-type: atomic weight: - description: Weight associated - with matching the corresponding - nodeSelectorTerm, in the - range 1-100. format: int32 type: integer required: @@ -17235,85 +5815,18 @@ spec: type: array x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements - specified by this field are - not met at scheduling time, - the pod will not be scheduled - onto the node. If the affinity - requirements specified by this - field cease to be met at some - point during pod execution (e.g. - due to an update), the system - may or may not try to eventually - evict the pod from its node. properties: nodeSelectorTerms: - description: Required. A list - of node selector terms. - The terms are ORed. items: - description: A null or empty - node selector term matches - no objects. The requirements - of them are ANDed. The - TopologySelectorTerm type - implements a subset of - the NodeSelectorTerm. properties: matchExpressions: - description: A list - of node selector requirements - by node's labels. items: - description: A node - selector requirement - is a selector that - contains values, - a key, and an operator - that relates the - key and values. properties: key: - description: The - label key that - the selector - applies to. type: string operator: - description: Represents - a key's relationship - to a set of - values. Valid - operators are - In, NotIn, Exists, - DoesNotExist. - Gt, and Lt. type: string values: - description: An - array of string - values. If the - operator is - In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or - DoesNotExist, - the values array - must be empty. - If the operator - is Gt or Lt, - the values array - must have a - single element, - which will be - interpreted - as an integer. - This array is - replaced during - a strategic - merge patch. items: type: string type: array @@ -17325,59 +5838,13 @@ spec: type: array x-kubernetes-list-type: atomic matchFields: - description: A list - of node selector requirements - by node's fields. items: - description: A node - selector requirement - is a selector that - contains values, - a key, and an operator - that relates the - key and values. properties: key: - description: The - label key that - the selector - applies to. type: string operator: - description: Represents - a key's relationship - to a set of - values. Valid - operators are - In, NotIn, Exists, - DoesNotExist. - Gt, and Lt. type: string values: - description: An - array of string - values. If the - operator is - In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or - DoesNotExist, - the values array - must be empty. - If the operator - is Gt or Lt, - the values array - must have a - single element, - which will be - interpreted - as an integer. - This array is - replaced during - a strategic - merge patch. items: type: string type: array @@ -17398,113 +5865,22 @@ spec: x-kubernetes-map-type: atomic type: object podAffinity: - description: Describes pod affinity - scheduling rules (e.g. co-locate - this pod in the same node, zone, - etc. as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will - prefer to schedule pods to nodes - that satisfy the affinity expressions - specified by this field, but - it may choose a node that violates - one or more of the expressions. - The node that is most preferred - is the one with the greatest - sum of weights, i.e. for each - node that meets all of the scheduling - requirements (resource request, - requiredDuringScheduling affinity - expressions, etc.), compute - a sum by iterating through the - elements of this field and adding - "weight" to the sum if the node - has pods which matches the corresponding - podAffinityTerm; the node(s) - with the highest sum are the - most preferred. items: - description: The weights of - all of the matched WeightedPodAffinityTerm - fields are added per-node - to find the most preferred - node(s) properties: podAffinityTerm: - description: Required. A - pod affinity term, associated - with the corresponding - weight. properties: labelSelector: - description: A label - query over a set of - resources, in this - case pods. If it's - null, this PodAffinityTerm - matches with no Pods. properties: matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements - are ANDed. items: - description: A - label selector - requirement - is a selector - that contains - values, a key, - and an operator - that relates - the key and - values. properties: key: - description: key - is the label - key that - the selector - applies - to. type: string operator: - description: operator - represents - a key's - relationship - to a set - of values. - Valid operators - are In, - NotIn, Exists - and DoesNotExist. type: string values: - description: values - is an array - of string - values. - If the operator - is In or - NotIn, the - values array - must be - non-empty. - If the operator - is Exists - or DoesNotExist, - the values - array must - be empty. - This array - is replaced - during a - strategic - merge patch. items: type: string type: array @@ -17518,177 +5894,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single - {key,value} in - the matchLabels - map is equivalent - to an element - of matchExpressions, - whose key field - is "key", the - operator is "In", - and the values - array contains - only "value". - The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys - is a set of pod label - keys to select which - pods will be taken - into consideration. - The keys are used - to lookup values from - the incoming pod labels, - those key-value labels - are merged with `labelSelector` - as `key in (value)` - to select the group - of existing pods which - pods will be taken - into consideration - for the incoming pod's - pod (anti) affinity. - Keys that don't exist - in the incoming pod - labels will be ignored. - The default value - is empty. The same - key is forbidden to - exist in both matchLabelKeys - and labelSelector. - Also, matchLabelKeys - cannot be set when - labelSelector isn't - set. This is an alpha - field and requires - enabling MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys - is a set of pod label - keys to select which - pods will be taken - into consideration. - The keys are used - to lookup values from - the incoming pod labels, - those key-value labels - are merged with `labelSelector` - as `key notin (value)` - to select the group - of existing pods which - pods will be taken - into consideration - for the incoming pod's - pod (anti) affinity. - Keys that don't exist - in the incoming pod - labels will be ignored. - The default value - is empty. The same - key is forbidden to - exist in both mismatchLabelKeys - and labelSelector. - Also, mismatchLabelKeys - cannot be set when - labelSelector isn't - set. This is an alpha - field and requires - enabling MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label - query over the set - of namespaces that - the term applies to. - The term is applied - to the union of the - namespaces selected - by this field and - the ones listed in - the namespaces field. - null selector and - null or empty namespaces - list means "this pod's - namespace". An empty - selector ({}) matches - all namespaces. properties: matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements - are ANDed. items: - description: A - label selector - requirement - is a selector - that contains - values, a key, - and an operator - that relates - the key and - values. properties: key: - description: key - is the label - key that - the selector - applies - to. type: string operator: - description: operator - represents - a key's - relationship - to a set - of values. - Valid operators - are In, - NotIn, Exists - and DoesNotExist. type: string values: - description: values - is an array - of string - values. - If the operator - is In or - NotIn, the - values array - must be - non-empty. - If the operator - is Exists - or DoesNotExist, - the values - array must - be empty. - This array - is replaced - during a - strategic - merge patch. items: type: string type: array @@ -17702,71 +5930,20 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single - {key,value} in - the matchLabels - map is equivalent - to an element - of matchExpressions, - whose key field - is "key", the - operator is "In", - and the values - array contains - only "value". - The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces - specifies a static - list of namespace - names that the term - applies to. The term - is applied to the - union of the namespaces - listed in this field - and the ones selected - by namespaceSelector. - null or empty namespaces - list and null namespaceSelector - means "this pod's - namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: - description: This pod - should be co-located - (affinity) or not - co-located (anti-affinity) - with the pods matching - the labelSelector - in the specified namespaces, - where co-located is - defined as running - on a node whose value - of the label with - key topologyKey matches - that of any node on - which any of the selected - pods is running. Empty - topologyKey is not - allowed. type: string required: - topologyKey type: object weight: - description: weight associated - with matching the corresponding - podAffinityTerm, in the - range 1-100. format: int32 type: integer required: @@ -17776,93 +5953,18 @@ spec: type: array x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements - specified by this field are - not met at scheduling time, - the pod will not be scheduled - onto the node. If the affinity - requirements specified by this - field cease to be met at some - point during pod execution (e.g. - due to a pod label update), - the system may or may not try - to eventually evict the pod - from its node. When there are - multiple elements, the lists - of nodes corresponding to each - podAffinityTerm are intersected, - i.e. all terms must be satisfied. items: - description: Defines a set of - pods (namely those matching - the labelSelector relative - to the given namespace(s)) - that this pod should be co-located - (affinity) or not co-located - (anti-affinity) with, where - co-located is defined as running - on a node whose value of the - label with key - matches that of any node on - which a pod of the set of - pods is running properties: labelSelector: - description: A label query - over a set of resources, - in this case pods. If - it's null, this PodAffinityTerm - matches with no Pods. properties: matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements are - ANDed. items: - description: A label - selector requirement - is a selector that - contains values, - a key, and an operator - that relates the - key and values. properties: key: - description: key - is the label - key that the - selector applies - to. type: string operator: - description: operator - represents a - key's relationship - to a set of - values. Valid - operators are - In, NotIn, Exists - and DoesNotExist. type: string values: - description: values - is an array - of string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or - DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic - merge patch. items: type: string type: array @@ -17876,151 +5978,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels - map is equivalent - to an element of matchExpressions, - whose key field is - "key", the operator - is "In", and the values - array contains only - "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys - is a set of pod label - keys to select which pods - will be taken into consideration. - The keys are used to lookup - values from the incoming - pod labels, those key-value - labels are merged with - `labelSelector` as `key - in (value)` to select - the group of existing - pods which pods will be - taken into consideration - for the incoming pod's - pod (anti) affinity. Keys - that don't exist in the - incoming pod labels will - be ignored. The default - value is empty. The same - key is forbidden to exist - in both matchLabelKeys - and labelSelector. Also, - matchLabelKeys cannot - be set when labelSelector - isn't set. This is an - alpha field and requires - enabling MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys - is a set of pod label - keys to select which pods - will be taken into consideration. - The keys are used to lookup - values from the incoming - pod labels, those key-value - labels are merged with - `labelSelector` as `key - notin (value)` to select - the group of existing - pods which pods will be - taken into consideration - for the incoming pod's - pod (anti) affinity. Keys - that don't exist in the - incoming pod labels will - be ignored. The default - value is empty. The same - key is forbidden to exist - in both mismatchLabelKeys - and labelSelector. Also, - mismatchLabelKeys cannot - be set when labelSelector - isn't set. This is an - alpha field and requires - enabling MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query - over the set of namespaces - that the term applies - to. The term is applied - to the union of the namespaces - selected by this field - and the ones listed in - the namespaces field. - null selector and null - or empty namespaces list - means "this pod's namespace". - An empty selector ({}) - matches all namespaces. properties: matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements are - ANDed. items: - description: A label - selector requirement - is a selector that - contains values, - a key, and an operator - that relates the - key and values. properties: key: - description: key - is the label - key that the - selector applies - to. type: string operator: - description: operator - represents a - key's relationship - to a set of - values. Valid - operators are - In, NotIn, Exists - and DoesNotExist. type: string values: - description: values - is an array - of string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or - DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic - merge patch. items: type: string type: array @@ -18034,52 +6014,15 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels - map is equivalent - to an element of matchExpressions, - whose key field is - "key", the operator - is "In", and the values - array contains only - "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces - specifies a static list - of namespace names that - the term applies to. The - term is applied to the - union of the namespaces - listed in this field and - the ones selected by namespaceSelector. - null or empty namespaces - list and null namespaceSelector - means "this pod's namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: - description: This pod should - be co-located (affinity) - or not co-located (anti-affinity) - with the pods matching - the labelSelector in the - specified namespaces, - where co-located is defined - as running on a node whose - value of the label with - key topologyKey matches - that of any node on which - any of the selected pods - is running. Empty topologyKey - is not allowed. type: string required: - topologyKey @@ -18088,113 +6031,22 @@ spec: x-kubernetes-list-type: atomic type: object podAntiAffinity: - description: Describes pod anti-affinity - scheduling rules (e.g. avoid putting - this pod in the same node, zone, - etc. as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will - prefer to schedule pods to nodes - that satisfy the anti-affinity - expressions specified by this - field, but it may choose a node - that violates one or more of - the expressions. The node that - is most preferred is the one - with the greatest sum of weights, - i.e. for each node that meets - all of the scheduling requirements - (resource request, requiredDuringScheduling - anti-affinity expressions, etc.), - compute a sum by iterating through - the elements of this field and - adding "weight" to the sum if - the node has pods which matches - the corresponding podAffinityTerm; - the node(s) with the highest - sum are the most preferred. items: - description: The weights of - all of the matched WeightedPodAffinityTerm - fields are added per-node - to find the most preferred - node(s) properties: podAffinityTerm: - description: Required. A - pod affinity term, associated - with the corresponding - weight. properties: labelSelector: - description: A label - query over a set of - resources, in this - case pods. If it's - null, this PodAffinityTerm - matches with no Pods. properties: matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements - are ANDed. items: - description: A - label selector - requirement - is a selector - that contains - values, a key, - and an operator - that relates - the key and - values. properties: key: - description: key - is the label - key that - the selector - applies - to. type: string operator: - description: operator - represents - a key's - relationship - to a set - of values. - Valid operators - are In, - NotIn, Exists - and DoesNotExist. type: string values: - description: values - is an array - of string - values. - If the operator - is In or - NotIn, the - values array - must be - non-empty. - If the operator - is Exists - or DoesNotExist, - the values - array must - be empty. - This array - is replaced - during a - strategic - merge patch. items: type: string type: array @@ -18208,177 +6060,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single - {key,value} in - the matchLabels - map is equivalent - to an element - of matchExpressions, - whose key field - is "key", the - operator is "In", - and the values - array contains - only "value". - The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys - is a set of pod label - keys to select which - pods will be taken - into consideration. - The keys are used - to lookup values from - the incoming pod labels, - those key-value labels - are merged with `labelSelector` - as `key in (value)` - to select the group - of existing pods which - pods will be taken - into consideration - for the incoming pod's - pod (anti) affinity. - Keys that don't exist - in the incoming pod - labels will be ignored. - The default value - is empty. The same - key is forbidden to - exist in both matchLabelKeys - and labelSelector. - Also, matchLabelKeys - cannot be set when - labelSelector isn't - set. This is an alpha - field and requires - enabling MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys - is a set of pod label - keys to select which - pods will be taken - into consideration. - The keys are used - to lookup values from - the incoming pod labels, - those key-value labels - are merged with `labelSelector` - as `key notin (value)` - to select the group - of existing pods which - pods will be taken - into consideration - for the incoming pod's - pod (anti) affinity. - Keys that don't exist - in the incoming pod - labels will be ignored. - The default value - is empty. The same - key is forbidden to - exist in both mismatchLabelKeys - and labelSelector. - Also, mismatchLabelKeys - cannot be set when - labelSelector isn't - set. This is an alpha - field and requires - enabling MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label - query over the set - of namespaces that - the term applies to. - The term is applied - to the union of the - namespaces selected - by this field and - the ones listed in - the namespaces field. - null selector and - null or empty namespaces - list means "this pod's - namespace". An empty - selector ({}) matches - all namespaces. properties: matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements - are ANDed. items: - description: A - label selector - requirement - is a selector - that contains - values, a key, - and an operator - that relates - the key and - values. properties: key: - description: key - is the label - key that - the selector - applies - to. type: string operator: - description: operator - represents - a key's - relationship - to a set - of values. - Valid operators - are In, - NotIn, Exists - and DoesNotExist. type: string values: - description: values - is an array - of string - values. - If the operator - is In or - NotIn, the - values array - must be - non-empty. - If the operator - is Exists - or DoesNotExist, - the values - array must - be empty. - This array - is replaced - during a - strategic - merge patch. items: type: string type: array @@ -18392,71 +6096,20 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single - {key,value} in - the matchLabels - map is equivalent - to an element - of matchExpressions, - whose key field - is "key", the - operator is "In", - and the values - array contains - only "value". - The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces - specifies a static - list of namespace - names that the term - applies to. The term - is applied to the - union of the namespaces - listed in this field - and the ones selected - by namespaceSelector. - null or empty namespaces - list and null namespaceSelector - means "this pod's - namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: - description: This pod - should be co-located - (affinity) or not - co-located (anti-affinity) - with the pods matching - the labelSelector - in the specified namespaces, - where co-located is - defined as running - on a node whose value - of the label with - key topologyKey matches - that of any node on - which any of the selected - pods is running. Empty - topologyKey is not - allowed. type: string required: - topologyKey type: object weight: - description: weight associated - with matching the corresponding - podAffinityTerm, in the - range 1-100. format: int32 type: integer required: @@ -18466,93 +6119,18 @@ spec: type: array x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity - requirements specified by this - field are not met at scheduling - time, the pod will not be scheduled - onto the node. If the anti-affinity - requirements specified by this - field cease to be met at some - point during pod execution (e.g. - due to a pod label update), - the system may or may not try - to eventually evict the pod - from its node. When there are - multiple elements, the lists - of nodes corresponding to each - podAffinityTerm are intersected, - i.e. all terms must be satisfied. items: - description: Defines a set of - pods (namely those matching - the labelSelector relative - to the given namespace(s)) - that this pod should be co-located - (affinity) or not co-located - (anti-affinity) with, where - co-located is defined as running - on a node whose value of the - label with key - matches that of any node on - which a pod of the set of - pods is running properties: labelSelector: - description: A label query - over a set of resources, - in this case pods. If - it's null, this PodAffinityTerm - matches with no Pods. properties: matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements are - ANDed. items: - description: A label - selector requirement - is a selector that - contains values, - a key, and an operator - that relates the - key and values. properties: key: - description: key - is the label - key that the - selector applies - to. type: string operator: - description: operator - represents a - key's relationship - to a set of - values. Valid - operators are - In, NotIn, Exists - and DoesNotExist. type: string values: - description: values - is an array - of string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or - DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic - merge patch. items: type: string type: array @@ -18566,151 +6144,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels - map is equivalent - to an element of matchExpressions, - whose key field is - "key", the operator - is "In", and the values - array contains only - "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys - is a set of pod label - keys to select which pods - will be taken into consideration. - The keys are used to lookup - values from the incoming - pod labels, those key-value - labels are merged with - `labelSelector` as `key - in (value)` to select - the group of existing - pods which pods will be - taken into consideration - for the incoming pod's - pod (anti) affinity. Keys - that don't exist in the - incoming pod labels will - be ignored. The default - value is empty. The same - key is forbidden to exist - in both matchLabelKeys - and labelSelector. Also, - matchLabelKeys cannot - be set when labelSelector - isn't set. This is an - alpha field and requires - enabling MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys - is a set of pod label - keys to select which pods - will be taken into consideration. - The keys are used to lookup - values from the incoming - pod labels, those key-value - labels are merged with - `labelSelector` as `key - notin (value)` to select - the group of existing - pods which pods will be - taken into consideration - for the incoming pod's - pod (anti) affinity. Keys - that don't exist in the - incoming pod labels will - be ignored. The default - value is empty. The same - key is forbidden to exist - in both mismatchLabelKeys - and labelSelector. Also, - mismatchLabelKeys cannot - be set when labelSelector - isn't set. This is an - alpha field and requires - enabling MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query - over the set of namespaces - that the term applies - to. The term is applied - to the union of the namespaces - selected by this field - and the ones listed in - the namespaces field. - null selector and null - or empty namespaces list - means "this pod's namespace". - An empty selector ({}) - matches all namespaces. properties: matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements are - ANDed. items: - description: A label - selector requirement - is a selector that - contains values, - a key, and an operator - that relates the - key and values. properties: key: - description: key - is the label - key that the - selector applies - to. type: string operator: - description: operator - represents a - key's relationship - to a set of - values. Valid - operators are - In, NotIn, Exists - and DoesNotExist. type: string values: - description: values - is an array - of string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or - DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic - merge patch. items: type: string type: array @@ -18724,52 +6180,15 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels - map is equivalent - to an element of matchExpressions, - whose key field is - "key", the operator - is "In", and the values - array contains only - "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces - specifies a static list - of namespace names that - the term applies to. The - term is applied to the - union of the namespaces - listed in this field and - the ones selected by namespaceSelector. - null or empty namespaces - list and null namespaceSelector - means "this pod's namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: - description: This pod should - be co-located (affinity) - or not co-located (anti-affinity) - with the pods matching - the labelSelector in the - specified namespaces, - where co-located is defined - as running on a node whose - value of the label with - key topologyKey matches - that of any node on which - any of the selected pods - is running. Empty topologyKey - is not allowed. type: string required: - topologyKey @@ -18779,359 +6198,106 @@ spec: type: object type: object automountServiceAccountToken: - description: AutomountServiceAccountToken - indicates whether a service account - token should be automatically mounted. type: boolean enableServiceLinks: - description: 'EnableServiceLinks indicates - whether information about services should - be injected into pod''s environment - variables, matching the syntax of Docker - links. Optional: Defaults to true.' type: boolean imagePullSecrets: - description: 'ImagePullSecrets is an optional - list of references to secrets in the - same namespace to use for pulling any - of the images used by this PodRuntimeSettings. - If specified, these secrets will be - passed to individual puller implementations - for them to use. For example, in the - case of docker, only DockerConfig type - secrets are honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' items: - description: LocalObjectReference contains - enough information to let you locate - the referenced object inside the same - namespace. properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic type: array nodeName: - description: NodeName is a request to - schedule this pod onto a specific node. - If it is non-empty, the scheduler simply - schedules this pod onto that node, assuming - that it fits resource requirements. type: string nodeSelector: additionalProperties: type: string - description: 'NodeSelector is a selector - which must be true for the pod to fit - on a node. Selector which must match - a node''s labels for the pod to be scheduled - on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' type: object podAnnotations: additionalProperties: type: string - description: PodAnnotations are the annotations - that will be attached with the respective - Pod type: object podLabels: additionalProperties: type: string - description: PodLabels are the labels - that will be attached with the respective - Pod type: object priority: - description: The priority value. Various - system components use this field to - find the priority of the pod. When Priority - Admission Controller is enabled, it - prevents users from setting this field. - The admission controller populates this - field from PriorityClassName. The higher - the value, the higher the priority. format: int32 type: integer priorityClassName: - description: If specified, indicates the - pod's priority. "system-node-critical" - and "system-cluster-critical" are two - special keywords which indicate the - highest priorities with the former being - the highest priority. Any other name - must be defined by creating a PriorityClass - object with that name. If not specified, - the pod priority will be default or - zero if there is no default. type: string readinessGates: - description: 'If specified, all readiness - gates will be evaluated for pod readiness. - A pod is ready when all its containers - are ready AND all conditions specified - in the readiness gates have status equal - to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/0007-pod-ready%2B%2B.md' items: - description: PodReadinessGate contains - the reference to a pod condition properties: conditionType: - description: ConditionType refers - to a condition in the pod's condition - list with matching type. type: string required: - conditionType type: object type: array runtimeClassName: - description: 'RuntimeClassName refers - to a RuntimeClass object in the node.k8s.io - group, which should be used to run this - pod. If no RuntimeClass resource matches - the named class, the pod will not be - run. If unset or empty, the "legacy" - RuntimeClass will be used, which is - an implicit class with an empty definition - that uses the default runtime handler. - More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md - This is an alpha feature and may change - in the future.' type: string schedulerName: - description: If specified, the pod will - be dispatched by specified scheduler. - If not specified, the pod will be dispatched - by default scheduler. type: string securityContext: - description: 'Security options the pod - should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: appArmorProfile: - description: appArmorProfile is the - AppArmor options to use by the containers - in this pod. Note that this field - cannot be set when spec.os.name - is windows. properties: localhostProfile: - description: localhostProfile - indicates a profile loaded on - the node that should be used. - The profile must be preconfigured - on the node to work. Must match - the loaded name of the profile. - Must be set if and only if type - is "Localhost". type: string type: - description: 'type indicates which - kind of AppArmor profile will - be applied. Valid options are: - Localhost - a profile pre-loaded - on the node. RuntimeDefault - - the container runtime''s default - profile. Unconfined - no AppArmor - enforcement.' type: string required: - type type: object fsGroup: - description: "A special supplemental - group that applies to all containers - in a pod. Some volume types allow - the Kubelet to change the ownership - of that volume to be owned by the - pod: \n 1. The owning GID will be - the FSGroup 2. The setgid bit is - set (new files created in the volume - will be owned by FSGroup) 3. The - permission bits are OR'd with rw-rw---- - \n If unset, the Kubelet will not - modify the ownership and permissions - of any volume. Note that this field - cannot be set when spec.os.name - is windows." format: int64 type: integer fsGroupChangePolicy: - description: 'fsGroupChangePolicy - defines behavior of changing ownership - and permission of the volume before - being exposed inside Pod. This field - will only apply to volume types - which support fsGroup based ownership(and - permissions). It will have no effect - on ephemeral volume types such as: - secret, configmaps and emptydir. - Valid values are "OnRootMismatch" - and "Always". If not specified, - "Always" is used. Note that this - field cannot be set when spec.os.name - is windows.' type: string runAsGroup: - description: The GID to run the entrypoint - of the container process. Uses runtime - default if unset. May also be set - in SecurityContext. If set in both - SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence for that container. - Note that this field cannot be set - when spec.os.name is windows. format: int64 type: integer runAsNonRoot: - description: Indicates that the container - must run as a non-root user. If - true, the Kubelet will validate - the image at runtime to ensure that - it does not run as UID 0 (root) - and fail to start the container - if it does. If unset or false, no - such validation will be performed. - May also be set in SecurityContext. If - set in both SecurityContext and - PodSecurityContext, the value specified - in SecurityContext takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint - of the container process. Defaults - to user specified in image metadata - if unspecified. May also be set - in SecurityContext. If set in both - SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence for that container. - Note that this field cannot be set - when spec.os.name is windows. format: int64 type: integer seLinuxOptions: - description: The SELinux context to - be applied to all containers. If - unspecified, the container runtime - will allocate a random SELinux context - for each container. May also be - set in SecurityContext. If set - in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence for that container. - Note that this field cannot be set - when spec.os.name is windows. properties: level: - description: Level is SELinux - level label that applies to - the container. type: string role: - description: Role is a SELinux - role label that applies to the - container. type: string type: - description: Type is a SELinux - type label that applies to the - container. type: string user: - description: User is a SELinux - user label that applies to the - container. type: string type: object seccompProfile: - description: The seccomp options to - use by the containers in this pod. - Note that this field cannot be set - when spec.os.name is windows. properties: localhostProfile: - description: localhostProfile - indicates a profile defined - in a file on the node should - be used. The profile must be - preconfigured on the node to - work. Must be a descending path, - relative to the kubelet's configured - seccomp profile location. Must - be set if type is "Localhost". - Must NOT be set for any other - type. type: string type: - description: "type indicates which - kind of seccomp profile will - be applied. Valid options are: - \n Localhost - a profile defined - in a file on the node should - be used. RuntimeDefault - the - container runtime default profile - should be used. Unconfined - - no profile should be applied." type: string required: - type type: object supplementalGroups: - description: A list of groups applied - to the first process run in each - container, in addition to the container's - primary GID, the fsGroup (if specified), - and group memberships defined in - the container image for the uid - of the container process. If unspecified, - no additional groups are added to - any container. Note that group memberships - defined in the container image for - the uid of the container process - are still effective, even if they - are not included in this list. Note - that this field cannot be set when - spec.os.name is windows. items: format: int64 type: integer type: array x-kubernetes-list-type: atomic sysctls: - description: Sysctls hold a list of - namespaced sysctls used for the - pod. Pods with unsupported sysctls - (by the container runtime) might - fail to launch. Note that this field - cannot be set when spec.os.name - is windows. items: - description: Sysctl defines a kernel - parameter to be set properties: name: - description: Name of a property - to set type: string value: - description: Value of a property - to set type: string required: - name @@ -19140,182 +6306,52 @@ spec: type: array x-kubernetes-list-type: atomic windowsOptions: - description: The Windows specific - settings applied to all containers. - If unspecified, the options within - a container's SecurityContext will - be used. If set in both SecurityContext - and PodSecurityContext, the value - specified in SecurityContext takes - precedence. Note that this field - cannot be set when spec.os.name - is linux. properties: gmsaCredentialSpec: - description: GMSACredentialSpec - is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the - GMSA credential spec named by - the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName - is the name of the GMSA credential - spec to use. type: string hostProcess: - description: HostProcess determines - if a container should be run - as a 'Host Process' container. - All of a Pod's containers must - have the same effective HostProcess - value (it is not allowed to - have a mix of HostProcess containers - and non-HostProcess containers). - In addition, if HostProcess - is true then HostNetwork must - also be set to true. type: boolean runAsUserName: - description: The UserName in Windows - to run the entrypoint of the - container process. Defaults - to the user specified in image - metadata if unspecified. May - also be set in PodSecurityContext. - If set in both SecurityContext - and PodSecurityContext, the - value specified in SecurityContext - takes precedence. type: string type: object type: object serviceAccountAnnotations: additionalProperties: type: string - description: ServiceAccountAnnotations - are the annotations that will be attached - with the respective ServiceAccount type: object serviceAccountName: - description: 'ServiceAccountName is the - name of the ServiceAccount to use to - run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' type: string tolerations: - description: If specified, the pod's tolerations. items: - description: The pod this Toleration - is attached to tolerates any taint - that matches the triple - using the matching operator . properties: effect: - description: Effect indicates the - taint effect to match. Empty means - match all taint effects. When - specified, allowed values are - NoSchedule, PreferNoSchedule and - NoExecute. type: string key: - description: Key is the taint key - that the toleration applies to. - Empty means match all taint keys. - If the key is empty, operator - must be Exists; this combination - means to match all values and - all keys. type: string operator: - description: Operator represents - a key's relationship to the value. - Valid operators are Exists and - Equal. Defaults to Equal. Exists - is equivalent to wildcard for - value, so that a pod can tolerate - all taints of a particular category. type: string tolerationSeconds: - description: TolerationSeconds represents - the period of time the toleration - (which must be of effect NoExecute, - otherwise this field is ignored) - tolerates the taint. By default, - it is not set, which means tolerate - the taint forever (do not evict). - Zero and negative values will - be treated as 0 (evict immediately) - by the system. format: int64 type: integer value: - description: Value is the taint - value the toleration matches to. - If the operator is Exists, the - value should be empty, otherwise - just a regular string. type: string type: object type: array topologySpreadConstraints: - description: TopologySpreadConstraints - describes how a group of pods ought - to spread across topology domains. Scheduler - will schedule pods in a way which abides - by the constraints. All topologySpreadConstraints - are ANDed. items: - description: TopologySpreadConstraint - specifies how to spread matching pods - among the given topology. properties: labelSelector: - description: LabelSelector is used - to find matching pods. Pods that - match this label selector are - counted to determine the number - of pods in their corresponding - topology domain. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, a - key, and an operator that - relates the key and values. properties: key: - description: key is the - label key that the selector - applies to. type: string operator: - description: operator - represents a key's relationship - to a set of values. - Valid operators are - In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is - an array of string values. - If the operator is In - or NotIn, the values - array must be non-empty. - If the operator is Exists - or DoesNotExist, the - values array must be - empty. This array is - replaced during a strategic - merge patch. items: type: string type: array @@ -19329,201 +6365,27 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in the - matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: "MatchLabelKeys is - a set of pod label keys to select - the pods over which spreading - will be calculated. The keys are - used to lookup values from the - incoming pod labels, those key-value - labels are ANDed with labelSelector - to select the group of existing - pods over which spreading will - be calculated for the incoming - pod. The same key is forbidden - to exist in both MatchLabelKeys - and LabelSelector. MatchLabelKeys - cannot be set when LabelSelector - isn't set. Keys that don't exist - in the incoming pod labels will - be ignored. A null or empty list - means only match against labelSelector. - \n This is a beta field and requires - the MatchLabelKeysInPodTopologySpread - feature gate to be enabled (enabled - by default)." items: type: string type: array x-kubernetes-list-type: atomic maxSkew: - description: 'MaxSkew describes - the degree to which pods may be - unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, - it is the maximum permitted difference - between the number of matching - pods in the target topology and - the global minimum. The global - minimum is the minimum number - of matching pods in an eligible - domain or zero if the number of - eligible domains is less than - MinDomains. For example, in a - 3-zone cluster, MaxSkew is set - to 1, and pods with the same labelSelector - spread as 2/2/1: In this case, - the global minimum is 1. | zone1 - | zone2 | zone3 | | P P | P - P | P | - if MaxSkew is 1, - incoming pod can only be scheduled - to zone3 to become 2/2/2; scheduling - it onto zone1(zone2) would make - the ActualSkew(3-1) on zone1(zone2) - violate MaxSkew(1). - if MaxSkew - is 2, incoming pod can be scheduled - onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, - it is used to give higher precedence - to topologies that satisfy it. - It''s a required field. Default - value is 1 and 0 is not allowed.' format: int32 type: integer minDomains: - description: "MinDomains indicates - a minimum number of eligible domains. - When the number of eligible domains - with matching topology keys is - less than minDomains, Pod Topology - Spread treats \"global minimum\" - as 0, and then the calculation - of Skew is performed. And when - the number of eligible domains - with matching topology keys equals - or greater than minDomains, this - value has no effect on scheduling. - As a result, when the number of - eligible domains is less than - minDomains, scheduler won't schedule - more than maxSkew Pods to those - domains. If value is nil, the - constraint behaves as if MinDomains - is equal to 1. Valid values are - integers greater than 0. When - value is not nil, WhenUnsatisfiable - must be DoNotSchedule. \n For - example, in a 3-zone cluster, - MaxSkew is set to 2, MinDomains - is set to 5 and pods with the - same labelSelector spread as 2/2/2: - | zone1 | zone2 | zone3 | | P - P | P P | P P | The number - of domains is less than 5(MinDomains), - so \"global minimum\" is treated - as 0. In this situation, new pod - with the same labelSelector cannot - be scheduled, because computed - skew will be 3(3 - 0) if new Pod - is scheduled to any of the three - zones, it will violate MaxSkew." format: int32 type: integer nodeAffinityPolicy: - description: "NodeAffinityPolicy - indicates how we will treat Pod's - nodeAffinity/nodeSelector when - calculating pod topology spread - skew. Options are: - Honor: only - nodes matching nodeAffinity/nodeSelector - are included in the calculations. - - Ignore: nodeAffinity/nodeSelector - are ignored. All nodes are included - in the calculations. \n If this - value is nil, the behavior is - equivalent to the Honor policy. - This is a beta-level feature default - enabled by the NodeInclusionPolicyInPodTopologySpread - feature flag." type: string nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates - how we will treat node taints - when calculating pod topology - spread skew. Options are: - Honor: - nodes without taints, along with - tainted nodes for which the incoming - pod has a toleration, are included. - - Ignore: node taints are ignored. - All nodes are included. \n If - this value is nil, the behavior - is equivalent to the Ignore policy. - This is a beta-level feature default - enabled by the NodeInclusionPolicyInPodTopologySpread - feature flag." type: string topologyKey: - description: TopologyKey is the - key of node labels. Nodes that - have a label with this key and - identical values are considered - to be in the same topology. We - consider each as - a "bucket", and try to put balanced - number of pods into each bucket. - We define a domain as a particular - instance of a topology. Also, - we define an eligible domain as - a domain whose nodes meet the - requirements of nodeAffinityPolicy - and nodeTaintsPolicy. e.g. If - TopologyKey is "kubernetes.io/hostname", - each Node is a domain of that - topology. And, if TopologyKey - is "topology.kubernetes.io/zone", - each zone is a domain of that - topology. It's a required field. type: string whenUnsatisfiable: - description: 'WhenUnsatisfiable - indicates how to deal with a pod - if it doesn''t satisfy the spread - constraint. - DoNotSchedule (default) - tells the scheduler not to schedule - it. - ScheduleAnyway tells the - scheduler to schedule the pod - in any location, but giving higher - precedence to topologies that - would help reduce the skew. A - constraint is considered "Unsatisfiable" - for an incoming pod if and only - if every possible node assignment - for that pod would violate "MaxSkew" - on some topology. For example, - in a 3-zone cluster, MaxSkew is - set to 1, and pods with the same - labelSelector spread as 3/1/1: - | zone1 | zone2 | zone3 | | P - P P | P | P | If WhenUnsatisfiable - is set to DoNotSchedule, incoming - pod can only be scheduled to zone2(zone3) - to become 3/2/1(3/1/2) as ActualSkew(2-1) - on zone2(zone3) satisfies MaxSkew(1). - In other words, the cluster can - still be imbalanced, but scheduler - won''t make it *more* imbalanced. - It''s a required field.' type: string required: - maxSkew @@ -19538,152 +6400,63 @@ spec: type: object type: object timeout: - description: Timeout specifies a duration in seconds - that KubeStash should wait for the hook execution - to be completed. If the hook execution does - not finish within this time period, KubeStash - will consider this hook execution as failure. - Then, it will be re-tried according to MaxRetry - policy. type: string variables: - description: Variables specifies a list of variables - and their sources that will be used to resolve - the HookTemplate. items: - description: EnvVar represents an environment - variable present in a Container. properties: name: - description: Name of the environment variable. - Must be a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) - are expanded using the previously defined - environment variables in the container - and any service environment variables. - If a variable cannot be resolved, the - reference in the input string will be - unchanged. Double $$ are reduced to a - single $, which allows for escaping the - $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" - will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, - regardless of whether the variable exists - or not. Defaults to "".' type: string valueFrom: - description: Source for the environment - variable's value. Cannot be used if value - is not empty. properties: configMapKeyRef: - description: Selects a key of a ConfigMap. properties: key: - description: The key to select. type: string name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the - ConfigMap or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of the - pod: supports metadata.name, metadata.namespace, - `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, status.podIPs.' properties: apiVersion: - description: Version of the schema - the FieldPath is written in terms - of, defaults to "v1". type: string fieldPath: - description: Path of the field to - select in the specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource of - the container: only resources limits - and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' properties: containerName: - description: 'Container name: required - for volumes, optional for env - vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output - format of the exposed resources, - defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource - to select' type: string required: - resource type: object x-kubernetes-map-type: atomic secretKeyRef: - description: Selects a key of a secret - in the pod's namespace properties: key: - description: The key of the secret - to select from. Must be a valid - secret key. type: string name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the - Secret or its key must be defined type: boolean required: - key @@ -19695,74 +6468,21 @@ spec: type: object type: array volumeMounts: - description: VolumeMounts specifies the mount - for the volumes specified in `Volumes` section - Use this field only for `Function` type hook - executor. items: - description: VolumeMount describes a mounting - of a Volume within a container. properties: mountPath: - description: Path within the container at - which the volume should be mounted. Must - not contain ':'. type: string mountPropagation: - description: mountPropagation determines - how mounts are propagated from the host - to container and the other way around. - When not set, MountPropagationNone is - used. This field is beta in 1.10. When - RecursiveReadOnly is set to IfPossible - or to Enabled, MountPropagation must be - None or unspecified (which defaults to - None). type: string name: - description: This must match the Name of - a Volume. type: string readOnly: - description: Mounted read-only if true, - read-write otherwise (false or unspecified). - Defaults to false. type: boolean recursiveReadOnly: - description: "RecursiveReadOnly specifies - whether read-only mounts should be handled - recursively. \n If ReadOnly is false, - this field has no meaning and must be - unspecified. \n If ReadOnly is true, and - this field is set to Disabled, the mount - is not made recursively read-only. If - this field is set to IfPossible, the mount - is made recursively read-only, if it is - supported by the container runtime. If - this field is set to Enabled, the mount - is made recursively read-only if it is - supported by the container runtime, otherwise - the pod will not be started and an error - will be generated to indicate the reason. - \n If this field is set to IfPossible - or Enabled, MountPropagation must be set - to None (or be unspecified, which defaults - to None). \n If this field is not specified, - it is treated as an equivalent of Disabled." type: string subPath: - description: Path within the volume from - which the container's volume should be - mounted. Defaults to "" (volume's root). type: string subPathExpr: - description: Expanded path within the volume - from which the container's volume should - be mounted. Behaves similarly to SubPath - but environment variable references $(VAR_NAME) - are expanded using the container's environment. - Defaults to "" (volume's root). SubPathExpr - and SubPath are mutually exclusive. type: string required: - mountPath @@ -19770,301 +6490,109 @@ spec: type: object type: array volumes: - description: Volumes indicates the list of volumes - of targeted application that should be mounted - on the hook executor. Use this field only for - `Function` type hook executor. items: - description: Volume represents a named volume - in a pod that may be accessed by any container - in the pod. properties: awsElasticBlockStore: - description: 'awsElasticBlockStore represents - an AWS Disk resource that is attached - to a kubelet''s host machine and then - exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' properties: fsType: - description: 'fsType is the filesystem - type of the volume that you want to - mount. Tip: Ensure that the filesystem - type is supported by the host operating - system. Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if - unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in - the filesystem from compromising the - machine' type: string partition: - description: 'partition is the partition - in the volume that you want to mount. - If omitted, the default is to mount - by volume name. Examples: For volume - /dev/sda1, you specify the partition - as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can leave - the property empty).' format: int32 type: integer readOnly: - description: 'readOnly value true will - force the readOnly setting in VolumeMounts. - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: boolean volumeID: - description: 'volumeID is unique ID - of the persistent disk resource in - AWS (Amazon EBS volume). More info: - https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: string required: - volumeID type: object azureDisk: - description: azureDisk represents an Azure - Data Disk mount on the host and bind mount - to the pod. properties: cachingMode: - description: 'cachingMode is the Host - Caching mode: None, Read Only, Read - Write.' type: string diskName: - description: diskName is the Name of - the data disk in the blob storage type: string diskURI: - description: diskURI is the URI of data - disk in the blob storage type: string fsType: - description: fsType is Filesystem type - to mount. Must be a filesystem type - supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. type: string kind: - description: 'kind expected values are - Shared: multiple blob disks per storage - account Dedicated: single blob disk - per storage account Managed: azure - managed data disk (only in managed - availability set). defaults to shared' type: string readOnly: - description: readOnly Defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. type: boolean required: - diskName - diskURI type: object azureFile: - description: azureFile represents an Azure - File Service mount on the host and bind - mount to the pod. properties: readOnly: - description: readOnly defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. type: boolean secretName: - description: secretName is the name - of secret that contains Azure Storage - Account Name and Key type: string shareName: - description: shareName is the azure - share Name type: string required: - secretName - shareName type: object cephfs: - description: cephFS represents a Ceph FS - mount on the host that shares a pod's - lifetime properties: monitors: - description: 'monitors is Required: - Monitors is a collection of Ceph monitors - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' items: type: string type: array x-kubernetes-list-type: atomic path: - description: 'path is Optional: Used - as the mounted root, rather than the - full Ceph tree, default is /' type: string readOnly: - description: 'readOnly is Optional: - Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting - in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: boolean secretFile: - description: 'secretFile is Optional: - SecretFile is the path to key ring - for User, default is /etc/ceph/user.secret - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string secretRef: - description: 'secretRef is Optional: - SecretRef is reference to the authentication - secret for User, default is empty. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is optional: User - is the rados user name, default is - admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string required: - monitors type: object cinder: - description: 'cinder represents a cinder - volume attached and mounted on kubelets - host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' properties: fsType: - description: 'fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if - unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string readOnly: - description: 'readOnly defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: boolean secretRef: - description: 'secretRef is optional: - points to a secret object containing - parameters used to connect to OpenStack.' properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic volumeID: - description: 'volumeID used to identify - the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string required: - volumeID type: object configMap: - description: configMap represents a configMap - that should populate this volume properties: defaultMode: - description: 'defaultMode is optional: - mode bits used to set permissions - on created files by default. Must - be an octal value between 0000 and - 0777 or a decimal value between 0 - and 511. YAML accepts both octal and - decimal values, JSON requires decimal - values for mode bits. Defaults to - 0644. Directories within the path - are not affected by this setting. - This might be in conflict with other - options that affect the file mode, - like fsGroup, and the result can be - other mode bits set.' format: int32 type: integer items: - description: items if unspecified, each - key-value pair in the Data field of - the referenced ConfigMap will be projected - into the volume as a file whose name - is the key and content is the value. - If specified, the listed keys will - be projected into the specified paths, - and unlisted keys will not be present. - If a key is specified which is not - present in the ConfigMap, the volume - setup will error unless it is marked - optional. Paths must be relative and - may not contain the '..' path or start - with '..'. items: - description: Maps a string key to - a path within a volume. properties: key: - description: key is the key to - project. type: string mode: - description: 'mode is Optional: - mode bits used to set permissions - on this file. Must be an octal - value between 0000 and 0777 - or a decimal value between 0 - and 511. YAML accepts both octal - and decimal values, JSON requires - decimal values for mode bits. - If not specified, the volume - defaultMode will be used. This - might be in conflict with other - options that affect the file - mode, like fsGroup, and the - result can be other mode bits - set.' format: int32 type: integer path: - description: path is the relative - path of the file to map the - key to. May not be an absolute - path. May not contain the path - element '..'. May not start - with the string '..'. type: string required: - key @@ -20074,191 +6602,67 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value here - are almost certainly wrong. TODO: - Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional specify whether - the ConfigMap or its keys must be - defined type: boolean type: object x-kubernetes-map-type: atomic csi: - description: csi (Container Storage Interface) - represents ephemeral storage that is handled - by certain external CSI drivers (Beta - feature). properties: driver: - description: driver is the name of the - CSI driver that handles this volume. - Consult with your admin for the correct - name as registered in the cluster. type: string fsType: - description: fsType to mount. Ex. "ext4", - "xfs", "ntfs". If not provided, the - empty value is passed to the associated - CSI driver which will determine the - default filesystem to apply. type: string nodePublishSecretRef: - description: nodePublishSecretRef is - a reference to the secret object containing - sensitive information to pass to the - CSI driver to complete the CSI NodePublishVolume - and NodeUnpublishVolume calls. This - field is optional, and may be empty - if no secret is required. If the secret - object contains more than one secret, - all secret references are passed. properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic readOnly: - description: readOnly specifies a read-only - configuration for the volume. Defaults - to false (read/write). type: boolean volumeAttributes: additionalProperties: type: string - description: volumeAttributes stores - driver-specific properties that are - passed to the CSI driver. Consult - your driver's documentation for supported - values. type: object required: - driver type: object downwardAPI: - description: downwardAPI represents downward - API about the pod that should populate - this volume properties: defaultMode: - description: 'Optional: mode bits to - use on created files by default. Must - be a Optional: mode bits used to set - permissions on created files by default. - Must be an octal value between 0000 - and 0777 or a decimal value between - 0 and 511. YAML accepts both octal - and decimal values, JSON requires - decimal values for mode bits. Defaults - to 0644. Directories within the path - are not affected by this setting. - This might be in conflict with other - options that affect the file mode, - like fsGroup, and the result can be - other mode bits set.' format: int32 type: integer items: - description: Items is a list of downward - API volume file items: - description: DownwardAPIVolumeFile - represents information to create - the file containing the pod field properties: fieldRef: - description: 'Required: Selects - a field of the pod: only annotations, - labels, name, namespace and - uid are supported.' properties: apiVersion: - description: Version of the - schema the FieldPath is - written in terms of, defaults - to "v1". type: string fieldPath: - description: Path of the field - to select in the specified - API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: mode bits - used to set permissions on this - file, must be an octal value - between 0000 and 0777 or a decimal - value between 0 and 511. YAML - accepts both octal and decimal - values, JSON requires decimal - values for mode bits. If not - specified, the volume defaultMode - will be used. This might be - in conflict with other options - that affect the file mode, like - fsGroup, and the result can - be other mode bits set.' format: int32 type: integer path: - description: 'Required: Path is the - relative path name of the file - to be created. Must not be absolute - or contain the ''..'' path. - Must be utf-8 encoded. The first - item of the relative path must - not start with ''..''' type: string resourceFieldRef: - description: 'Selects a resource - of the container: only resources - limits and requests (limits.cpu, - limits.memory, requests.cpu - and requests.memory) are currently - supported.' properties: containerName: - description: 'Container name: - required for volumes, optional - for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the - output format of the exposed - resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource - to select' type: string required: - resource @@ -20271,251 +6675,50 @@ spec: x-kubernetes-list-type: atomic type: object emptyDir: - description: 'emptyDir represents a temporary - directory that shares a pod''s lifetime. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' properties: medium: - description: 'medium represents what - type of storage medium should back - this directory. The default is "" - which means to use the node''s default - medium. Must be an empty string (default) - or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: anyOf: - type: integer - type: string - description: 'sizeLimit is the total - amount of local storage required for - this EmptyDir volume. The size limit - is also applicable for memory medium. - The maximum usage on memory medium - EmptyDir would be the minimum value - between the SizeLimit specified here - and the sum of memory limits of all - containers in a pod. The default is - nil which means that the limit is - undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object ephemeral: - description: "ephemeral represents a volume - that is handled by a cluster storage driver. - The volume's lifecycle is tied to the - pod that defines it - it will be created - before the pod starts, and deleted when - the pod is removed. \n Use this if: a) - the volume is only needed while the pod - runs, b) features of normal volumes like - restoring from snapshot or capacity tracking - are needed, c) the storage driver is specified - through a storage class, and d) the storage - driver supports dynamic volume provisioning - through a PersistentVolumeClaim (see EphemeralVolumeSource - for more information on the connection - between this volume type and PersistentVolumeClaim). - \n Use PersistentVolumeClaim or one of - the vendor-specific APIs for volumes that - persist for longer than the lifecycle - of an individual pod. \n Use CSI for light-weight - local ephemeral volumes if the CSI driver - is meant to be used that way - see the - documentation of the driver for more information. - \n A pod can use both types of ephemeral - volumes and persistent volumes at the - same time." properties: volumeClaimTemplate: - description: "Will be used to create - a stand-alone PVC to provision the - volume. The pod in which this EphemeralVolumeSource - is embedded will be the owner of the - PVC, i.e. the PVC will be deleted - together with the pod. The name of - the PVC will be `-` where `` is the - name from the `PodSpec.Volumes` array - entry. Pod validation will reject - the pod if the concatenated name is - not valid for a PVC (for example, - too long). \n An existing PVC with - that name that is not owned by the - pod will *not* be used for the pod - to avoid using an unrelated volume - by mistake. Starting the pod is then - blocked until the unrelated PVC is - removed. If such a pre-created PVC - is meant to be used by the pod, the - PVC has to updated with an owner reference - to the pod once the pod exists. Normally - this should not be necessary, but - it may be useful when manually reconstructing - a broken cluster. \n This field is - read-only and no changes will be made - by Kubernetes to the PVC after it - has been created. \n Required, must - not be nil." properties: metadata: - description: May contain labels - and annotations that will be copied - into the PVC when creating it. - No other fields are allowed and - will be rejected during validation. properties: annotations: additionalProperties: type: string - description: 'Annotations is - an unstructured key value - map stored with a resource - that may be set by external - tools to store and retrieve - arbitrary metadata. They are - not queryable and should be - preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations' type: object generateName: - description: "GenerateName is - an optional prefix, used by - the server, to generate a - unique name ONLY IF the Name - field has not been provided. - If this field is used, the - name returned to the client - will be different than the - name passed. This value will - also be combined with a unique - suffix. The provided value - has the same validation rules - as the Name field, and may - be truncated by the length - of the suffix required to - make the value unique on the - server. \n If this field is - specified and the generated - name exists, the server will - NOT return a 409 - instead, - it will either return 201 - Created or 500 with Reason - ServerTimeout indicating a - unique name could not be found - in the time allotted, and - the client should retry (optionally - after the time indicated in - the Retry-After header). \n - Applied only if Name is not - specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" type: string labels: additionalProperties: type: string - description: 'Map of string - keys and values that can be - used to organize and categorize - (scope and select) objects. - May match selectors of replication - controllers and services. - More info: http://kubernetes.io/docs/user-guide/labels' type: object name: - description: 'Name must be unique - within a namespace. Is required - when creating resources, although - some resources may allow a - client to request the generation - of an appropriate name automatically. - Name is primarily intended - for creation idempotence and - configuration definition. - Cannot be updated. More info: - http://kubernetes.io/docs/user-guide/identifiers#names' type: string namespace: - description: "Namespace defines - the space within each name - must be unique. An empty namespace - is equivalent to the \"default\" - namespace, but \"default\" - is the canonical representation. - Not all objects are required - to be scoped to a namespace - - the value of this field - for those objects will be - empty. \n Must be a DNS_LABEL. - Cannot be updated. More info: - http://kubernetes.io/docs/user-guide/namespaces" type: string ownerReferences: - description: List of objects - depended by this object. If - ALL objects in the list have - been deleted, this object - will be garbage collected. - If this object is managed - by a controller, then an entry - in this list will point to - this controller, with the - controller field set to true. - There cannot be more than - one managing controller. items: - description: OwnerReference - contains enough information - to let you identify an owning - object. An owning object - must be in the same namespace - as the dependent, or be - cluster-scoped, so there - is no namespace field. properties: apiVersion: - description: API version - of the referent. type: string blockOwnerDeletion: - description: If true, - AND if the owner has - the "foregroundDeletion" - finalizer, then the - owner cannot be deleted - from the key-value store - until this reference - is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion - for how the garbage - collector interacts - with this field and - enforces the foreground - deletion. Defaults to - false. To set this field, - a user needs "delete" - permission of the owner, - otherwise 422 (Unprocessable - Entity) will be returned. type: boolean controller: - description: If true, - this reference points - to the managing controller. type: boolean kind: - description: 'Kind of - the referent. More info: - https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string name: - description: 'Name of - the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: - description: 'UID of the - referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -20527,63 +6730,19 @@ spec: type: array type: object spec: - description: The specification for - the PersistentVolumeClaim. The - entire content is copied unchanged - into the PVC that gets created - from this template. The same fields - as in a PersistentVolumeClaim - are also valid here. properties: accessModes: - description: 'accessModes contains - the desired access modes the - volume should have. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array x-kubernetes-list-type: atomic dataSource: - description: 'dataSource field - can be used to specify either: - * An existing VolumeSnapshot - object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an external - controller can support the - specified data source, it - will create a new volume based - on the contents of the specified - data source. When the AnyVolumeDataSource - feature gate is enabled, dataSource - contents will be copied to - dataSourceRef, and dataSourceRef - contents will be copied to - dataSource when dataSourceRef.namespace - is not specified. If the namespace - is specified, then dataSourceRef - will not be copied to dataSource.' properties: apiGroup: - description: APIGroup is - the group for the resource - being referenced. If APIGroup - is not specified, the - specified Kind must be - in the core API group. - For any other third-party - types, APIGroup is required. type: string kind: - description: Kind is the - type of resource being - referenced type: string name: - description: Name is the - name of resource being - referenced type: string required: - kind @@ -20591,110 +6750,20 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef - specifies the object from - which to populate the volume - with data, if a non-empty - volume is desired. This may - be any object from a non-empty - API group (non core object) - or a PersistentVolumeClaim - object. When this field is - specified, volume binding - will only succeed if the type - of the specified object matches - some installed volume populator - or dynamic provisioner. This - field will replace the functionality - of the dataSource field and - as such if both fields are - non-empty, they must have - the same value. For backwards - compatibility, when namespace - isn''t specified in dataSourceRef, - both fields (dataSource and - dataSourceRef) will be set - to the same value automatically - if one of them is empty and - the other is non-empty. When - namespace is specified in - dataSourceRef, dataSource - isn''t set to the same value - and must be empty. There are - three important differences - between dataSource and dataSourceRef: - * While dataSource only allows - two specific types of objects, - dataSourceRef allows any non-core - object, as well as PersistentVolumeClaim - objects. * While dataSource - ignores disallowed values - (dropping them), dataSourceRef - preserves all values, and - generates an error if a disallowed - value is specified. * While - dataSource only allows local - objects, dataSourceRef allows - objects in any namespaces. - (Beta) Using this field requires - the AnyVolumeDataSource feature - gate to be enabled. (Alpha) - Using the namespace field - of dataSourceRef requires - the CrossNamespaceVolumeDataSource - feature gate to be enabled.' properties: apiGroup: - description: APIGroup is - the group for the resource - being referenced. If APIGroup - is not specified, the - specified Kind must be - in the core API group. - For any other third-party - types, APIGroup is required. type: string kind: - description: Kind is the - type of resource being - referenced type: string name: - description: Name is the - name of resource being - referenced type: string namespace: - description: Namespace is - the namespace of resource - being referenced Note - that when a namespace - is specified, a gateway.networking.k8s.io/ReferenceGrant - object is required in - the referent namespace - to allow that namespace's - owner to accept the reference. - See the ReferenceGrant - documentation for details. - (Alpha) This field requires - the CrossNamespaceVolumeDataSource - feature gate to be enabled. type: string required: - kind - name type: object resources: - description: 'resources represents - the minimum resources the - volume should have. If RecoverVolumeExpansionFailure - feature is enabled users are - allowed to specify resource - requirements that are lower - than previous value but must - still be higher than capacity - recorded in the status field - of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: @@ -20703,10 +6772,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes - the maximum amount of - compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -20715,66 +6780,18 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes - the minimum amount of - compute resources required. - If Requests is omitted - for a container, it defaults - to Limits if that is explicitly - specified, otherwise to - an implementation-defined - value. Requests cannot - exceed Limits. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: - description: selector is a label - query over volumes to consider - for binding. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key - and values. properties: key: - description: key is - the label key that - the selector applies - to. type: string operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values - is an array of string - values. If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. This - array is replaced - during a strategic - merge patch. items: type: string type: array @@ -20788,69 +6805,16 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an element - of matchExpressions, whose - key field is "key", the - operator is "In", and - the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName - is the name of the StorageClass - required by the claim. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeAttributesClassName: - description: 'volumeAttributesClassName - may be used to set the VolumeAttributesClass - used by this claim. If specified, - the CSI driver will create - or update the volume with - the attributes defined in - the corresponding VolumeAttributesClass. - This has a different purpose - than storageClassName, it - can be changed after the claim - is created. An empty string - value means that no VolumeAttributesClass - will be applied to the claim - but it''s not allowed to reset - this field to empty string - once it is set. If unspecified - and the PersistentVolumeClaim - is unbound, the default VolumeAttributesClass - will be set by the persistentvolume - controller if it exists. If - the resource referred to by - volumeAttributesClass does - not exist, this PersistentVolumeClaim - will be set to a Pending state, - as reflected by the modifyVolumeStatus - field, until such as a resource - exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires - the VolumeAttributesClass - feature gate to be enabled.' type: string volumeMode: - description: volumeMode defines - what type of volume is required - by the claim. Value of Filesystem - is implied when not included - in claim spec. type: string volumeName: - description: volumeName is the - binding reference to the PersistentVolume - backing this claim. type: string type: object required: @@ -20858,103 +6822,41 @@ spec: type: object type: object fc: - description: fc represents a Fibre Channel - resource that is attached to a kubelet's - host machine and then exposed to the pod. properties: fsType: - description: 'fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if - unspecified. TODO: how do we prevent - errors in the filesystem from compromising - the machine' type: string lun: - description: 'lun is Optional: FC target - lun number' format: int32 type: integer readOnly: - description: 'readOnly is Optional: - Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting - in VolumeMounts.' type: boolean targetWWNs: - description: 'targetWWNs is Optional: - FC target worldwide names (WWNs)' items: type: string type: array x-kubernetes-list-type: atomic wwids: - description: 'wwids Optional: FC volume - world wide identifiers (wwids) Either - wwids or combination of targetWWNs - and lun must be set, but not both - simultaneously.' items: type: string type: array x-kubernetes-list-type: atomic type: object flexVolume: - description: flexVolume represents a generic - volume resource that is provisioned/attached - using an exec based plugin. properties: driver: - description: driver is the name of the - driver to use for this volume. type: string fsType: - description: fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - The default filesystem depends on - FlexVolume script. type: string options: additionalProperties: type: string - description: 'options is Optional: this - field holds extra command options - if any.' type: object readOnly: - description: 'readOnly is Optional: - defaults to false (read/write). ReadOnly - here will force the ReadOnly setting - in VolumeMounts.' type: boolean secretRef: - description: 'secretRef is Optional: - secretRef is reference to the secret - object containing sensitive information - to pass to the plugin scripts. This - may be empty if no secret object is - specified. If the secret object contains - more than one secret, all secrets - are passed to the plugin scripts.' properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic @@ -20962,207 +6864,79 @@ spec: - driver type: object flocker: - description: flocker represents a Flocker - volume attached to a kubelet's host machine. - This depends on the Flocker control service - being running properties: datasetName: - description: datasetName is Name of - the dataset stored as metadata -> - name on the dataset for Flocker should - be considered as deprecated type: string datasetUUID: - description: datasetUUID is the UUID - of the dataset. This is unique identifier - of a Flocker dataset type: string type: object gcePersistentDisk: - description: 'gcePersistentDisk represents - a GCE Disk resource that is attached to - a kubelet''s host machine and then exposed - to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' properties: fsType: - description: 'fsType is filesystem type - of the volume that you want to mount. - Tip: Ensure that the filesystem type - is supported by the host operating - system. Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if - unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in - the filesystem from compromising the - machine' type: string partition: - description: 'partition is the partition - in the volume that you want to mount. - If omitted, the default is to mount - by volume name. Examples: For volume - /dev/sda1, you specify the partition - as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can leave - the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' format: int32 type: integer pdName: - description: 'pdName is unique name - of the PD resource in GCE. Used to - identify the disk in GCE. More info: - https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: string readOnly: - description: 'readOnly here will force - the ReadOnly setting in VolumeMounts. - Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: boolean required: - pdName type: object glusterfs: - description: 'glusterfs represents a Glusterfs - mount on the host that shares a pod''s - lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' properties: endpoints: - description: 'endpoints is the endpoint - name that details Glusterfs topology. - More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string path: - description: 'path is the Glusterfs - volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string readOnly: - description: 'readOnly here will force - the Glusterfs volume to be mounted - with read-only permissions. Defaults - to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: boolean required: - endpoints - path type: object hostPath: - description: 'hostPath represents a pre-existing - file or directory on the host machine - that is directly exposed to the container. - This is generally used for system agents - or other privileged things that are allowed - to see the host machine. Most containers - will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict - who can use host directory mounts and - who can/can not mount host directories - as read/write.' properties: path: - description: 'path of the directory - on the host. If the path is a symlink, - it will follow the link to the real - path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string type: - description: 'type for HostPath Volume - Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string required: - path type: object iscsi: - description: 'iscsi represents an ISCSI - Disk resource that is attached to a kubelet''s - host machine and then exposed to the pod. - More info: https://examples.k8s.io/volumes/iscsi/README.md' properties: chapAuthDiscovery: - description: chapAuthDiscovery defines - whether support iSCSI Discovery CHAP - authentication type: boolean chapAuthSession: - description: chapAuthSession defines - whether support iSCSI Session CHAP - authentication type: boolean fsType: - description: 'fsType is the filesystem - type of the volume that you want to - mount. Tip: Ensure that the filesystem - type is supported by the host operating - system. Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if - unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in - the filesystem from compromising the - machine' type: string initiatorName: - description: initiatorName is the custom - iSCSI Initiator Name. If initiatorName - is specified with iscsiInterface simultaneously, - new iSCSI interface : will be created for the connection. type: string iqn: - description: iqn is the target iSCSI - Qualified Name. type: string iscsiInterface: - description: iscsiInterface is the interface - Name that uses an iSCSI transport. - Defaults to 'default' (tcp). type: string lun: - description: lun represents iSCSI Target - Lun number. format: int32 type: integer portals: - description: portals is the iSCSI Target - Portal List. The portal is either - an IP or ip_addr:port if the port - is other than default (typically TCP - ports 860 and 3260). items: type: string type: array x-kubernetes-list-type: atomic readOnly: - description: readOnly here will force - the ReadOnly setting in VolumeMounts. - Defaults to false. type: boolean secretRef: - description: secretRef is the CHAP Secret - for iSCSI target and initiator authentication properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic targetPortal: - description: targetPortal is iSCSI Target - Portal. The Portal is either an IP - or ip_addr:port if the port is other - than default (typically TCP ports - 860 and 3260). type: string required: - iqn @@ -21170,204 +6944,68 @@ spec: - targetPortal type: object name: - description: 'name of the volume. Must be - a DNS_LABEL and unique within the pod. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string nfs: - description: 'nfs represents an NFS mount - on the host that shares a pod''s lifetime - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' properties: path: - description: 'path that is exported - by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string readOnly: - description: 'readOnly here will force - the NFS export to be mounted with - read-only permissions. Defaults to - false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: boolean server: - description: 'server is the hostname - or IP address of the NFS server. More - info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string required: - path - server type: object persistentVolumeClaim: - description: 'persistentVolumeClaimVolumeSource - represents a reference to a PersistentVolumeClaim - in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: claimName: - description: 'claimName is the name - of a PersistentVolumeClaim in the - same namespace as the pod using this - volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' type: string readOnly: - description: readOnly Will force the - ReadOnly setting in VolumeMounts. - Default false. type: boolean required: - claimName type: object photonPersistentDisk: - description: photonPersistentDisk represents - a PhotonController persistent disk attached - and mounted on kubelets host machine properties: fsType: - description: fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if - unspecified. type: string pdID: - description: pdID is the ID that identifies - Photon Controller persistent disk type: string required: - pdID type: object portworxVolume: - description: portworxVolume represents a - portworx volume attached and mounted on - kubelets host machine properties: fsType: - description: fSType represents the filesystem - type to mount Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs". Implicitly - inferred to be "ext4" if unspecified. type: string readOnly: - description: readOnly defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. type: boolean volumeID: - description: volumeID uniquely identifies - a Portworx volume type: string required: - volumeID type: object projected: - description: projected items for all in - one resources secrets, configmaps, and - downward API properties: defaultMode: - description: defaultMode are the mode - bits used to set permissions on created - files by default. Must be an octal - value between 0000 and 0777 or a decimal - value between 0 and 511. YAML accepts - both octal and decimal values, JSON - requires decimal values for mode bits. - Directories within the path are not - affected by this setting. This might - be in conflict with other options - that affect the file mode, like fsGroup, - and the result can be other mode bits - set. format: int32 type: integer sources: - description: sources is the list of - volume projections items: - description: Projection that may be - projected along with other supported - volume types properties: clusterTrustBundle: - description: "ClusterTrustBundle - allows a pod to access the `.spec.trustBundle` - field of ClusterTrustBundle - objects in an auto-updating - file. \n Alpha, gated by the - ClusterTrustBundleProjection - feature gate. \n ClusterTrustBundle - objects can either be selected - by name, or by the combination - of signer name and a label selector. - \n Kubelet performs aggressive - normalization of the PEM contents - written into the pod filesystem. - \ Esoteric PEM features such - as inter-block comments and - block headers are stripped. - \ Certificates are deduplicated. - The ordering of certificates - within the file is arbitrary, - and Kubelet may change the order - over time." properties: labelSelector: - description: Select all ClusterTrustBundles - that match this label selector. Only - has effect if signerName - is set. Mutually-exclusive - with name. If unset, interpreted - as "match nothing". If - set but empty, interpreted - as "match everything". properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. properties: key: - description: key - is the label key - that the selector - applies to. type: string operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. items: type: string type: array @@ -21381,123 +7019,31 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. type: object type: object x-kubernetes-map-type: atomic name: - description: Select a single - ClusterTrustBundle by object - name. Mutually-exclusive - with signerName and labelSelector. type: string optional: - description: If true, don't - block pod startup if the - referenced ClusterTrustBundle(s) - aren't available. If using - name, then the named ClusterTrustBundle - is allowed not to exist. If - using signerName, then the - combination of signerName - and labelSelector is allowed - to match zero ClusterTrustBundles. type: boolean path: - description: Relative path - from the volume root to - write the bundle. type: string signerName: - description: Select all ClusterTrustBundles - that match this signer name. - Mutually-exclusive with - name. The contents of all - selected ClusterTrustBundles - will be unified and deduplicated. type: string required: - path type: object configMap: - description: configMap information - about the configMap data to - project properties: items: - description: items if unspecified, - each key-value pair in the - Data field of the referenced - ConfigMap will be projected - into the volume as a file - whose name is the key and - content is the value. If - specified, the listed keys - will be projected into the - specified paths, and unlisted - keys will not be present. - If a key is specified which - is not present in the ConfigMap, - the volume setup will error - unless it is marked optional. - Paths must be relative and - may not contain the '..' - path or start with '..'. items: - description: Maps a string - key to a path within a - volume. properties: key: - description: key is - the key to project. type: string mode: - description: 'mode is - Optional: mode bits - used to set permissions - on this file. Must - be an octal value - between 0000 and 0777 - or a decimal value - between 0 and 511. - YAML accepts both - octal and decimal - values, JSON requires - decimal values for - mode bits. If not - specified, the volume - defaultMode will be - used. This might be - in conflict with other - options that affect - the file mode, like - fsGroup, and the result - can be other mode - bits set.' format: int32 type: integer path: - description: path is - the relative path - of the file to map - the key to. May not - be an absolute path. - May not contain the - path element '..'. - May not start with - the string '..'. type: string required: - key @@ -21507,134 +7053,42 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of the - referent. This field is - effectively required, but - due to backwards compatibility - is allowed to be empty. - Instances of this type with - an empty value here are - almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional specify - whether the ConfigMap or - its keys must be defined type: boolean type: object x-kubernetes-map-type: atomic downwardAPI: - description: downwardAPI information - about the downwardAPI data to - project properties: items: - description: Items is a list - of DownwardAPIVolume file items: - description: DownwardAPIVolumeFile - represents information - to create the file containing - the pod field properties: fieldRef: - description: 'Required: - Selects a field of - the pod: only annotations, - labels, name, namespace - and uid are supported.' properties: apiVersion: - description: Version - of the schema - the FieldPath - is written in - terms of, defaults - to "v1". type: string fieldPath: - description: Path - of the field to - select in the - specified API - version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: - mode bits used to - set permissions on - this file, must be - an octal value between - 0000 and 0777 or a - decimal value between - 0 and 511. YAML accepts - both octal and decimal - values, JSON requires - decimal values for - mode bits. If not - specified, the volume - defaultMode will be - used. This might be - in conflict with other - options that affect - the file mode, like - fsGroup, and the result - can be other mode - bits set.' format: int32 type: integer path: - description: 'Required: - Path is the relative - path name of the file - to be created. Must - not be absolute or - contain the ''..'' - path. Must be utf-8 - encoded. The first - item of the relative - path must not start - with ''..''' type: string resourceFieldRef: - description: 'Selects - a resource of the - container: only resources - limits and requests - (limits.cpu, limits.memory, - requests.cpu and requests.memory) - are currently supported.' properties: containerName: - description: 'Container - name: required - for volumes, optional - for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies - the output format - of the exposed - resources, defaults - to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: - resource to select' type: string required: - resource @@ -21647,72 +7101,16 @@ spec: x-kubernetes-list-type: atomic type: object secret: - description: secret information - about the secret data to project properties: items: - description: items if unspecified, - each key-value pair in the - Data field of the referenced - Secret will be projected - into the volume as a file - whose name is the key and - content is the value. If - specified, the listed keys - will be projected into the - specified paths, and unlisted - keys will not be present. - If a key is specified which - is not present in the Secret, - the volume setup will error - unless it is marked optional. - Paths must be relative and - may not contain the '..' - path or start with '..'. items: - description: Maps a string - key to a path within a - volume. properties: key: - description: key is - the key to project. type: string mode: - description: 'mode is - Optional: mode bits - used to set permissions - on this file. Must - be an octal value - between 0000 and 0777 - or a decimal value - between 0 and 511. - YAML accepts both - octal and decimal - values, JSON requires - decimal values for - mode bits. If not - specified, the volume - defaultMode will be - used. This might be - in conflict with other - options that affect - the file mode, like - fsGroup, and the result - can be other mode - bits set.' format: int32 type: integer path: - description: path is - the relative path - of the file to map - the key to. May not - be an absolute path. - May not contain the - path element '..'. - May not start with - the string '..'. type: string required: - key @@ -21722,68 +7120,19 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of the - referent. This field is - effectively required, but - due to backwards compatibility - is allowed to be empty. - Instances of this type with - an empty value here are - almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional field - specify whether the Secret - or its key must be defined type: boolean type: object x-kubernetes-map-type: atomic serviceAccountToken: - description: serviceAccountToken - is information about the serviceAccountToken - data to project properties: audience: - description: audience is the - intended audience of the - token. A recipient of a - token must identify itself - with an identifier specified - in the audience of the token, - and otherwise should reject - the token. The audience - defaults to the identifier - of the apiserver. type: string expirationSeconds: - description: expirationSeconds - is the requested duration - of validity of the service - account token. As the token - approaches expiration, the - kubelet volume plugin will - proactively rotate the service - account token. The kubelet - will start trying to rotate - the token if the token is - older than 80 percent of - its time to live or if the - token is older than 24 hours.Defaults - to 1 hour and must be at - least 10 minutes. format: int64 type: integer path: - description: path is the path - relative to the mount point - of the file to project the - token into. type: string required: - path @@ -21793,196 +7142,79 @@ spec: x-kubernetes-list-type: atomic type: object quobyte: - description: quobyte represents a Quobyte - mount on the host that shares a pod's - lifetime properties: group: - description: group to map volume access - to Default is no group type: string readOnly: - description: readOnly here will force - the Quobyte volume to be mounted with - read-only permissions. Defaults to - false. type: boolean registry: - description: registry represents a single - or multiple Quobyte Registry services - specified as a string as host:port - pair (multiple entries are separated - with commas) which acts as the central - registry for volumes type: string tenant: - description: tenant owning the given - Quobyte volume in the Backend Used - with dynamically provisioned Quobyte - volumes, value is set by the plugin type: string user: - description: user to map volume access - to Defaults to serivceaccount user type: string volume: - description: volume is a string that - references an already created Quobyte - volume by name. type: string required: - registry - volume type: object rbd: - description: 'rbd represents a Rados Block - Device mount on the host that shares a - pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' properties: fsType: - description: 'fsType is the filesystem - type of the volume that you want to - mount. Tip: Ensure that the filesystem - type is supported by the host operating - system. Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if - unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in - the filesystem from compromising the - machine' type: string image: - description: 'image is the rados image - name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string keyring: - description: 'keyring is the path to - key ring for RBDUser. Default is /etc/ceph/keyring. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string monitors: - description: 'monitors is a collection - of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' items: type: string type: array x-kubernetes-list-type: atomic pool: - description: 'pool is the rados pool - name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string readOnly: - description: 'readOnly here will force - the ReadOnly setting in VolumeMounts. - Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: boolean secretRef: - description: 'secretRef is name of the - authentication secret for RBDUser. - If provided overrides keyring. Default - is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is the rados user - name. Default is admin. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string required: - image - monitors type: object scaleIO: - description: scaleIO represents a ScaleIO - persistent volume attached and mounted - on Kubernetes nodes. properties: fsType: - description: fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Default is "xfs". type: string gateway: - description: gateway is the host address - of the ScaleIO API Gateway. type: string protectionDomain: - description: protectionDomain is the - name of the ScaleIO Protection Domain - for the configured storage. type: string readOnly: - description: readOnly Defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: secretRef references to - the secret for ScaleIO user and other - sensitive information. If this is - not provided, Login operation will - fail. properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic sslEnabled: - description: sslEnabled Flag enable/disable - SSL communication with Gateway, default - false type: boolean storageMode: - description: storageMode indicates whether - the storage for a volume should be - ThickProvisioned or ThinProvisioned. - Default is ThinProvisioned. type: string storagePool: - description: storagePool is the ScaleIO - Storage Pool associated with the protection - domain. type: string system: - description: system is the name of the - storage system as configured in ScaleIO. type: string volumeName: - description: volumeName is the name - of a volume already created in the - ScaleIO system that is associated - with this volume source. type: string required: - gateway @@ -21990,75 +7222,19 @@ spec: - system type: object secret: - description: 'secret represents a secret - that should populate this volume. More - info: https://kubernetes.io/docs/concepts/storage/volumes#secret' properties: defaultMode: - description: 'defaultMode is Optional: - mode bits used to set permissions - on created files by default. Must - be an octal value between 0000 and - 0777 or a decimal value between 0 - and 511. YAML accepts both octal and - decimal values, JSON requires decimal - values for mode bits. Defaults to - 0644. Directories within the path - are not affected by this setting. - This might be in conflict with other - options that affect the file mode, - like fsGroup, and the result can be - other mode bits set.' format: int32 type: integer items: - description: items If unspecified, each - key-value pair in the Data field of - the referenced Secret will be projected - into the volume as a file whose name - is the key and content is the value. - If specified, the listed keys will - be projected into the specified paths, - and unlisted keys will not be present. - If a key is specified which is not - present in the Secret, the volume - setup will error unless it is marked - optional. Paths must be relative and - may not contain the '..' path or start - with '..'. items: - description: Maps a string key to - a path within a volume. properties: key: - description: key is the key to - project. type: string mode: - description: 'mode is Optional: - mode bits used to set permissions - on this file. Must be an octal - value between 0000 and 0777 - or a decimal value between 0 - and 511. YAML accepts both octal - and decimal values, JSON requires - decimal values for mode bits. - If not specified, the volume - defaultMode will be used. This - might be in conflict with other - options that affect the file - mode, like fsGroup, and the - result can be other mode bits - set.' format: int32 type: integer path: - description: path is the relative - path of the file to map the - key to. May not be an absolute - path. May not contain the path - element '..'. May not start - with the string '..'. type: string required: - key @@ -22067,102 +7243,37 @@ spec: type: array x-kubernetes-list-type: atomic optional: - description: optional field specify - whether the Secret or its keys must - be defined type: boolean secretName: - description: 'secretName is the name - of the secret in the pod''s namespace - to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' type: string type: object storageos: - description: storageOS represents a StorageOS - volume attached and mounted on Kubernetes - nodes. properties: fsType: - description: fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if - unspecified. type: string readOnly: - description: readOnly defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: secretRef specifies the - secret to use for obtaining the StorageOS - API credentials. If not specified, - default values will be attempted. properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic volumeName: - description: volumeName is the human-readable - name of the StorageOS volume. Volume - names are only unique within a namespace. type: string volumeNamespace: - description: volumeNamespace specifies - the scope of the volume within StorageOS. If - no namespace is specified then the - Pod's namespace will be used. This - allows the Kubernetes name scoping - to be mirrored within StorageOS for - tighter integration. Set VolumeName - to any name to override the default - behaviour. Set to "default" if you - are not using namespaces within StorageOS. - Namespaces that do not pre-exist within - StorageOS will be created. type: string type: object vsphereVolume: - description: vsphereVolume represents a - vSphere volume attached and mounted on - kubelets host machine properties: fsType: - description: fsType is filesystem type - to mount. Must be a filesystem type - supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. type: string storagePolicyID: - description: storagePolicyID is the - storage Policy Based Management (SPBM) - profile ID associated with the StoragePolicyName. type: string storagePolicyName: - description: storagePolicyName is the - storage Policy Based Management (SPBM) - profile name. type: string volumePath: - description: volumePath is the path - that identifies vSphere volume vmdk type: string required: - volumePath @@ -22174,223 +7285,93 @@ spec: type: object type: array preBackup: - description: PreBackup specifies a list of hooks that - will be executed before backup items: - description: HookInfo specifies the information about - the backup/restore hooks properties: executionPolicy: default: Always - description: 'ExecutionPolicy specifies when to - execute the hook. Valid values are: - "Always": - KubeStash will execute this hook no matter the - backup/restore failed. This is the default execution - policy. - "OnSuccess": KubeStash will execute - this hook only if the backup/restore has succeeded. - - "OnFailure": KubeStash will execute this hook - only if the backup/restore has failed.' enum: - Always - OnSuccess - OnFailure type: string hookTemplate: - description: HookTemplate points to a HookTemplate - CR that will be used to execute the hook. You - can refer to a HookTemplate from other namespaces - as long as your current namespace is allowed - by the `usagePolicy` in the respective HookTemplate. properties: name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string required: - name type: object maxRetry: - description: MaxRetry specifies how many times - KubeStash should retry the hook execution in - case of failure. The default value of this field - is 0 which means no retry. format: int32 minimum: 0 type: integer name: - description: Name specifies a name for the hook type: string params: - description: Params specifies parameters for the - hook. You must provide the parameter in the - HookTemplates desired structure. type: object x-kubernetes-preserve-unknown-fields: true runtimeSettings: - description: RuntimeSettings specifies runtime - configurations for the hook executor Job. Use - this field only for `Function` type hook executor. properties: container: properties: env: - description: List of environment variables - to set in the container. Cannot be updated. items: - description: EnvVar represents an environment - variable present in a Container. properties: name: - description: Name of the environment - variable. Must be a C_IDENTIFIER. type: string value: - description: 'Variable references - $(VAR_NAME) are expanded using - the previously defined environment - variables in the container and - any service environment variables. - If a variable cannot be resolved, - the reference in the input string - will be unchanged. Double $$ are - reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: - i.e. "$$(VAR_NAME)" will produce - the string literal "$(VAR_NAME)". - Escaped references will never - be expanded, regardless of whether - the variable exists or not. Defaults - to "".' type: string valueFrom: - description: Source for the environment - variable's value. Cannot be used - if value is not empty. properties: configMapKeyRef: - description: Selects a key of - a ConfigMap. properties: key: - description: The key to - select. type: string name: default: "" - description: 'Name of the - referent. This field is - effectively required, - but due to backwards compatibility - is allowed to be empty. - Instances of this type - with an empty value here - are almost certainly wrong. - TODO: Add other useful - fields. apiVersion, kind, - uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether - the ConfigMap or its key - must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field - of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, - status.podIPs.' properties: apiVersion: - description: Version of - the schema the FieldPath - is written in terms of, - defaults to "v1". type: string fieldPath: - description: Path of the - field to select in the - specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource - of the container: only resources - limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, - requests.cpu, requests.memory - and requests.ephemeral-storage) - are currently supported.' properties: containerName: - description: 'Container - name: required for volumes, - optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the - output format of the exposed - resources, defaults to - "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: - resource to select' type: string required: - resource type: object x-kubernetes-map-type: atomic secretKeyRef: - description: Selects a key of - a secret in the pod's namespace properties: key: - description: The key of - the secret to select from. Must - be a valid secret key. type: string name: default: "" - description: 'Name of the - referent. This field is - effectively required, - but due to backwards compatibility - is allowed to be empty. - Instances of this type - with an empty value here - are almost certainly wrong. - TODO: Add other useful - fields. apiVersion, kind, - uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether - the Secret or its key - must be defined type: boolean required: - key @@ -22402,85 +7383,31 @@ spec: type: object type: array envFrom: - description: List of sources to populate - environment variables in the container. - The keys defined within a source must - be a C_IDENTIFIER. All invalid keys - will be reported as an event when the - container is starting. When a key exists - in multiple sources, the value associated - with the last source will take precedence. - Values defined by an Env with a duplicate - key will take precedence. Cannot be - updated. items: - description: EnvFromSource represents - the source of a set of ConfigMaps properties: configMapRef: - description: The ConfigMap to select - from properties: name: default: "" - description: 'Name of the referent. - This field is effectively - required, but due to backwards - compatibility is allowed to - be empty. Instances of this - type with an empty value here - are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether - the ConfigMap must be defined type: boolean type: object x-kubernetes-map-type: atomic prefix: - description: An optional identifier - to prepend to each key in the - ConfigMap. Must be a C_IDENTIFIER. type: string secretRef: - description: The Secret to select - from properties: name: default: "" - description: 'Name of the referent. - This field is effectively - required, but due to backwards - compatibility is allowed to - be empty. Instances of this - type with an empty value here - are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether - the Secret must be defined type: boolean type: object x-kubernetes-map-type: atomic type: object type: array ionice: - description: 'Settings to configure `ionice` - to throttle the load on disk. More info: - http://kennystechtalk.blogspot.com/2015/04/throttling-cpu-usage-with-linux-cgroups.html - More info: https://oakbytes.wordpress.com/2012/06/06/linux-scheduler-cfs-and-nice/' properties: class: format: int32 @@ -22490,76 +7417,27 @@ spec: type: integer type: object lifecycle: - description: Actions that the management - system should take in response to container - lifecycle events. Cannot be updated. properties: postStart: - description: 'PostStart is called - immediately after a container is - created. If the handler fails, the - container is terminated and restarted - according to its restart policy. - Other management of the container - blocks until the hook completes. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: Exec specifies the - action to take. properties: command: - description: Command is the - command line to execute - inside the container, the - working directory for the - command is root ('/') in - the container's filesystem. - The command is simply exec'd, - it is not run inside a shell, - so traditional shell instructions - ('|', etc) won't work. To - use a shell, you need to - explicitly call out to that - shell. Exit status of 0 - is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies - the http request to perform. properties: host: - description: Host name to - connect to, defaults to - the pod IP. You probably - want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. items: - description: HTTPHeader - describes a custom header - to be used in HTTP probes properties: name: - description: The header - field name. This will - be canonicalized upon - output, so case-variant - names will be understood - as the same header. type: string value: - description: The header - field value type: string required: - name @@ -22568,144 +7446,58 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access - on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use - for connecting to the host. - Defaults to HTTP. type: string required: - port type: object sleep: - description: Sleep represents - the duration that the container - should sleep before being terminated. properties: seconds: - description: Seconds is the - number of seconds to sleep. format: int64 type: integer required: - seconds type: object tcpSocket: - description: Deprecated. TCPSocket - is NOT supported as a LifecycleHandler - and kept for the backward compatibility. - There are no validation of this - field and lifecycle hooks will - fail in runtime when tcp handler - is specified. properties: host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: - description: 'PreStop is called immediately - before a container is terminated - due to an API request or management - event such as liveness/startup probe - failure, preemption, resource contention, - etc. The handler is not called if - the container crashes or exits. - The Pod''s termination grace period - countdown begins before the PreStop - hook is executed. Regardless of - the outcome of the handler, the - container will eventually terminate - within the Pod''s termination grace - period (unless delayed by finalizers). - Other management of the container - blocks until the hook completes - or until the termination grace period - is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: Exec specifies the - action to take. properties: command: - description: Command is the - command line to execute - inside the container, the - working directory for the - command is root ('/') in - the container's filesystem. - The command is simply exec'd, - it is not run inside a shell, - so traditional shell instructions - ('|', etc) won't work. To - use a shell, you need to - explicitly call out to that - shell. Exit status of 0 - is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies - the http request to perform. properties: host: - description: Host name to - connect to, defaults to - the pod IP. You probably - want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. items: - description: HTTPHeader - describes a custom header - to be used in HTTP probes properties: name: - description: The header - field name. This will - be canonicalized upon - output, so case-variant - names will be understood - as the same header. type: string value: - description: The header - field value type: string required: - name @@ -22714,63 +7506,33 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access - on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use - for connecting to the host. - Defaults to HTTP. type: string required: - port type: object sleep: - description: Sleep represents - the duration that the container - should sleep before being terminated. properties: seconds: - description: Seconds is the - number of seconds to sleep. format: int64 type: integer required: - seconds type: object tcpSocket: - description: Deprecated. TCPSocket - is NOT supported as a LifecycleHandler - and kept for the backward compatibility. - There are no validation of this - field and lifecycle hooks will - fail in runtime when tcp handler - is specified. properties: host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -22778,93 +7540,38 @@ spec: type: object type: object livenessProbe: - description: 'Periodic probe of container - liveness. Container will be restarted - if the probe fails. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action - to take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the - command is root ('/') in the - container's filesystem. The - command is simply exec'd, it - is not run inside a shell, so - traditional shell instructions - ('|', etc) won't work. To use - a shell, you need to explicitly - call out to that shell. Exit - status of 0 is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults - to 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action - involving a GRPC port. properties: port: - description: Port number of the - gRPC service. Number must be - in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name - of the service to place in the - gRPC HealthCheckRequest (see - https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, - the default behavior is defined - by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the - http request to perform. properties: host: - description: Host name to connect - to, defaults to the pod IP. - You probably want to set "Host" - in httpHeaders instead. type: string httpHeaders: - description: Custom headers to - set in the request. HTTP allows - repeated headers. items: - description: HTTPHeader describes - a custom header to be used - in HTTP probes properties: name: - description: The header - field name. This will - be canonicalized upon - output, so case-variant - names will be understood - as the same header. type: string value: - description: The header - field value type: string required: - name @@ -22873,202 +7580,84 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on - the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for - connecting to the host. Defaults - to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after - the container has started before - liveness probes are initiated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) - to perform the probe. Default to - 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to - 1. Must be 1 for liveness and startup. - Minimum value is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an - action involving a TCP port. properties: host: - description: 'Optional: Host name - to connect to, defaults to the - pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in - seconds the pod needs to terminate - gracefully upon probe failure. The - grace period is the duration in - seconds after the processes running - in the pod are sent a termination - signal and the time when the processes - are forcibly halted with a kill - signal. Set this value longer than - the expected cleanup time for your - process. If this value is nil, the - pod's terminationGracePeriodSeconds - will be used. Otherwise, this value - overrides the value provided by - the pod spec. Value must be non-negative - integer. The value zero indicates - stop immediately via the kill signal - (no opportunity to shut down). This - is a beta field and requires enabling - ProbeTerminationGracePeriod feature - gate. Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after - which the probe times out. Defaults - to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object nice: - description: 'Settings to configure `nice` - to throttle the load on cpu. More info: - http://kennystechtalk.blogspot.com/2015/04/throttling-cpu-usage-with-linux-cgroups.html - More info: https://oakbytes.wordpress.com/2012/06/06/linux-scheduler-cfs-and-nice/' properties: adjustment: format: int32 type: integer type: object readinessProbe: - description: 'Periodic probe of container - service readiness. Container will be - removed from service endpoints if the - probe fails. Cannot be updated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action - to take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the - command is root ('/') in the - container's filesystem. The - command is simply exec'd, it - is not run inside a shell, so - traditional shell instructions - ('|', etc) won't work. To use - a shell, you need to explicitly - call out to that shell. Exit - status of 0 is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults - to 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action - involving a GRPC port. properties: port: - description: Port number of the - gRPC service. Number must be - in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name - of the service to place in the - gRPC HealthCheckRequest (see - https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, - the default behavior is defined - by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the - http request to perform. properties: host: - description: Host name to connect - to, defaults to the pod IP. - You probably want to set "Host" - in httpHeaders instead. type: string httpHeaders: - description: Custom headers to - set in the request. HTTP allows - repeated headers. items: - description: HTTPHeader describes - a custom header to be used - in HTTP probes properties: name: - description: The header - field name. This will - be canonicalized upon - output, so case-variant - names will be understood - as the same header. type: string value: - description: The header - field value type: string required: - name @@ -23077,126 +7666,51 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on - the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for - connecting to the host. Defaults - to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after - the container has started before - liveness probes are initiated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) - to perform the probe. Default to - 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to - 1. Must be 1 for liveness and startup. - Minimum value is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an - action involving a TCP port. properties: host: - description: 'Optional: Host name - to connect to, defaults to the - pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in - seconds the pod needs to terminate - gracefully upon probe failure. The - grace period is the duration in - seconds after the processes running - in the pod are sent a termination - signal and the time when the processes - are forcibly halted with a kill - signal. Set this value longer than - the expected cleanup time for your - process. If this value is nil, the - pod's terminationGracePeriodSeconds - will be used. Otherwise, this value - overrides the value provided by - the pod spec. Value must be non-negative - integer. The value zero indicates - stop immediately via the kill signal - (no opportunity to shut down). This - is a beta field and requires enabling - ProbeTerminationGracePeriod feature - gate. Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after - which the probe times out. Defaults - to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object resources: - description: 'Compute Resources required - by container. Cannot be updated. More - info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' properties: claims: - description: "Claims lists the names - of resources, defined in spec.resourceClaims, - that are used by this container. - \n This is an alpha field and requires - enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. - It can only be set for containers." items: - description: ResourceClaim references - one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match - the name of one entry in pod.spec.resourceClaims - of the Pod where this field - is used. It makes that resource - available inside a container. type: string required: - name @@ -23212,9 +7726,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the - maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -23223,273 +7734,77 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the - minimum amount of compute resources - required. If Requests is omitted - for a container, it defaults to - Limits if that is explicitly specified, - otherwise to an implementation-defined - value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: - description: 'Security options the pod - should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation - controls whether a process can gain - more privileges than its parent - process. This bool directly controls - if the no_new_privs flag will be - set on the container process. AllowPrivilegeEscalation - is true always when the container - is: 1) run as Privileged 2) has - CAP_SYS_ADMIN Note that this field - cannot be set when spec.os.name - is windows.' type: boolean appArmorProfile: - description: appArmorProfile is the - AppArmor options to use by this - container. If set, this profile - overrides the pod's appArmorProfile. - Note that this field cannot be set - when spec.os.name is windows. properties: localhostProfile: - description: localhostProfile - indicates a profile loaded on - the node that should be used. - The profile must be preconfigured - on the node to work. Must match - the loaded name of the profile. - Must be set if and only if type - is "Localhost". type: string type: - description: 'type indicates which - kind of AppArmor profile will - be applied. Valid options are: - Localhost - a profile pre-loaded - on the node. RuntimeDefault - - the container runtime''s default - profile. Unconfined - no AppArmor - enforcement.' type: string required: - type type: object capabilities: - description: The capabilities to add/drop - when running containers. Defaults - to the default set of capabilities - granted by the container runtime. - Note that this field cannot be set - when spec.os.name is windows. properties: add: - description: Added capabilities items: - description: Capability represent - POSIX capabilities type type: string type: array x-kubernetes-list-type: atomic drop: - description: Removed capabilities items: - description: Capability represent - POSIX capabilities type type: string type: array x-kubernetes-list-type: atomic type: object privileged: - description: Run container in privileged - mode. Processes in privileged containers - are essentially equivalent to root - on the host. Defaults to false. - Note that this field cannot be set - when spec.os.name is windows. type: boolean procMount: - description: procMount denotes the - type of proc mount to use for the - containers. The default is DefaultProcMount - which uses the container runtime - defaults for readonly paths and - masked paths. This requires the - ProcMountType feature flag to be - enabled. Note that this field cannot - be set when spec.os.name is windows. type: string readOnlyRootFilesystem: - description: Whether this container - has a read-only root filesystem. - Default is false. Note that this - field cannot be set when spec.os.name - is windows. type: boolean runAsGroup: - description: The GID to run the entrypoint - of the container process. Uses runtime - default if unset. May also be set - in PodSecurityContext. If set in - both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this - field cannot be set when spec.os.name - is windows. format: int64 type: integer runAsNonRoot: - description: Indicates that the container - must run as a non-root user. If - true, the Kubelet will validate - the image at runtime to ensure that - it does not run as UID 0 (root) - and fail to start the container - if it does. If unset or false, no - such validation will be performed. - May also be set in PodSecurityContext. If - set in both SecurityContext and - PodSecurityContext, the value specified - in SecurityContext takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint - of the container process. Defaults - to user specified in image metadata - if unspecified. May also be set - in PodSecurityContext. If set in - both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this - field cannot be set when spec.os.name - is windows. format: int64 type: integer seLinuxOptions: - description: The SELinux context to - be applied to the container. If - unspecified, the container runtime - will allocate a random SELinux context - for each container. May also be - set in PodSecurityContext. If set - in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this - field cannot be set when spec.os.name - is windows. properties: level: - description: Level is SELinux - level label that applies to - the container. type: string role: - description: Role is a SELinux - role label that applies to the - container. type: string type: - description: Type is a SELinux - type label that applies to the - container. type: string user: - description: User is a SELinux - user label that applies to the - container. type: string type: object seccompProfile: - description: The seccomp options to - use by this container. If seccomp - options are provided at both the - pod & container level, the container - options override the pod options. - Note that this field cannot be set - when spec.os.name is windows. properties: localhostProfile: - description: localhostProfile - indicates a profile defined - in a file on the node should - be used. The profile must be - preconfigured on the node to - work. Must be a descending path, - relative to the kubelet's configured - seccomp profile location. Must - be set if type is "Localhost". - Must NOT be set for any other - type. type: string type: - description: "type indicates which - kind of seccomp profile will - be applied. Valid options are: - \n Localhost - a profile defined - in a file on the node should - be used. RuntimeDefault - the - container runtime default profile - should be used. Unconfined - - no profile should be applied." type: string required: - type type: object windowsOptions: - description: The Windows specific - settings applied to all containers. - If unspecified, the options from - the PodSecurityContext will be used. - If set in both SecurityContext and - PodSecurityContext, the value specified - in SecurityContext takes precedence. - Note that this field cannot be set - when spec.os.name is linux. properties: gmsaCredentialSpec: - description: GMSACredentialSpec - is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the - GMSA credential spec named by - the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName - is the name of the GMSA credential - spec to use. type: string hostProcess: - description: HostProcess determines - if a container should be run - as a 'Host Process' container. - All of a Pod's containers must - have the same effective HostProcess - value (it is not allowed to - have a mix of HostProcess containers - and non-HostProcess containers). - In addition, if HostProcess - is true then HostNetwork must - also be set to true. type: boolean runAsUserName: - description: The UserName in Windows - to run the entrypoint of the - container process. Defaults - to the user specified in image - metadata if unspecified. May - also be set in PodSecurityContext. - If set in both SecurityContext - and PodSecurityContext, the - value specified in SecurityContext - takes precedence. type: string type: object type: object @@ -23497,101 +7812,22 @@ spec: pod: properties: affinity: - description: If specified, the pod's scheduling - constraints properties: nodeAffinity: - description: Describes node affinity - scheduling rules for the pod. properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will - prefer to schedule pods to nodes - that satisfy the affinity expressions - specified by this field, but - it may choose a node that violates - one or more of the expressions. - The node that is most preferred - is the one with the greatest - sum of weights, i.e. for each - node that meets all of the scheduling - requirements (resource request, - requiredDuringScheduling affinity - expressions, etc.), compute - a sum by iterating through the - elements of this field and adding - "weight" to the sum if the node - matches the corresponding matchExpressions; - the node(s) with the highest - sum are the most preferred. items: - description: An empty preferred - scheduling term matches all - objects with implicit weight - 0 (i.e. it's a no-op). A null - preferred scheduling term - matches no objects (i.e. is - also a no-op). properties: preference: - description: A node selector - term, associated with - the corresponding weight. properties: matchExpressions: - description: A list - of node selector requirements - by node's labels. items: - description: A node - selector requirement - is a selector that - contains values, - a key, and an operator - that relates the - key and values. properties: key: - description: The - label key that - the selector - applies to. type: string operator: - description: Represents - a key's relationship - to a set of - values. Valid - operators are - In, NotIn, Exists, - DoesNotExist. - Gt, and Lt. type: string values: - description: An - array of string - values. If the - operator is - In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or - DoesNotExist, - the values array - must be empty. - If the operator - is Gt or Lt, - the values array - must have a - single element, - which will be - interpreted - as an integer. - This array is - replaced during - a strategic - merge patch. items: type: string type: array @@ -23603,59 +7839,13 @@ spec: type: array x-kubernetes-list-type: atomic matchFields: - description: A list - of node selector requirements - by node's fields. items: - description: A node - selector requirement - is a selector that - contains values, - a key, and an operator - that relates the - key and values. properties: key: - description: The - label key that - the selector - applies to. type: string operator: - description: Represents - a key's relationship - to a set of - values. Valid - operators are - In, NotIn, Exists, - DoesNotExist. - Gt, and Lt. type: string values: - description: An - array of string - values. If the - operator is - In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or - DoesNotExist, - the values array - must be empty. - If the operator - is Gt or Lt, - the values array - must have a - single element, - which will be - interpreted - as an integer. - This array is - replaced during - a strategic - merge patch. items: type: string type: array @@ -23669,10 +7859,6 @@ spec: type: object x-kubernetes-map-type: atomic weight: - description: Weight associated - with matching the corresponding - nodeSelectorTerm, in the - range 1-100. format: int32 type: integer required: @@ -23682,85 +7868,18 @@ spec: type: array x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements - specified by this field are - not met at scheduling time, - the pod will not be scheduled - onto the node. If the affinity - requirements specified by this - field cease to be met at some - point during pod execution (e.g. - due to an update), the system - may or may not try to eventually - evict the pod from its node. properties: nodeSelectorTerms: - description: Required. A list - of node selector terms. - The terms are ORed. items: - description: A null or empty - node selector term matches - no objects. The requirements - of them are ANDed. The - TopologySelectorTerm type - implements a subset of - the NodeSelectorTerm. properties: matchExpressions: - description: A list - of node selector requirements - by node's labels. items: - description: A node - selector requirement - is a selector that - contains values, - a key, and an operator - that relates the - key and values. properties: key: - description: The - label key that - the selector - applies to. type: string operator: - description: Represents - a key's relationship - to a set of - values. Valid - operators are - In, NotIn, Exists, - DoesNotExist. - Gt, and Lt. type: string values: - description: An - array of string - values. If the - operator is - In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or - DoesNotExist, - the values array - must be empty. - If the operator - is Gt or Lt, - the values array - must have a - single element, - which will be - interpreted - as an integer. - This array is - replaced during - a strategic - merge patch. items: type: string type: array @@ -23772,59 +7891,13 @@ spec: type: array x-kubernetes-list-type: atomic matchFields: - description: A list - of node selector requirements - by node's fields. items: - description: A node - selector requirement - is a selector that - contains values, - a key, and an operator - that relates the - key and values. properties: key: - description: The - label key that - the selector - applies to. type: string operator: - description: Represents - a key's relationship - to a set of - values. Valid - operators are - In, NotIn, Exists, - DoesNotExist. - Gt, and Lt. type: string values: - description: An - array of string - values. If the - operator is - In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or - DoesNotExist, - the values array - must be empty. - If the operator - is Gt or Lt, - the values array - must have a - single element, - which will be - interpreted - as an integer. - This array is - replaced during - a strategic - merge patch. items: type: string type: array @@ -23845,113 +7918,22 @@ spec: x-kubernetes-map-type: atomic type: object podAffinity: - description: Describes pod affinity - scheduling rules (e.g. co-locate - this pod in the same node, zone, - etc. as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will - prefer to schedule pods to nodes - that satisfy the affinity expressions - specified by this field, but - it may choose a node that violates - one or more of the expressions. - The node that is most preferred - is the one with the greatest - sum of weights, i.e. for each - node that meets all of the scheduling - requirements (resource request, - requiredDuringScheduling affinity - expressions, etc.), compute - a sum by iterating through the - elements of this field and adding - "weight" to the sum if the node - has pods which matches the corresponding - podAffinityTerm; the node(s) - with the highest sum are the - most preferred. items: - description: The weights of - all of the matched WeightedPodAffinityTerm - fields are added per-node - to find the most preferred - node(s) properties: podAffinityTerm: - description: Required. A - pod affinity term, associated - with the corresponding - weight. properties: labelSelector: - description: A label - query over a set of - resources, in this - case pods. If it's - null, this PodAffinityTerm - matches with no Pods. properties: matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements - are ANDed. items: - description: A - label selector - requirement - is a selector - that contains - values, a key, - and an operator - that relates - the key and - values. properties: key: - description: key - is the label - key that - the selector - applies - to. type: string operator: - description: operator - represents - a key's - relationship - to a set - of values. - Valid operators - are In, - NotIn, Exists - and DoesNotExist. type: string values: - description: values - is an array - of string - values. - If the operator - is In or - NotIn, the - values array - must be - non-empty. - If the operator - is Exists - or DoesNotExist, - the values - array must - be empty. - This array - is replaced - during a - strategic - merge patch. items: type: string type: array @@ -23965,177 +7947,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single - {key,value} in - the matchLabels - map is equivalent - to an element - of matchExpressions, - whose key field - is "key", the - operator is "In", - and the values - array contains - only "value". - The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys - is a set of pod label - keys to select which - pods will be taken - into consideration. - The keys are used - to lookup values from - the incoming pod labels, - those key-value labels - are merged with `labelSelector` - as `key in (value)` - to select the group - of existing pods which - pods will be taken - into consideration - for the incoming pod's - pod (anti) affinity. - Keys that don't exist - in the incoming pod - labels will be ignored. - The default value - is empty. The same - key is forbidden to - exist in both matchLabelKeys - and labelSelector. - Also, matchLabelKeys - cannot be set when - labelSelector isn't - set. This is an alpha - field and requires - enabling MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys - is a set of pod label - keys to select which - pods will be taken - into consideration. - The keys are used - to lookup values from - the incoming pod labels, - those key-value labels - are merged with `labelSelector` - as `key notin (value)` - to select the group - of existing pods which - pods will be taken - into consideration - for the incoming pod's - pod (anti) affinity. - Keys that don't exist - in the incoming pod - labels will be ignored. - The default value - is empty. The same - key is forbidden to - exist in both mismatchLabelKeys - and labelSelector. - Also, mismatchLabelKeys - cannot be set when - labelSelector isn't - set. This is an alpha - field and requires - enabling MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label - query over the set - of namespaces that - the term applies to. - The term is applied - to the union of the - namespaces selected - by this field and - the ones listed in - the namespaces field. - null selector and - null or empty namespaces - list means "this pod's - namespace". An empty - selector ({}) matches - all namespaces. properties: matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements - are ANDed. items: - description: A - label selector - requirement - is a selector - that contains - values, a key, - and an operator - that relates - the key and - values. properties: key: - description: key - is the label - key that - the selector - applies - to. type: string operator: - description: operator - represents - a key's - relationship - to a set - of values. - Valid operators - are In, - NotIn, Exists - and DoesNotExist. type: string values: - description: values - is an array - of string - values. - If the operator - is In or - NotIn, the - values array - must be - non-empty. - If the operator - is Exists - or DoesNotExist, - the values - array must - be empty. - This array - is replaced - during a - strategic - merge patch. items: type: string type: array @@ -24149,71 +7983,20 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single - {key,value} in - the matchLabels - map is equivalent - to an element - of matchExpressions, - whose key field - is "key", the - operator is "In", - and the values - array contains - only "value". - The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces - specifies a static - list of namespace - names that the term - applies to. The term - is applied to the - union of the namespaces - listed in this field - and the ones selected - by namespaceSelector. - null or empty namespaces - list and null namespaceSelector - means "this pod's - namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: - description: This pod - should be co-located - (affinity) or not - co-located (anti-affinity) - with the pods matching - the labelSelector - in the specified namespaces, - where co-located is - defined as running - on a node whose value - of the label with - key topologyKey matches - that of any node on - which any of the selected - pods is running. Empty - topologyKey is not - allowed. type: string required: - topologyKey type: object weight: - description: weight associated - with matching the corresponding - podAffinityTerm, in the - range 1-100. format: int32 type: integer required: @@ -24223,93 +8006,18 @@ spec: type: array x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements - specified by this field are - not met at scheduling time, - the pod will not be scheduled - onto the node. If the affinity - requirements specified by this - field cease to be met at some - point during pod execution (e.g. - due to a pod label update), - the system may or may not try - to eventually evict the pod - from its node. When there are - multiple elements, the lists - of nodes corresponding to each - podAffinityTerm are intersected, - i.e. all terms must be satisfied. items: - description: Defines a set of - pods (namely those matching - the labelSelector relative - to the given namespace(s)) - that this pod should be co-located - (affinity) or not co-located - (anti-affinity) with, where - co-located is defined as running - on a node whose value of the - label with key - matches that of any node on - which a pod of the set of - pods is running properties: labelSelector: - description: A label query - over a set of resources, - in this case pods. If - it's null, this PodAffinityTerm - matches with no Pods. properties: matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements are - ANDed. items: - description: A label - selector requirement - is a selector that - contains values, - a key, and an operator - that relates the - key and values. properties: key: - description: key - is the label - key that the - selector applies - to. type: string operator: - description: operator - represents a - key's relationship - to a set of - values. Valid - operators are - In, NotIn, Exists - and DoesNotExist. type: string values: - description: values - is an array - of string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or - DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic - merge patch. items: type: string type: array @@ -24323,151 +8031,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels - map is equivalent - to an element of matchExpressions, - whose key field is - "key", the operator - is "In", and the values - array contains only - "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys - is a set of pod label - keys to select which pods - will be taken into consideration. - The keys are used to lookup - values from the incoming - pod labels, those key-value - labels are merged with - `labelSelector` as `key - in (value)` to select - the group of existing - pods which pods will be - taken into consideration - for the incoming pod's - pod (anti) affinity. Keys - that don't exist in the - incoming pod labels will - be ignored. The default - value is empty. The same - key is forbidden to exist - in both matchLabelKeys - and labelSelector. Also, - matchLabelKeys cannot - be set when labelSelector - isn't set. This is an - alpha field and requires - enabling MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys - is a set of pod label - keys to select which pods - will be taken into consideration. - The keys are used to lookup - values from the incoming - pod labels, those key-value - labels are merged with - `labelSelector` as `key - notin (value)` to select - the group of existing - pods which pods will be - taken into consideration - for the incoming pod's - pod (anti) affinity. Keys - that don't exist in the - incoming pod labels will - be ignored. The default - value is empty. The same - key is forbidden to exist - in both mismatchLabelKeys - and labelSelector. Also, - mismatchLabelKeys cannot - be set when labelSelector - isn't set. This is an - alpha field and requires - enabling MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query - over the set of namespaces - that the term applies - to. The term is applied - to the union of the namespaces - selected by this field - and the ones listed in - the namespaces field. - null selector and null - or empty namespaces list - means "this pod's namespace". - An empty selector ({}) - matches all namespaces. properties: matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements are - ANDed. items: - description: A label - selector requirement - is a selector that - contains values, - a key, and an operator - that relates the - key and values. properties: key: - description: key - is the label - key that the - selector applies - to. type: string operator: - description: operator - represents a - key's relationship - to a set of - values. Valid - operators are - In, NotIn, Exists - and DoesNotExist. type: string values: - description: values - is an array - of string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or - DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic - merge patch. items: type: string type: array @@ -24481,52 +8067,15 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels - map is equivalent - to an element of matchExpressions, - whose key field is - "key", the operator - is "In", and the values - array contains only - "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces - specifies a static list - of namespace names that - the term applies to. The - term is applied to the - union of the namespaces - listed in this field and - the ones selected by namespaceSelector. - null or empty namespaces - list and null namespaceSelector - means "this pod's namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: - description: This pod should - be co-located (affinity) - or not co-located (anti-affinity) - with the pods matching - the labelSelector in the - specified namespaces, - where co-located is defined - as running on a node whose - value of the label with - key topologyKey matches - that of any node on which - any of the selected pods - is running. Empty topologyKey - is not allowed. type: string required: - topologyKey @@ -24535,113 +8084,22 @@ spec: x-kubernetes-list-type: atomic type: object podAntiAffinity: - description: Describes pod anti-affinity - scheduling rules (e.g. avoid putting - this pod in the same node, zone, - etc. as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will - prefer to schedule pods to nodes - that satisfy the anti-affinity - expressions specified by this - field, but it may choose a node - that violates one or more of - the expressions. The node that - is most preferred is the one - with the greatest sum of weights, - i.e. for each node that meets - all of the scheduling requirements - (resource request, requiredDuringScheduling - anti-affinity expressions, etc.), - compute a sum by iterating through - the elements of this field and - adding "weight" to the sum if - the node has pods which matches - the corresponding podAffinityTerm; - the node(s) with the highest - sum are the most preferred. items: - description: The weights of - all of the matched WeightedPodAffinityTerm - fields are added per-node - to find the most preferred - node(s) properties: podAffinityTerm: - description: Required. A - pod affinity term, associated - with the corresponding - weight. properties: labelSelector: - description: A label - query over a set of - resources, in this - case pods. If it's - null, this PodAffinityTerm - matches with no Pods. properties: matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements - are ANDed. items: - description: A - label selector - requirement - is a selector - that contains - values, a key, - and an operator - that relates - the key and - values. properties: key: - description: key - is the label - key that - the selector - applies - to. type: string operator: - description: operator - represents - a key's - relationship - to a set - of values. - Valid operators - are In, - NotIn, Exists - and DoesNotExist. type: string values: - description: values - is an array - of string - values. - If the operator - is In or - NotIn, the - values array - must be - non-empty. - If the operator - is Exists - or DoesNotExist, - the values - array must - be empty. - This array - is replaced - during a - strategic - merge patch. items: type: string type: array @@ -24655,177 +8113,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single - {key,value} in - the matchLabels - map is equivalent - to an element - of matchExpressions, - whose key field - is "key", the - operator is "In", - and the values - array contains - only "value". - The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys - is a set of pod label - keys to select which - pods will be taken - into consideration. - The keys are used - to lookup values from - the incoming pod labels, - those key-value labels - are merged with `labelSelector` - as `key in (value)` - to select the group - of existing pods which - pods will be taken - into consideration - for the incoming pod's - pod (anti) affinity. - Keys that don't exist - in the incoming pod - labels will be ignored. - The default value - is empty. The same - key is forbidden to - exist in both matchLabelKeys - and labelSelector. - Also, matchLabelKeys - cannot be set when - labelSelector isn't - set. This is an alpha - field and requires - enabling MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys - is a set of pod label - keys to select which - pods will be taken - into consideration. - The keys are used - to lookup values from - the incoming pod labels, - those key-value labels - are merged with `labelSelector` - as `key notin (value)` - to select the group - of existing pods which - pods will be taken - into consideration - for the incoming pod's - pod (anti) affinity. - Keys that don't exist - in the incoming pod - labels will be ignored. - The default value - is empty. The same - key is forbidden to - exist in both mismatchLabelKeys - and labelSelector. - Also, mismatchLabelKeys - cannot be set when - labelSelector isn't - set. This is an alpha - field and requires - enabling MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label - query over the set - of namespaces that - the term applies to. - The term is applied - to the union of the - namespaces selected - by this field and - the ones listed in - the namespaces field. - null selector and - null or empty namespaces - list means "this pod's - namespace". An empty - selector ({}) matches - all namespaces. properties: matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements - are ANDed. items: - description: A - label selector - requirement - is a selector - that contains - values, a key, - and an operator - that relates - the key and - values. properties: key: - description: key - is the label - key that - the selector - applies - to. type: string operator: - description: operator - represents - a key's - relationship - to a set - of values. - Valid operators - are In, - NotIn, Exists - and DoesNotExist. type: string values: - description: values - is an array - of string - values. - If the operator - is In or - NotIn, the - values array - must be - non-empty. - If the operator - is Exists - or DoesNotExist, - the values - array must - be empty. - This array - is replaced - during a - strategic - merge patch. items: type: string type: array @@ -24839,71 +8149,20 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single - {key,value} in - the matchLabels - map is equivalent - to an element - of matchExpressions, - whose key field - is "key", the - operator is "In", - and the values - array contains - only "value". - The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces - specifies a static - list of namespace - names that the term - applies to. The term - is applied to the - union of the namespaces - listed in this field - and the ones selected - by namespaceSelector. - null or empty namespaces - list and null namespaceSelector - means "this pod's - namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: - description: This pod - should be co-located - (affinity) or not - co-located (anti-affinity) - with the pods matching - the labelSelector - in the specified namespaces, - where co-located is - defined as running - on a node whose value - of the label with - key topologyKey matches - that of any node on - which any of the selected - pods is running. Empty - topologyKey is not - allowed. type: string required: - topologyKey type: object weight: - description: weight associated - with matching the corresponding - podAffinityTerm, in the - range 1-100. format: int32 type: integer required: @@ -24913,93 +8172,18 @@ spec: type: array x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity - requirements specified by this - field are not met at scheduling - time, the pod will not be scheduled - onto the node. If the anti-affinity - requirements specified by this - field cease to be met at some - point during pod execution (e.g. - due to a pod label update), - the system may or may not try - to eventually evict the pod - from its node. When there are - multiple elements, the lists - of nodes corresponding to each - podAffinityTerm are intersected, - i.e. all terms must be satisfied. items: - description: Defines a set of - pods (namely those matching - the labelSelector relative - to the given namespace(s)) - that this pod should be co-located - (affinity) or not co-located - (anti-affinity) with, where - co-located is defined as running - on a node whose value of the - label with key - matches that of any node on - which a pod of the set of - pods is running properties: labelSelector: - description: A label query - over a set of resources, - in this case pods. If - it's null, this PodAffinityTerm - matches with no Pods. properties: matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements are - ANDed. items: - description: A label - selector requirement - is a selector that - contains values, - a key, and an operator - that relates the - key and values. properties: key: - description: key - is the label - key that the - selector applies - to. type: string operator: - description: operator - represents a - key's relationship - to a set of - values. Valid - operators are - In, NotIn, Exists - and DoesNotExist. type: string values: - description: values - is an array - of string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or - DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic - merge patch. items: type: string type: array @@ -25013,151 +8197,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels - map is equivalent - to an element of matchExpressions, - whose key field is - "key", the operator - is "In", and the values - array contains only - "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys - is a set of pod label - keys to select which pods - will be taken into consideration. - The keys are used to lookup - values from the incoming - pod labels, those key-value - labels are merged with - `labelSelector` as `key - in (value)` to select - the group of existing - pods which pods will be - taken into consideration - for the incoming pod's - pod (anti) affinity. Keys - that don't exist in the - incoming pod labels will - be ignored. The default - value is empty. The same - key is forbidden to exist - in both matchLabelKeys - and labelSelector. Also, - matchLabelKeys cannot - be set when labelSelector - isn't set. This is an - alpha field and requires - enabling MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys - is a set of pod label - keys to select which pods - will be taken into consideration. - The keys are used to lookup - values from the incoming - pod labels, those key-value - labels are merged with - `labelSelector` as `key - notin (value)` to select - the group of existing - pods which pods will be - taken into consideration - for the incoming pod's - pod (anti) affinity. Keys - that don't exist in the - incoming pod labels will - be ignored. The default - value is empty. The same - key is forbidden to exist - in both mismatchLabelKeys - and labelSelector. Also, - mismatchLabelKeys cannot - be set when labelSelector - isn't set. This is an - alpha field and requires - enabling MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query - over the set of namespaces - that the term applies - to. The term is applied - to the union of the namespaces - selected by this field - and the ones listed in - the namespaces field. - null selector and null - or empty namespaces list - means "this pod's namespace". - An empty selector ({}) - matches all namespaces. properties: matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements are - ANDed. items: - description: A label - selector requirement - is a selector that - contains values, - a key, and an operator - that relates the - key and values. properties: key: - description: key - is the label - key that the - selector applies - to. type: string operator: - description: operator - represents a - key's relationship - to a set of - values. Valid - operators are - In, NotIn, Exists - and DoesNotExist. type: string values: - description: values - is an array - of string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or - DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic - merge patch. items: type: string type: array @@ -25171,52 +8233,15 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels - map is equivalent - to an element of matchExpressions, - whose key field is - "key", the operator - is "In", and the values - array contains only - "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces - specifies a static list - of namespace names that - the term applies to. The - term is applied to the - union of the namespaces - listed in this field and - the ones selected by namespaceSelector. - null or empty namespaces - list and null namespaceSelector - means "this pod's namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: - description: This pod should - be co-located (affinity) - or not co-located (anti-affinity) - with the pods matching - the labelSelector in the - specified namespaces, - where co-located is defined - as running on a node whose - value of the label with - key topologyKey matches - that of any node on which - any of the selected pods - is running. Empty topologyKey - is not allowed. type: string required: - topologyKey @@ -25226,359 +8251,106 @@ spec: type: object type: object automountServiceAccountToken: - description: AutomountServiceAccountToken - indicates whether a service account - token should be automatically mounted. type: boolean enableServiceLinks: - description: 'EnableServiceLinks indicates - whether information about services should - be injected into pod''s environment - variables, matching the syntax of Docker - links. Optional: Defaults to true.' type: boolean imagePullSecrets: - description: 'ImagePullSecrets is an optional - list of references to secrets in the - same namespace to use for pulling any - of the images used by this PodRuntimeSettings. - If specified, these secrets will be - passed to individual puller implementations - for them to use. For example, in the - case of docker, only DockerConfig type - secrets are honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' items: - description: LocalObjectReference contains - enough information to let you locate - the referenced object inside the same - namespace. properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic type: array nodeName: - description: NodeName is a request to - schedule this pod onto a specific node. - If it is non-empty, the scheduler simply - schedules this pod onto that node, assuming - that it fits resource requirements. type: string nodeSelector: additionalProperties: type: string - description: 'NodeSelector is a selector - which must be true for the pod to fit - on a node. Selector which must match - a node''s labels for the pod to be scheduled - on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' type: object podAnnotations: additionalProperties: type: string - description: PodAnnotations are the annotations - that will be attached with the respective - Pod type: object podLabels: additionalProperties: type: string - description: PodLabels are the labels - that will be attached with the respective - Pod type: object priority: - description: The priority value. Various - system components use this field to - find the priority of the pod. When Priority - Admission Controller is enabled, it - prevents users from setting this field. - The admission controller populates this - field from PriorityClassName. The higher - the value, the higher the priority. format: int32 type: integer priorityClassName: - description: If specified, indicates the - pod's priority. "system-node-critical" - and "system-cluster-critical" are two - special keywords which indicate the - highest priorities with the former being - the highest priority. Any other name - must be defined by creating a PriorityClass - object with that name. If not specified, - the pod priority will be default or - zero if there is no default. type: string readinessGates: - description: 'If specified, all readiness - gates will be evaluated for pod readiness. - A pod is ready when all its containers - are ready AND all conditions specified - in the readiness gates have status equal - to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/0007-pod-ready%2B%2B.md' items: - description: PodReadinessGate contains - the reference to a pod condition properties: conditionType: - description: ConditionType refers - to a condition in the pod's condition - list with matching type. type: string required: - conditionType type: object type: array runtimeClassName: - description: 'RuntimeClassName refers - to a RuntimeClass object in the node.k8s.io - group, which should be used to run this - pod. If no RuntimeClass resource matches - the named class, the pod will not be - run. If unset or empty, the "legacy" - RuntimeClass will be used, which is - an implicit class with an empty definition - that uses the default runtime handler. - More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md - This is an alpha feature and may change - in the future.' type: string schedulerName: - description: If specified, the pod will - be dispatched by specified scheduler. - If not specified, the pod will be dispatched - by default scheduler. type: string securityContext: - description: 'Security options the pod - should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: appArmorProfile: - description: appArmorProfile is the - AppArmor options to use by the containers - in this pod. Note that this field - cannot be set when spec.os.name - is windows. properties: localhostProfile: - description: localhostProfile - indicates a profile loaded on - the node that should be used. - The profile must be preconfigured - on the node to work. Must match - the loaded name of the profile. - Must be set if and only if type - is "Localhost". type: string type: - description: 'type indicates which - kind of AppArmor profile will - be applied. Valid options are: - Localhost - a profile pre-loaded - on the node. RuntimeDefault - - the container runtime''s default - profile. Unconfined - no AppArmor - enforcement.' type: string required: - type type: object fsGroup: - description: "A special supplemental - group that applies to all containers - in a pod. Some volume types allow - the Kubelet to change the ownership - of that volume to be owned by the - pod: \n 1. The owning GID will be - the FSGroup 2. The setgid bit is - set (new files created in the volume - will be owned by FSGroup) 3. The - permission bits are OR'd with rw-rw---- - \n If unset, the Kubelet will not - modify the ownership and permissions - of any volume. Note that this field - cannot be set when spec.os.name - is windows." format: int64 type: integer fsGroupChangePolicy: - description: 'fsGroupChangePolicy - defines behavior of changing ownership - and permission of the volume before - being exposed inside Pod. This field - will only apply to volume types - which support fsGroup based ownership(and - permissions). It will have no effect - on ephemeral volume types such as: - secret, configmaps and emptydir. - Valid values are "OnRootMismatch" - and "Always". If not specified, - "Always" is used. Note that this - field cannot be set when spec.os.name - is windows.' type: string runAsGroup: - description: The GID to run the entrypoint - of the container process. Uses runtime - default if unset. May also be set - in SecurityContext. If set in both - SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence for that container. - Note that this field cannot be set - when spec.os.name is windows. format: int64 type: integer runAsNonRoot: - description: Indicates that the container - must run as a non-root user. If - true, the Kubelet will validate - the image at runtime to ensure that - it does not run as UID 0 (root) - and fail to start the container - if it does. If unset or false, no - such validation will be performed. - May also be set in SecurityContext. If - set in both SecurityContext and - PodSecurityContext, the value specified - in SecurityContext takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint - of the container process. Defaults - to user specified in image metadata - if unspecified. May also be set - in SecurityContext. If set in both - SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence for that container. - Note that this field cannot be set - when spec.os.name is windows. format: int64 type: integer seLinuxOptions: - description: The SELinux context to - be applied to all containers. If - unspecified, the container runtime - will allocate a random SELinux context - for each container. May also be - set in SecurityContext. If set - in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence for that container. - Note that this field cannot be set - when spec.os.name is windows. properties: level: - description: Level is SELinux - level label that applies to - the container. type: string role: - description: Role is a SELinux - role label that applies to the - container. type: string type: - description: Type is a SELinux - type label that applies to the - container. type: string user: - description: User is a SELinux - user label that applies to the - container. type: string type: object seccompProfile: - description: The seccomp options to - use by the containers in this pod. - Note that this field cannot be set - when spec.os.name is windows. properties: localhostProfile: - description: localhostProfile - indicates a profile defined - in a file on the node should - be used. The profile must be - preconfigured on the node to - work. Must be a descending path, - relative to the kubelet's configured - seccomp profile location. Must - be set if type is "Localhost". - Must NOT be set for any other - type. type: string type: - description: "type indicates which - kind of seccomp profile will - be applied. Valid options are: - \n Localhost - a profile defined - in a file on the node should - be used. RuntimeDefault - the - container runtime default profile - should be used. Unconfined - - no profile should be applied." type: string required: - type type: object supplementalGroups: - description: A list of groups applied - to the first process run in each - container, in addition to the container's - primary GID, the fsGroup (if specified), - and group memberships defined in - the container image for the uid - of the container process. If unspecified, - no additional groups are added to - any container. Note that group memberships - defined in the container image for - the uid of the container process - are still effective, even if they - are not included in this list. Note - that this field cannot be set when - spec.os.name is windows. items: format: int64 type: integer type: array x-kubernetes-list-type: atomic sysctls: - description: Sysctls hold a list of - namespaced sysctls used for the - pod. Pods with unsupported sysctls - (by the container runtime) might - fail to launch. Note that this field - cannot be set when spec.os.name - is windows. items: - description: Sysctl defines a kernel - parameter to be set properties: name: - description: Name of a property - to set type: string value: - description: Value of a property - to set type: string required: - name @@ -25587,182 +8359,52 @@ spec: type: array x-kubernetes-list-type: atomic windowsOptions: - description: The Windows specific - settings applied to all containers. - If unspecified, the options within - a container's SecurityContext will - be used. If set in both SecurityContext - and PodSecurityContext, the value - specified in SecurityContext takes - precedence. Note that this field - cannot be set when spec.os.name - is linux. properties: gmsaCredentialSpec: - description: GMSACredentialSpec - is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the - GMSA credential spec named by - the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName - is the name of the GMSA credential - spec to use. type: string hostProcess: - description: HostProcess determines - if a container should be run - as a 'Host Process' container. - All of a Pod's containers must - have the same effective HostProcess - value (it is not allowed to - have a mix of HostProcess containers - and non-HostProcess containers). - In addition, if HostProcess - is true then HostNetwork must - also be set to true. type: boolean runAsUserName: - description: The UserName in Windows - to run the entrypoint of the - container process. Defaults - to the user specified in image - metadata if unspecified. May - also be set in PodSecurityContext. - If set in both SecurityContext - and PodSecurityContext, the - value specified in SecurityContext - takes precedence. type: string type: object type: object serviceAccountAnnotations: additionalProperties: type: string - description: ServiceAccountAnnotations - are the annotations that will be attached - with the respective ServiceAccount type: object serviceAccountName: - description: 'ServiceAccountName is the - name of the ServiceAccount to use to - run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' type: string tolerations: - description: If specified, the pod's tolerations. items: - description: The pod this Toleration - is attached to tolerates any taint - that matches the triple - using the matching operator . properties: effect: - description: Effect indicates the - taint effect to match. Empty means - match all taint effects. When - specified, allowed values are - NoSchedule, PreferNoSchedule and - NoExecute. type: string key: - description: Key is the taint key - that the toleration applies to. - Empty means match all taint keys. - If the key is empty, operator - must be Exists; this combination - means to match all values and - all keys. type: string operator: - description: Operator represents - a key's relationship to the value. - Valid operators are Exists and - Equal. Defaults to Equal. Exists - is equivalent to wildcard for - value, so that a pod can tolerate - all taints of a particular category. type: string tolerationSeconds: - description: TolerationSeconds represents - the period of time the toleration - (which must be of effect NoExecute, - otherwise this field is ignored) - tolerates the taint. By default, - it is not set, which means tolerate - the taint forever (do not evict). - Zero and negative values will - be treated as 0 (evict immediately) - by the system. format: int64 type: integer value: - description: Value is the taint - value the toleration matches to. - If the operator is Exists, the - value should be empty, otherwise - just a regular string. type: string type: object type: array topologySpreadConstraints: - description: TopologySpreadConstraints - describes how a group of pods ought - to spread across topology domains. Scheduler - will schedule pods in a way which abides - by the constraints. All topologySpreadConstraints - are ANDed. items: - description: TopologySpreadConstraint - specifies how to spread matching pods - among the given topology. properties: labelSelector: - description: LabelSelector is used - to find matching pods. Pods that - match this label selector are - counted to determine the number - of pods in their corresponding - topology domain. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, a - key, and an operator that - relates the key and values. properties: key: - description: key is the - label key that the selector - applies to. type: string operator: - description: operator - represents a key's relationship - to a set of values. - Valid operators are - In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is - an array of string values. - If the operator is In - or NotIn, the values - array must be non-empty. - If the operator is Exists - or DoesNotExist, the - values array must be - empty. This array is - replaced during a strategic - merge patch. items: type: string type: array @@ -25776,201 +8418,27 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in the - matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: "MatchLabelKeys is - a set of pod label keys to select - the pods over which spreading - will be calculated. The keys are - used to lookup values from the - incoming pod labels, those key-value - labels are ANDed with labelSelector - to select the group of existing - pods over which spreading will - be calculated for the incoming - pod. The same key is forbidden - to exist in both MatchLabelKeys - and LabelSelector. MatchLabelKeys - cannot be set when LabelSelector - isn't set. Keys that don't exist - in the incoming pod labels will - be ignored. A null or empty list - means only match against labelSelector. - \n This is a beta field and requires - the MatchLabelKeysInPodTopologySpread - feature gate to be enabled (enabled - by default)." items: type: string type: array x-kubernetes-list-type: atomic maxSkew: - description: 'MaxSkew describes - the degree to which pods may be - unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, - it is the maximum permitted difference - between the number of matching - pods in the target topology and - the global minimum. The global - minimum is the minimum number - of matching pods in an eligible - domain or zero if the number of - eligible domains is less than - MinDomains. For example, in a - 3-zone cluster, MaxSkew is set - to 1, and pods with the same labelSelector - spread as 2/2/1: In this case, - the global minimum is 1. | zone1 - | zone2 | zone3 | | P P | P - P | P | - if MaxSkew is 1, - incoming pod can only be scheduled - to zone3 to become 2/2/2; scheduling - it onto zone1(zone2) would make - the ActualSkew(3-1) on zone1(zone2) - violate MaxSkew(1). - if MaxSkew - is 2, incoming pod can be scheduled - onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, - it is used to give higher precedence - to topologies that satisfy it. - It''s a required field. Default - value is 1 and 0 is not allowed.' format: int32 type: integer minDomains: - description: "MinDomains indicates - a minimum number of eligible domains. - When the number of eligible domains - with matching topology keys is - less than minDomains, Pod Topology - Spread treats \"global minimum\" - as 0, and then the calculation - of Skew is performed. And when - the number of eligible domains - with matching topology keys equals - or greater than minDomains, this - value has no effect on scheduling. - As a result, when the number of - eligible domains is less than - minDomains, scheduler won't schedule - more than maxSkew Pods to those - domains. If value is nil, the - constraint behaves as if MinDomains - is equal to 1. Valid values are - integers greater than 0. When - value is not nil, WhenUnsatisfiable - must be DoNotSchedule. \n For - example, in a 3-zone cluster, - MaxSkew is set to 2, MinDomains - is set to 5 and pods with the - same labelSelector spread as 2/2/2: - | zone1 | zone2 | zone3 | | P - P | P P | P P | The number - of domains is less than 5(MinDomains), - so \"global minimum\" is treated - as 0. In this situation, new pod - with the same labelSelector cannot - be scheduled, because computed - skew will be 3(3 - 0) if new Pod - is scheduled to any of the three - zones, it will violate MaxSkew." format: int32 type: integer nodeAffinityPolicy: - description: "NodeAffinityPolicy - indicates how we will treat Pod's - nodeAffinity/nodeSelector when - calculating pod topology spread - skew. Options are: - Honor: only - nodes matching nodeAffinity/nodeSelector - are included in the calculations. - - Ignore: nodeAffinity/nodeSelector - are ignored. All nodes are included - in the calculations. \n If this - value is nil, the behavior is - equivalent to the Honor policy. - This is a beta-level feature default - enabled by the NodeInclusionPolicyInPodTopologySpread - feature flag." type: string nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates - how we will treat node taints - when calculating pod topology - spread skew. Options are: - Honor: - nodes without taints, along with - tainted nodes for which the incoming - pod has a toleration, are included. - - Ignore: node taints are ignored. - All nodes are included. \n If - this value is nil, the behavior - is equivalent to the Ignore policy. - This is a beta-level feature default - enabled by the NodeInclusionPolicyInPodTopologySpread - feature flag." type: string topologyKey: - description: TopologyKey is the - key of node labels. Nodes that - have a label with this key and - identical values are considered - to be in the same topology. We - consider each as - a "bucket", and try to put balanced - number of pods into each bucket. - We define a domain as a particular - instance of a topology. Also, - we define an eligible domain as - a domain whose nodes meet the - requirements of nodeAffinityPolicy - and nodeTaintsPolicy. e.g. If - TopologyKey is "kubernetes.io/hostname", - each Node is a domain of that - topology. And, if TopologyKey - is "topology.kubernetes.io/zone", - each zone is a domain of that - topology. It's a required field. type: string whenUnsatisfiable: - description: 'WhenUnsatisfiable - indicates how to deal with a pod - if it doesn''t satisfy the spread - constraint. - DoNotSchedule (default) - tells the scheduler not to schedule - it. - ScheduleAnyway tells the - scheduler to schedule the pod - in any location, but giving higher - precedence to topologies that - would help reduce the skew. A - constraint is considered "Unsatisfiable" - for an incoming pod if and only - if every possible node assignment - for that pod would violate "MaxSkew" - on some topology. For example, - in a 3-zone cluster, MaxSkew is - set to 1, and pods with the same - labelSelector spread as 3/1/1: - | zone1 | zone2 | zone3 | | P - P P | P | P | If WhenUnsatisfiable - is set to DoNotSchedule, incoming - pod can only be scheduled to zone2(zone3) - to become 3/2/1(3/1/2) as ActualSkew(2-1) - on zone2(zone3) satisfies MaxSkew(1). - In other words, the cluster can - still be imbalanced, but scheduler - won''t make it *more* imbalanced. - It''s a required field.' type: string required: - maxSkew @@ -25985,152 +8453,63 @@ spec: type: object type: object timeout: - description: Timeout specifies a duration in seconds - that KubeStash should wait for the hook execution - to be completed. If the hook execution does - not finish within this time period, KubeStash - will consider this hook execution as failure. - Then, it will be re-tried according to MaxRetry - policy. type: string variables: - description: Variables specifies a list of variables - and their sources that will be used to resolve - the HookTemplate. items: - description: EnvVar represents an environment - variable present in a Container. properties: name: - description: Name of the environment variable. - Must be a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) - are expanded using the previously defined - environment variables in the container - and any service environment variables. - If a variable cannot be resolved, the - reference in the input string will be - unchanged. Double $$ are reduced to a - single $, which allows for escaping the - $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" - will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, - regardless of whether the variable exists - or not. Defaults to "".' type: string valueFrom: - description: Source for the environment - variable's value. Cannot be used if value - is not empty. properties: configMapKeyRef: - description: Selects a key of a ConfigMap. properties: key: - description: The key to select. type: string name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the - ConfigMap or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of the - pod: supports metadata.name, metadata.namespace, - `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, status.podIPs.' properties: apiVersion: - description: Version of the schema - the FieldPath is written in terms - of, defaults to "v1". type: string fieldPath: - description: Path of the field to - select in the specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource of - the container: only resources limits - and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' properties: containerName: - description: 'Container name: required - for volumes, optional for env - vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output - format of the exposed resources, - defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource - to select' type: string required: - resource type: object x-kubernetes-map-type: atomic secretKeyRef: - description: Selects a key of a secret - in the pod's namespace properties: key: - description: The key of the secret - to select from. Must be a valid - secret key. type: string name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the - Secret or its key must be defined type: boolean required: - key @@ -26142,74 +8521,21 @@ spec: type: object type: array volumeMounts: - description: VolumeMounts specifies the mount - for the volumes specified in `Volumes` section - Use this field only for `Function` type hook - executor. items: - description: VolumeMount describes a mounting - of a Volume within a container. properties: mountPath: - description: Path within the container at - which the volume should be mounted. Must - not contain ':'. type: string mountPropagation: - description: mountPropagation determines - how mounts are propagated from the host - to container and the other way around. - When not set, MountPropagationNone is - used. This field is beta in 1.10. When - RecursiveReadOnly is set to IfPossible - or to Enabled, MountPropagation must be - None or unspecified (which defaults to - None). type: string name: - description: This must match the Name of - a Volume. type: string readOnly: - description: Mounted read-only if true, - read-write otherwise (false or unspecified). - Defaults to false. type: boolean recursiveReadOnly: - description: "RecursiveReadOnly specifies - whether read-only mounts should be handled - recursively. \n If ReadOnly is false, - this field has no meaning and must be - unspecified. \n If ReadOnly is true, and - this field is set to Disabled, the mount - is not made recursively read-only. If - this field is set to IfPossible, the mount - is made recursively read-only, if it is - supported by the container runtime. If - this field is set to Enabled, the mount - is made recursively read-only if it is - supported by the container runtime, otherwise - the pod will not be started and an error - will be generated to indicate the reason. - \n If this field is set to IfPossible - or Enabled, MountPropagation must be set - to None (or be unspecified, which defaults - to None). \n If this field is not specified, - it is treated as an equivalent of Disabled." type: string subPath: - description: Path within the volume from - which the container's volume should be - mounted. Defaults to "" (volume's root). type: string subPathExpr: - description: Expanded path within the volume - from which the container's volume should - be mounted. Behaves similarly to SubPath - but environment variable references $(VAR_NAME) - are expanded using the container's environment. - Defaults to "" (volume's root). SubPathExpr - and SubPath are mutually exclusive. type: string required: - mountPath @@ -26217,301 +8543,109 @@ spec: type: object type: array volumes: - description: Volumes indicates the list of volumes - of targeted application that should be mounted - on the hook executor. Use this field only for - `Function` type hook executor. items: - description: Volume represents a named volume - in a pod that may be accessed by any container - in the pod. properties: awsElasticBlockStore: - description: 'awsElasticBlockStore represents - an AWS Disk resource that is attached - to a kubelet''s host machine and then - exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' properties: fsType: - description: 'fsType is the filesystem - type of the volume that you want to - mount. Tip: Ensure that the filesystem - type is supported by the host operating - system. Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if - unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in - the filesystem from compromising the - machine' type: string partition: - description: 'partition is the partition - in the volume that you want to mount. - If omitted, the default is to mount - by volume name. Examples: For volume - /dev/sda1, you specify the partition - as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can leave - the property empty).' format: int32 type: integer readOnly: - description: 'readOnly value true will - force the readOnly setting in VolumeMounts. - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: boolean volumeID: - description: 'volumeID is unique ID - of the persistent disk resource in - AWS (Amazon EBS volume). More info: - https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: string required: - volumeID type: object azureDisk: - description: azureDisk represents an Azure - Data Disk mount on the host and bind mount - to the pod. properties: cachingMode: - description: 'cachingMode is the Host - Caching mode: None, Read Only, Read - Write.' type: string diskName: - description: diskName is the Name of - the data disk in the blob storage type: string diskURI: - description: diskURI is the URI of data - disk in the blob storage type: string fsType: - description: fsType is Filesystem type - to mount. Must be a filesystem type - supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. type: string kind: - description: 'kind expected values are - Shared: multiple blob disks per storage - account Dedicated: single blob disk - per storage account Managed: azure - managed data disk (only in managed - availability set). defaults to shared' type: string readOnly: - description: readOnly Defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. type: boolean required: - diskName - diskURI type: object azureFile: - description: azureFile represents an Azure - File Service mount on the host and bind - mount to the pod. properties: readOnly: - description: readOnly defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. type: boolean secretName: - description: secretName is the name - of secret that contains Azure Storage - Account Name and Key type: string shareName: - description: shareName is the azure - share Name type: string required: - secretName - shareName type: object cephfs: - description: cephFS represents a Ceph FS - mount on the host that shares a pod's - lifetime properties: monitors: - description: 'monitors is Required: - Monitors is a collection of Ceph monitors - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' items: type: string type: array x-kubernetes-list-type: atomic path: - description: 'path is Optional: Used - as the mounted root, rather than the - full Ceph tree, default is /' type: string readOnly: - description: 'readOnly is Optional: - Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting - in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: boolean secretFile: - description: 'secretFile is Optional: - SecretFile is the path to key ring - for User, default is /etc/ceph/user.secret - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string secretRef: - description: 'secretRef is Optional: - SecretRef is reference to the authentication - secret for User, default is empty. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is optional: User - is the rados user name, default is - admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string required: - monitors type: object cinder: - description: 'cinder represents a cinder - volume attached and mounted on kubelets - host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' properties: fsType: - description: 'fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if - unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string readOnly: - description: 'readOnly defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: boolean secretRef: - description: 'secretRef is optional: - points to a secret object containing - parameters used to connect to OpenStack.' properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic volumeID: - description: 'volumeID used to identify - the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string required: - volumeID type: object configMap: - description: configMap represents a configMap - that should populate this volume properties: defaultMode: - description: 'defaultMode is optional: - mode bits used to set permissions - on created files by default. Must - be an octal value between 0000 and - 0777 or a decimal value between 0 - and 511. YAML accepts both octal and - decimal values, JSON requires decimal - values for mode bits. Defaults to - 0644. Directories within the path - are not affected by this setting. - This might be in conflict with other - options that affect the file mode, - like fsGroup, and the result can be - other mode bits set.' format: int32 type: integer items: - description: items if unspecified, each - key-value pair in the Data field of - the referenced ConfigMap will be projected - into the volume as a file whose name - is the key and content is the value. - If specified, the listed keys will - be projected into the specified paths, - and unlisted keys will not be present. - If a key is specified which is not - present in the ConfigMap, the volume - setup will error unless it is marked - optional. Paths must be relative and - may not contain the '..' path or start - with '..'. items: - description: Maps a string key to - a path within a volume. properties: key: - description: key is the key to - project. type: string mode: - description: 'mode is Optional: - mode bits used to set permissions - on this file. Must be an octal - value between 0000 and 0777 - or a decimal value between 0 - and 511. YAML accepts both octal - and decimal values, JSON requires - decimal values for mode bits. - If not specified, the volume - defaultMode will be used. This - might be in conflict with other - options that affect the file - mode, like fsGroup, and the - result can be other mode bits - set.' format: int32 type: integer path: - description: path is the relative - path of the file to map the - key to. May not be an absolute - path. May not contain the path - element '..'. May not start - with the string '..'. type: string required: - key @@ -26521,191 +8655,67 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value here - are almost certainly wrong. TODO: - Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional specify whether - the ConfigMap or its keys must be - defined type: boolean type: object x-kubernetes-map-type: atomic csi: - description: csi (Container Storage Interface) - represents ephemeral storage that is handled - by certain external CSI drivers (Beta - feature). properties: driver: - description: driver is the name of the - CSI driver that handles this volume. - Consult with your admin for the correct - name as registered in the cluster. type: string fsType: - description: fsType to mount. Ex. "ext4", - "xfs", "ntfs". If not provided, the - empty value is passed to the associated - CSI driver which will determine the - default filesystem to apply. type: string nodePublishSecretRef: - description: nodePublishSecretRef is - a reference to the secret object containing - sensitive information to pass to the - CSI driver to complete the CSI NodePublishVolume - and NodeUnpublishVolume calls. This - field is optional, and may be empty - if no secret is required. If the secret - object contains more than one secret, - all secret references are passed. properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic readOnly: - description: readOnly specifies a read-only - configuration for the volume. Defaults - to false (read/write). type: boolean volumeAttributes: additionalProperties: type: string - description: volumeAttributes stores - driver-specific properties that are - passed to the CSI driver. Consult - your driver's documentation for supported - values. type: object required: - driver type: object downwardAPI: - description: downwardAPI represents downward - API about the pod that should populate - this volume properties: defaultMode: - description: 'Optional: mode bits to - use on created files by default. Must - be a Optional: mode bits used to set - permissions on created files by default. - Must be an octal value between 0000 - and 0777 or a decimal value between - 0 and 511. YAML accepts both octal - and decimal values, JSON requires - decimal values for mode bits. Defaults - to 0644. Directories within the path - are not affected by this setting. - This might be in conflict with other - options that affect the file mode, - like fsGroup, and the result can be - other mode bits set.' format: int32 type: integer items: - description: Items is a list of downward - API volume file items: - description: DownwardAPIVolumeFile - represents information to create - the file containing the pod field properties: fieldRef: - description: 'Required: Selects - a field of the pod: only annotations, - labels, name, namespace and - uid are supported.' properties: apiVersion: - description: Version of the - schema the FieldPath is - written in terms of, defaults - to "v1". type: string fieldPath: - description: Path of the field - to select in the specified - API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: mode bits - used to set permissions on this - file, must be an octal value - between 0000 and 0777 or a decimal - value between 0 and 511. YAML - accepts both octal and decimal - values, JSON requires decimal - values for mode bits. If not - specified, the volume defaultMode - will be used. This might be - in conflict with other options - that affect the file mode, like - fsGroup, and the result can - be other mode bits set.' format: int32 type: integer path: - description: 'Required: Path is the - relative path name of the file - to be created. Must not be absolute - or contain the ''..'' path. - Must be utf-8 encoded. The first - item of the relative path must - not start with ''..''' type: string resourceFieldRef: - description: 'Selects a resource - of the container: only resources - limits and requests (limits.cpu, - limits.memory, requests.cpu - and requests.memory) are currently - supported.' properties: containerName: - description: 'Container name: - required for volumes, optional - for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the - output format of the exposed - resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource - to select' type: string required: - resource @@ -26718,251 +8728,50 @@ spec: x-kubernetes-list-type: atomic type: object emptyDir: - description: 'emptyDir represents a temporary - directory that shares a pod''s lifetime. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' properties: medium: - description: 'medium represents what - type of storage medium should back - this directory. The default is "" - which means to use the node''s default - medium. Must be an empty string (default) - or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: anyOf: - type: integer - type: string - description: 'sizeLimit is the total - amount of local storage required for - this EmptyDir volume. The size limit - is also applicable for memory medium. - The maximum usage on memory medium - EmptyDir would be the minimum value - between the SizeLimit specified here - and the sum of memory limits of all - containers in a pod. The default is - nil which means that the limit is - undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object ephemeral: - description: "ephemeral represents a volume - that is handled by a cluster storage driver. - The volume's lifecycle is tied to the - pod that defines it - it will be created - before the pod starts, and deleted when - the pod is removed. \n Use this if: a) - the volume is only needed while the pod - runs, b) features of normal volumes like - restoring from snapshot or capacity tracking - are needed, c) the storage driver is specified - through a storage class, and d) the storage - driver supports dynamic volume provisioning - through a PersistentVolumeClaim (see EphemeralVolumeSource - for more information on the connection - between this volume type and PersistentVolumeClaim). - \n Use PersistentVolumeClaim or one of - the vendor-specific APIs for volumes that - persist for longer than the lifecycle - of an individual pod. \n Use CSI for light-weight - local ephemeral volumes if the CSI driver - is meant to be used that way - see the - documentation of the driver for more information. - \n A pod can use both types of ephemeral - volumes and persistent volumes at the - same time." properties: volumeClaimTemplate: - description: "Will be used to create - a stand-alone PVC to provision the - volume. The pod in which this EphemeralVolumeSource - is embedded will be the owner of the - PVC, i.e. the PVC will be deleted - together with the pod. The name of - the PVC will be `-` where `` is the - name from the `PodSpec.Volumes` array - entry. Pod validation will reject - the pod if the concatenated name is - not valid for a PVC (for example, - too long). \n An existing PVC with - that name that is not owned by the - pod will *not* be used for the pod - to avoid using an unrelated volume - by mistake. Starting the pod is then - blocked until the unrelated PVC is - removed. If such a pre-created PVC - is meant to be used by the pod, the - PVC has to updated with an owner reference - to the pod once the pod exists. Normally - this should not be necessary, but - it may be useful when manually reconstructing - a broken cluster. \n This field is - read-only and no changes will be made - by Kubernetes to the PVC after it - has been created. \n Required, must - not be nil." properties: metadata: - description: May contain labels - and annotations that will be copied - into the PVC when creating it. - No other fields are allowed and - will be rejected during validation. properties: annotations: additionalProperties: type: string - description: 'Annotations is - an unstructured key value - map stored with a resource - that may be set by external - tools to store and retrieve - arbitrary metadata. They are - not queryable and should be - preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations' type: object generateName: - description: "GenerateName is - an optional prefix, used by - the server, to generate a - unique name ONLY IF the Name - field has not been provided. - If this field is used, the - name returned to the client - will be different than the - name passed. This value will - also be combined with a unique - suffix. The provided value - has the same validation rules - as the Name field, and may - be truncated by the length - of the suffix required to - make the value unique on the - server. \n If this field is - specified and the generated - name exists, the server will - NOT return a 409 - instead, - it will either return 201 - Created or 500 with Reason - ServerTimeout indicating a - unique name could not be found - in the time allotted, and - the client should retry (optionally - after the time indicated in - the Retry-After header). \n - Applied only if Name is not - specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" type: string labels: additionalProperties: type: string - description: 'Map of string - keys and values that can be - used to organize and categorize - (scope and select) objects. - May match selectors of replication - controllers and services. - More info: http://kubernetes.io/docs/user-guide/labels' type: object name: - description: 'Name must be unique - within a namespace. Is required - when creating resources, although - some resources may allow a - client to request the generation - of an appropriate name automatically. - Name is primarily intended - for creation idempotence and - configuration definition. - Cannot be updated. More info: - http://kubernetes.io/docs/user-guide/identifiers#names' type: string namespace: - description: "Namespace defines - the space within each name - must be unique. An empty namespace - is equivalent to the \"default\" - namespace, but \"default\" - is the canonical representation. - Not all objects are required - to be scoped to a namespace - - the value of this field - for those objects will be - empty. \n Must be a DNS_LABEL. - Cannot be updated. More info: - http://kubernetes.io/docs/user-guide/namespaces" type: string ownerReferences: - description: List of objects - depended by this object. If - ALL objects in the list have - been deleted, this object - will be garbage collected. - If this object is managed - by a controller, then an entry - in this list will point to - this controller, with the - controller field set to true. - There cannot be more than - one managing controller. items: - description: OwnerReference - contains enough information - to let you identify an owning - object. An owning object - must be in the same namespace - as the dependent, or be - cluster-scoped, so there - is no namespace field. properties: apiVersion: - description: API version - of the referent. type: string blockOwnerDeletion: - description: If true, - AND if the owner has - the "foregroundDeletion" - finalizer, then the - owner cannot be deleted - from the key-value store - until this reference - is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion - for how the garbage - collector interacts - with this field and - enforces the foreground - deletion. Defaults to - false. To set this field, - a user needs "delete" - permission of the owner, - otherwise 422 (Unprocessable - Entity) will be returned. type: boolean controller: - description: If true, - this reference points - to the managing controller. type: boolean kind: - description: 'Kind of - the referent. More info: - https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string name: - description: 'Name of - the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: - description: 'UID of the - referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -26974,63 +8783,19 @@ spec: type: array type: object spec: - description: The specification for - the PersistentVolumeClaim. The - entire content is copied unchanged - into the PVC that gets created - from this template. The same fields - as in a PersistentVolumeClaim - are also valid here. properties: accessModes: - description: 'accessModes contains - the desired access modes the - volume should have. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array x-kubernetes-list-type: atomic dataSource: - description: 'dataSource field - can be used to specify either: - * An existing VolumeSnapshot - object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an external - controller can support the - specified data source, it - will create a new volume based - on the contents of the specified - data source. When the AnyVolumeDataSource - feature gate is enabled, dataSource - contents will be copied to - dataSourceRef, and dataSourceRef - contents will be copied to - dataSource when dataSourceRef.namespace - is not specified. If the namespace - is specified, then dataSourceRef - will not be copied to dataSource.' properties: apiGroup: - description: APIGroup is - the group for the resource - being referenced. If APIGroup - is not specified, the - specified Kind must be - in the core API group. - For any other third-party - types, APIGroup is required. type: string kind: - description: Kind is the - type of resource being - referenced type: string name: - description: Name is the - name of resource being - referenced type: string required: - kind @@ -27038,110 +8803,20 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef - specifies the object from - which to populate the volume - with data, if a non-empty - volume is desired. This may - be any object from a non-empty - API group (non core object) - or a PersistentVolumeClaim - object. When this field is - specified, volume binding - will only succeed if the type - of the specified object matches - some installed volume populator - or dynamic provisioner. This - field will replace the functionality - of the dataSource field and - as such if both fields are - non-empty, they must have - the same value. For backwards - compatibility, when namespace - isn''t specified in dataSourceRef, - both fields (dataSource and - dataSourceRef) will be set - to the same value automatically - if one of them is empty and - the other is non-empty. When - namespace is specified in - dataSourceRef, dataSource - isn''t set to the same value - and must be empty. There are - three important differences - between dataSource and dataSourceRef: - * While dataSource only allows - two specific types of objects, - dataSourceRef allows any non-core - object, as well as PersistentVolumeClaim - objects. * While dataSource - ignores disallowed values - (dropping them), dataSourceRef - preserves all values, and - generates an error if a disallowed - value is specified. * While - dataSource only allows local - objects, dataSourceRef allows - objects in any namespaces. - (Beta) Using this field requires - the AnyVolumeDataSource feature - gate to be enabled. (Alpha) - Using the namespace field - of dataSourceRef requires - the CrossNamespaceVolumeDataSource - feature gate to be enabled.' properties: apiGroup: - description: APIGroup is - the group for the resource - being referenced. If APIGroup - is not specified, the - specified Kind must be - in the core API group. - For any other third-party - types, APIGroup is required. type: string kind: - description: Kind is the - type of resource being - referenced type: string name: - description: Name is the - name of resource being - referenced type: string namespace: - description: Namespace is - the namespace of resource - being referenced Note - that when a namespace - is specified, a gateway.networking.k8s.io/ReferenceGrant - object is required in - the referent namespace - to allow that namespace's - owner to accept the reference. - See the ReferenceGrant - documentation for details. - (Alpha) This field requires - the CrossNamespaceVolumeDataSource - feature gate to be enabled. type: string required: - kind - name type: object resources: - description: 'resources represents - the minimum resources the - volume should have. If RecoverVolumeExpansionFailure - feature is enabled users are - allowed to specify resource - requirements that are lower - than previous value but must - still be higher than capacity - recorded in the status field - of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: @@ -27150,10 +8825,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes - the maximum amount of - compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -27162,66 +8833,18 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes - the minimum amount of - compute resources required. - If Requests is omitted - for a container, it defaults - to Limits if that is explicitly - specified, otherwise to - an implementation-defined - value. Requests cannot - exceed Limits. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: - description: selector is a label - query over volumes to consider - for binding. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key - and values. properties: key: - description: key is - the label key that - the selector applies - to. type: string operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values - is an array of string - values. If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. This - array is replaced - during a strategic - merge patch. items: type: string type: array @@ -27235,69 +8858,16 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an element - of matchExpressions, whose - key field is "key", the - operator is "In", and - the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName - is the name of the StorageClass - required by the claim. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeAttributesClassName: - description: 'volumeAttributesClassName - may be used to set the VolumeAttributesClass - used by this claim. If specified, - the CSI driver will create - or update the volume with - the attributes defined in - the corresponding VolumeAttributesClass. - This has a different purpose - than storageClassName, it - can be changed after the claim - is created. An empty string - value means that no VolumeAttributesClass - will be applied to the claim - but it''s not allowed to reset - this field to empty string - once it is set. If unspecified - and the PersistentVolumeClaim - is unbound, the default VolumeAttributesClass - will be set by the persistentvolume - controller if it exists. If - the resource referred to by - volumeAttributesClass does - not exist, this PersistentVolumeClaim - will be set to a Pending state, - as reflected by the modifyVolumeStatus - field, until such as a resource - exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires - the VolumeAttributesClass - feature gate to be enabled.' type: string volumeMode: - description: volumeMode defines - what type of volume is required - by the claim. Value of Filesystem - is implied when not included - in claim spec. type: string volumeName: - description: volumeName is the - binding reference to the PersistentVolume - backing this claim. type: string type: object required: @@ -27305,103 +8875,41 @@ spec: type: object type: object fc: - description: fc represents a Fibre Channel - resource that is attached to a kubelet's - host machine and then exposed to the pod. properties: fsType: - description: 'fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if - unspecified. TODO: how do we prevent - errors in the filesystem from compromising - the machine' type: string lun: - description: 'lun is Optional: FC target - lun number' format: int32 type: integer readOnly: - description: 'readOnly is Optional: - Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting - in VolumeMounts.' type: boolean targetWWNs: - description: 'targetWWNs is Optional: - FC target worldwide names (WWNs)' items: type: string type: array x-kubernetes-list-type: atomic wwids: - description: 'wwids Optional: FC volume - world wide identifiers (wwids) Either - wwids or combination of targetWWNs - and lun must be set, but not both - simultaneously.' items: type: string type: array x-kubernetes-list-type: atomic type: object flexVolume: - description: flexVolume represents a generic - volume resource that is provisioned/attached - using an exec based plugin. properties: driver: - description: driver is the name of the - driver to use for this volume. type: string fsType: - description: fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - The default filesystem depends on - FlexVolume script. type: string options: additionalProperties: type: string - description: 'options is Optional: this - field holds extra command options - if any.' type: object readOnly: - description: 'readOnly is Optional: - defaults to false (read/write). ReadOnly - here will force the ReadOnly setting - in VolumeMounts.' type: boolean secretRef: - description: 'secretRef is Optional: - secretRef is reference to the secret - object containing sensitive information - to pass to the plugin scripts. This - may be empty if no secret object is - specified. If the secret object contains - more than one secret, all secrets - are passed to the plugin scripts.' properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic @@ -27409,207 +8917,79 @@ spec: - driver type: object flocker: - description: flocker represents a Flocker - volume attached to a kubelet's host machine. - This depends on the Flocker control service - being running properties: datasetName: - description: datasetName is Name of - the dataset stored as metadata -> - name on the dataset for Flocker should - be considered as deprecated type: string datasetUUID: - description: datasetUUID is the UUID - of the dataset. This is unique identifier - of a Flocker dataset type: string type: object gcePersistentDisk: - description: 'gcePersistentDisk represents - a GCE Disk resource that is attached to - a kubelet''s host machine and then exposed - to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' properties: fsType: - description: 'fsType is filesystem type - of the volume that you want to mount. - Tip: Ensure that the filesystem type - is supported by the host operating - system. Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if - unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in - the filesystem from compromising the - machine' type: string partition: - description: 'partition is the partition - in the volume that you want to mount. - If omitted, the default is to mount - by volume name. Examples: For volume - /dev/sda1, you specify the partition - as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can leave - the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' format: int32 type: integer pdName: - description: 'pdName is unique name - of the PD resource in GCE. Used to - identify the disk in GCE. More info: - https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: string readOnly: - description: 'readOnly here will force - the ReadOnly setting in VolumeMounts. - Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: boolean required: - pdName type: object glusterfs: - description: 'glusterfs represents a Glusterfs - mount on the host that shares a pod''s - lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' properties: endpoints: - description: 'endpoints is the endpoint - name that details Glusterfs topology. - More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string path: - description: 'path is the Glusterfs - volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string readOnly: - description: 'readOnly here will force - the Glusterfs volume to be mounted - with read-only permissions. Defaults - to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: boolean required: - endpoints - path type: object hostPath: - description: 'hostPath represents a pre-existing - file or directory on the host machine - that is directly exposed to the container. - This is generally used for system agents - or other privileged things that are allowed - to see the host machine. Most containers - will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict - who can use host directory mounts and - who can/can not mount host directories - as read/write.' properties: path: - description: 'path of the directory - on the host. If the path is a symlink, - it will follow the link to the real - path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string type: - description: 'type for HostPath Volume - Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string required: - path type: object iscsi: - description: 'iscsi represents an ISCSI - Disk resource that is attached to a kubelet''s - host machine and then exposed to the pod. - More info: https://examples.k8s.io/volumes/iscsi/README.md' properties: chapAuthDiscovery: - description: chapAuthDiscovery defines - whether support iSCSI Discovery CHAP - authentication type: boolean chapAuthSession: - description: chapAuthSession defines - whether support iSCSI Session CHAP - authentication type: boolean fsType: - description: 'fsType is the filesystem - type of the volume that you want to - mount. Tip: Ensure that the filesystem - type is supported by the host operating - system. Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if - unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in - the filesystem from compromising the - machine' type: string initiatorName: - description: initiatorName is the custom - iSCSI Initiator Name. If initiatorName - is specified with iscsiInterface simultaneously, - new iSCSI interface : will be created for the connection. type: string iqn: - description: iqn is the target iSCSI - Qualified Name. type: string iscsiInterface: - description: iscsiInterface is the interface - Name that uses an iSCSI transport. - Defaults to 'default' (tcp). type: string lun: - description: lun represents iSCSI Target - Lun number. format: int32 type: integer portals: - description: portals is the iSCSI Target - Portal List. The portal is either - an IP or ip_addr:port if the port - is other than default (typically TCP - ports 860 and 3260). items: type: string type: array x-kubernetes-list-type: atomic readOnly: - description: readOnly here will force - the ReadOnly setting in VolumeMounts. - Defaults to false. type: boolean secretRef: - description: secretRef is the CHAP Secret - for iSCSI target and initiator authentication properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic targetPortal: - description: targetPortal is iSCSI Target - Portal. The Portal is either an IP - or ip_addr:port if the port is other - than default (typically TCP ports - 860 and 3260). type: string required: - iqn @@ -27617,204 +8997,68 @@ spec: - targetPortal type: object name: - description: 'name of the volume. Must be - a DNS_LABEL and unique within the pod. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string nfs: - description: 'nfs represents an NFS mount - on the host that shares a pod''s lifetime - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' properties: path: - description: 'path that is exported - by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string readOnly: - description: 'readOnly here will force - the NFS export to be mounted with - read-only permissions. Defaults to - false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: boolean server: - description: 'server is the hostname - or IP address of the NFS server. More - info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string required: - path - server type: object persistentVolumeClaim: - description: 'persistentVolumeClaimVolumeSource - represents a reference to a PersistentVolumeClaim - in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: claimName: - description: 'claimName is the name - of a PersistentVolumeClaim in the - same namespace as the pod using this - volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' type: string readOnly: - description: readOnly Will force the - ReadOnly setting in VolumeMounts. - Default false. type: boolean required: - claimName type: object photonPersistentDisk: - description: photonPersistentDisk represents - a PhotonController persistent disk attached - and mounted on kubelets host machine properties: fsType: - description: fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if - unspecified. type: string pdID: - description: pdID is the ID that identifies - Photon Controller persistent disk type: string required: - pdID type: object portworxVolume: - description: portworxVolume represents a - portworx volume attached and mounted on - kubelets host machine properties: fsType: - description: fSType represents the filesystem - type to mount Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs". Implicitly - inferred to be "ext4" if unspecified. type: string readOnly: - description: readOnly defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. type: boolean volumeID: - description: volumeID uniquely identifies - a Portworx volume type: string required: - volumeID type: object projected: - description: projected items for all in - one resources secrets, configmaps, and - downward API properties: defaultMode: - description: defaultMode are the mode - bits used to set permissions on created - files by default. Must be an octal - value between 0000 and 0777 or a decimal - value between 0 and 511. YAML accepts - both octal and decimal values, JSON - requires decimal values for mode bits. - Directories within the path are not - affected by this setting. This might - be in conflict with other options - that affect the file mode, like fsGroup, - and the result can be other mode bits - set. format: int32 type: integer sources: - description: sources is the list of - volume projections items: - description: Projection that may be - projected along with other supported - volume types properties: clusterTrustBundle: - description: "ClusterTrustBundle - allows a pod to access the `.spec.trustBundle` - field of ClusterTrustBundle - objects in an auto-updating - file. \n Alpha, gated by the - ClusterTrustBundleProjection - feature gate. \n ClusterTrustBundle - objects can either be selected - by name, or by the combination - of signer name and a label selector. - \n Kubelet performs aggressive - normalization of the PEM contents - written into the pod filesystem. - \ Esoteric PEM features such - as inter-block comments and - block headers are stripped. - \ Certificates are deduplicated. - The ordering of certificates - within the file is arbitrary, - and Kubelet may change the order - over time." properties: labelSelector: - description: Select all ClusterTrustBundles - that match this label selector. Only - has effect if signerName - is set. Mutually-exclusive - with name. If unset, interpreted - as "match nothing". If - set but empty, interpreted - as "match everything". properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. properties: key: - description: key - is the label key - that the selector - applies to. type: string operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. items: type: string type: array @@ -27828,123 +9072,31 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. type: object type: object x-kubernetes-map-type: atomic name: - description: Select a single - ClusterTrustBundle by object - name. Mutually-exclusive - with signerName and labelSelector. type: string optional: - description: If true, don't - block pod startup if the - referenced ClusterTrustBundle(s) - aren't available. If using - name, then the named ClusterTrustBundle - is allowed not to exist. If - using signerName, then the - combination of signerName - and labelSelector is allowed - to match zero ClusterTrustBundles. type: boolean path: - description: Relative path - from the volume root to - write the bundle. type: string signerName: - description: Select all ClusterTrustBundles - that match this signer name. - Mutually-exclusive with - name. The contents of all - selected ClusterTrustBundles - will be unified and deduplicated. type: string required: - path type: object configMap: - description: configMap information - about the configMap data to - project properties: items: - description: items if unspecified, - each key-value pair in the - Data field of the referenced - ConfigMap will be projected - into the volume as a file - whose name is the key and - content is the value. If - specified, the listed keys - will be projected into the - specified paths, and unlisted - keys will not be present. - If a key is specified which - is not present in the ConfigMap, - the volume setup will error - unless it is marked optional. - Paths must be relative and - may not contain the '..' - path or start with '..'. items: - description: Maps a string - key to a path within a - volume. properties: key: - description: key is - the key to project. type: string mode: - description: 'mode is - Optional: mode bits - used to set permissions - on this file. Must - be an octal value - between 0000 and 0777 - or a decimal value - between 0 and 511. - YAML accepts both - octal and decimal - values, JSON requires - decimal values for - mode bits. If not - specified, the volume - defaultMode will be - used. This might be - in conflict with other - options that affect - the file mode, like - fsGroup, and the result - can be other mode - bits set.' format: int32 type: integer path: - description: path is - the relative path - of the file to map - the key to. May not - be an absolute path. - May not contain the - path element '..'. - May not start with - the string '..'. type: string required: - key @@ -27954,134 +9106,42 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of the - referent. This field is - effectively required, but - due to backwards compatibility - is allowed to be empty. - Instances of this type with - an empty value here are - almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional specify - whether the ConfigMap or - its keys must be defined type: boolean type: object x-kubernetes-map-type: atomic downwardAPI: - description: downwardAPI information - about the downwardAPI data to - project properties: items: - description: Items is a list - of DownwardAPIVolume file items: - description: DownwardAPIVolumeFile - represents information - to create the file containing - the pod field properties: fieldRef: - description: 'Required: - Selects a field of - the pod: only annotations, - labels, name, namespace - and uid are supported.' properties: apiVersion: - description: Version - of the schema - the FieldPath - is written in - terms of, defaults - to "v1". type: string fieldPath: - description: Path - of the field to - select in the - specified API - version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: - mode bits used to - set permissions on - this file, must be - an octal value between - 0000 and 0777 or a - decimal value between - 0 and 511. YAML accepts - both octal and decimal - values, JSON requires - decimal values for - mode bits. If not - specified, the volume - defaultMode will be - used. This might be - in conflict with other - options that affect - the file mode, like - fsGroup, and the result - can be other mode - bits set.' format: int32 type: integer path: - description: 'Required: - Path is the relative - path name of the file - to be created. Must - not be absolute or - contain the ''..'' - path. Must be utf-8 - encoded. The first - item of the relative - path must not start - with ''..''' type: string resourceFieldRef: - description: 'Selects - a resource of the - container: only resources - limits and requests - (limits.cpu, limits.memory, - requests.cpu and requests.memory) - are currently supported.' properties: containerName: - description: 'Container - name: required - for volumes, optional - for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies - the output format - of the exposed - resources, defaults - to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: - resource to select' type: string required: - resource @@ -28094,72 +9154,16 @@ spec: x-kubernetes-list-type: atomic type: object secret: - description: secret information - about the secret data to project properties: items: - description: items if unspecified, - each key-value pair in the - Data field of the referenced - Secret will be projected - into the volume as a file - whose name is the key and - content is the value. If - specified, the listed keys - will be projected into the - specified paths, and unlisted - keys will not be present. - If a key is specified which - is not present in the Secret, - the volume setup will error - unless it is marked optional. - Paths must be relative and - may not contain the '..' - path or start with '..'. items: - description: Maps a string - key to a path within a - volume. properties: key: - description: key is - the key to project. type: string mode: - description: 'mode is - Optional: mode bits - used to set permissions - on this file. Must - be an octal value - between 0000 and 0777 - or a decimal value - between 0 and 511. - YAML accepts both - octal and decimal - values, JSON requires - decimal values for - mode bits. If not - specified, the volume - defaultMode will be - used. This might be - in conflict with other - options that affect - the file mode, like - fsGroup, and the result - can be other mode - bits set.' format: int32 type: integer path: - description: path is - the relative path - of the file to map - the key to. May not - be an absolute path. - May not contain the - path element '..'. - May not start with - the string '..'. type: string required: - key @@ -28169,68 +9173,19 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of the - referent. This field is - effectively required, but - due to backwards compatibility - is allowed to be empty. - Instances of this type with - an empty value here are - almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional field - specify whether the Secret - or its key must be defined type: boolean type: object x-kubernetes-map-type: atomic serviceAccountToken: - description: serviceAccountToken - is information about the serviceAccountToken - data to project properties: audience: - description: audience is the - intended audience of the - token. A recipient of a - token must identify itself - with an identifier specified - in the audience of the token, - and otherwise should reject - the token. The audience - defaults to the identifier - of the apiserver. type: string expirationSeconds: - description: expirationSeconds - is the requested duration - of validity of the service - account token. As the token - approaches expiration, the - kubelet volume plugin will - proactively rotate the service - account token. The kubelet - will start trying to rotate - the token if the token is - older than 80 percent of - its time to live or if the - token is older than 24 hours.Defaults - to 1 hour and must be at - least 10 minutes. format: int64 type: integer path: - description: path is the path - relative to the mount point - of the file to project the - token into. type: string required: - path @@ -28240,196 +9195,79 @@ spec: x-kubernetes-list-type: atomic type: object quobyte: - description: quobyte represents a Quobyte - mount on the host that shares a pod's - lifetime properties: group: - description: group to map volume access - to Default is no group type: string readOnly: - description: readOnly here will force - the Quobyte volume to be mounted with - read-only permissions. Defaults to - false. type: boolean registry: - description: registry represents a single - or multiple Quobyte Registry services - specified as a string as host:port - pair (multiple entries are separated - with commas) which acts as the central - registry for volumes type: string tenant: - description: tenant owning the given - Quobyte volume in the Backend Used - with dynamically provisioned Quobyte - volumes, value is set by the plugin type: string user: - description: user to map volume access - to Defaults to serivceaccount user type: string volume: - description: volume is a string that - references an already created Quobyte - volume by name. type: string required: - registry - volume type: object rbd: - description: 'rbd represents a Rados Block - Device mount on the host that shares a - pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' properties: fsType: - description: 'fsType is the filesystem - type of the volume that you want to - mount. Tip: Ensure that the filesystem - type is supported by the host operating - system. Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if - unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in - the filesystem from compromising the - machine' type: string image: - description: 'image is the rados image - name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string keyring: - description: 'keyring is the path to - key ring for RBDUser. Default is /etc/ceph/keyring. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string monitors: - description: 'monitors is a collection - of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' items: type: string type: array x-kubernetes-list-type: atomic pool: - description: 'pool is the rados pool - name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string readOnly: - description: 'readOnly here will force - the ReadOnly setting in VolumeMounts. - Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: boolean secretRef: - description: 'secretRef is name of the - authentication secret for RBDUser. - If provided overrides keyring. Default - is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is the rados user - name. Default is admin. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string required: - image - monitors type: object scaleIO: - description: scaleIO represents a ScaleIO - persistent volume attached and mounted - on Kubernetes nodes. properties: fsType: - description: fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Default is "xfs". type: string gateway: - description: gateway is the host address - of the ScaleIO API Gateway. type: string protectionDomain: - description: protectionDomain is the - name of the ScaleIO Protection Domain - for the configured storage. type: string readOnly: - description: readOnly Defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: secretRef references to - the secret for ScaleIO user and other - sensitive information. If this is - not provided, Login operation will - fail. properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic sslEnabled: - description: sslEnabled Flag enable/disable - SSL communication with Gateway, default - false type: boolean storageMode: - description: storageMode indicates whether - the storage for a volume should be - ThickProvisioned or ThinProvisioned. - Default is ThinProvisioned. type: string storagePool: - description: storagePool is the ScaleIO - Storage Pool associated with the protection - domain. type: string system: - description: system is the name of the - storage system as configured in ScaleIO. type: string volumeName: - description: volumeName is the name - of a volume already created in the - ScaleIO system that is associated - with this volume source. type: string required: - gateway @@ -28437,75 +9275,19 @@ spec: - system type: object secret: - description: 'secret represents a secret - that should populate this volume. More - info: https://kubernetes.io/docs/concepts/storage/volumes#secret' properties: defaultMode: - description: 'defaultMode is Optional: - mode bits used to set permissions - on created files by default. Must - be an octal value between 0000 and - 0777 or a decimal value between 0 - and 511. YAML accepts both octal and - decimal values, JSON requires decimal - values for mode bits. Defaults to - 0644. Directories within the path - are not affected by this setting. - This might be in conflict with other - options that affect the file mode, - like fsGroup, and the result can be - other mode bits set.' format: int32 type: integer items: - description: items If unspecified, each - key-value pair in the Data field of - the referenced Secret will be projected - into the volume as a file whose name - is the key and content is the value. - If specified, the listed keys will - be projected into the specified paths, - and unlisted keys will not be present. - If a key is specified which is not - present in the Secret, the volume - setup will error unless it is marked - optional. Paths must be relative and - may not contain the '..' path or start - with '..'. items: - description: Maps a string key to - a path within a volume. properties: key: - description: key is the key to - project. type: string mode: - description: 'mode is Optional: - mode bits used to set permissions - on this file. Must be an octal - value between 0000 and 0777 - or a decimal value between 0 - and 511. YAML accepts both octal - and decimal values, JSON requires - decimal values for mode bits. - If not specified, the volume - defaultMode will be used. This - might be in conflict with other - options that affect the file - mode, like fsGroup, and the - result can be other mode bits - set.' format: int32 type: integer path: - description: path is the relative - path of the file to map the - key to. May not be an absolute - path. May not contain the path - element '..'. May not start - with the string '..'. type: string required: - key @@ -28514,102 +9296,37 @@ spec: type: array x-kubernetes-list-type: atomic optional: - description: optional field specify - whether the Secret or its keys must - be defined type: boolean secretName: - description: 'secretName is the name - of the secret in the pod''s namespace - to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' type: string type: object storageos: - description: storageOS represents a StorageOS - volume attached and mounted on Kubernetes - nodes. properties: fsType: - description: fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if - unspecified. type: string readOnly: - description: readOnly defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: secretRef specifies the - secret to use for obtaining the StorageOS - API credentials. If not specified, - default values will be attempted. properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic volumeName: - description: volumeName is the human-readable - name of the StorageOS volume. Volume - names are only unique within a namespace. type: string volumeNamespace: - description: volumeNamespace specifies - the scope of the volume within StorageOS. If - no namespace is specified then the - Pod's namespace will be used. This - allows the Kubernetes name scoping - to be mirrored within StorageOS for - tighter integration. Set VolumeName - to any name to override the default - behaviour. Set to "default" if you - are not using namespaces within StorageOS. - Namespaces that do not pre-exist within - StorageOS will be created. type: string type: object vsphereVolume: - description: vsphereVolume represents a - vSphere volume attached and mounted on - kubelets host machine properties: fsType: - description: fsType is filesystem type - to mount. Must be a filesystem type - supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. type: string storagePolicyID: - description: storagePolicyID is the - storage Policy Based Management (SPBM) - profile ID associated with the StoragePolicyName. type: string storagePolicyName: - description: storagePolicyName is the - storage Policy Based Management (SPBM) - profile name. type: string volumePath: - description: volumePath is the path - that identifies vSphere volume vmdk type: string required: - volumePath @@ -28622,321 +9339,119 @@ spec: type: array type: object name: - description: Name specifies the name of the session type: string repositories: - description: Repositories specifies a list of repository - information where the backed up data will be stored. KubeStash - will create the respective Repository CRs using this information. items: - description: RepositoryInfo specifies information about - the repository where the backed up data will be stored. - KubeStash will create the respective Repository CR from - this information. properties: backend: - description: Backend specifies the name of the backend - where this repository will be initialized. This - should point to a backend name specified in `.spec.backends` - section. For using a default backend, keep this - field empty. type: string + backupVerifier: + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object deletionPolicy: - description: DeletionPolicy specifies what to do when - you delete a Repository CR. enum: - Delete - WipeOut type: string directory: - description: Directory specifies the path inside the - backend where the backed up data will be stored. type: string encryptionSecret: - description: EncryptionSecret refers to the Secret - containing the encryption key which will be used - to encode/decode the backed up dta. You can refer - to a Secret of a different namespace. If you don't - provide the namespace field, KubeStash will look - for the Secret in the same namespace as the BackupConfiguration - / BackupBatch. properties: name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string required: - name type: object name: - description: Name specifies the name of the Repository type: string type: object type: array retryConfig: - description: RetryConfig specifies the behavior of retry - in case of a backup failure. properties: delay: - description: 'The amount of time to wait before next - retry. If you don''t specify this field, KubeStash - will retry immediately. Format: 30s, 2m, 1h etc.' type: string maxRetry: default: 1 - description: MaxRetry specifies the maximum number of - times KubeStash should retry the backup/restore process. - By default, KubeStash will retry only 1 time. format: int32 minimum: 1 type: integer type: object scheduler: - description: Scheduler specifies the configuration for backup - triggering CronJob properties: concurrencyPolicy: - description: 'Specifies how to treat concurrent executions - of a Job. Valid values are: - "Allow" (default): allows - CronJobs to run concurrently; - "Forbid": forbids - concurrent runs, skipping next run if previous run - hasn''t finished yet; - "Replace": cancels currently - running job and replaces it with a new one' type: string failedJobsHistoryLimit: - description: The number of failed finished jobs to retain. - Value must be non-negative integer. Defaults to 1. format: int32 type: integer jobTemplate: - description: Specifies the job that will be created - when executing a CronJob. properties: activeDeadlineSeconds: - description: Specifies the duration in seconds relative - to the startTime that the job may be continuously - active before the system tries to terminate it; - value must be positive integer. If a Job is suspended - (at creation or through an update), this timer - will effectively be stopped and reset when the - Job is resumed again. format: int64 type: integer backoffLimit: - description: Specifies the number of retries before - marking this job failed. Defaults to 6 format: int32 type: integer completionMode: - description: "CompletionMode specifies how Pod completions - are tracked. It can be `NonIndexed` (default) - or `Indexed`. \n `NonIndexed` means that the Job - is considered complete when there have been .spec.completions - successfully completed Pods. Each Pod completion - is homologous to each other. \n `Indexed` means - that the Pods of a Job get an associated completion - index from 0 to (.spec.completions - 1), available - in the annotation batch.kubernetes.io/job-completion-index. - The Job is considered complete when there is one - successfully completed Pod for each index. When - value is `Indexed`, .spec.completions must be - specified and `.spec.parallelism` must be less - than or equal to 10^5. \n This field is alpha-level - and is only honored by servers that enable the - IndexedJob feature gate. More completion modes - can be added in the future. If the Job controller - observes a mode that it doesn't recognize, the - controller skips updates for the Job." type: string completions: - description: 'Specifies the desired number of successfully - finished pods the job should be run with. Setting - to nil means that the success of any pod signals - the success of all pods, and allows parallelism - to have any positive value. Setting to 1 means - that parallelism is limited to 1 and the success - of that pod signals the success of the job. More - info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/' format: int32 type: integer parallelism: - description: 'Specifies the maximum desired number - of pods the job should run at any given time. - The actual number of pods running in steady state - will be less than this number when ((.spec.completions - - .status.successful) < .spec.parallelism), i.e. - when the work left to do is less than max parallelism. - More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/' format: int32 type: integer suspend: - description: Suspend specifies whether the Job controller - should create Pods or not. If a Job is created - with suspend set to true, no Pods are created - by the Job controller. If a Job is suspended after - creation (i.e. the flag goes from false to true), - the Job controller will delete all active Pods - associated with this Job. Users must design their - workload to gracefully handle this. Suspending - a Job will reset the StartTime field of the Job, - effectively resetting the ActiveDeadlineSeconds - timer too. This is an alpha field and requires - the SuspendJob feature gate to be enabled; otherwise - this field may not be set to true. Defaults to - false. type: boolean template: - description: Describes the pod that will be created - when executing a job. properties: controller: - description: 'Workload controller''s metadata. - More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' properties: annotations: additionalProperties: type: string - description: 'Annotations is an unstructured - key value map stored with a resource that - may be set by external tools to store - and retrieve arbitrary metadata. They - are not queryable and should be preserved - when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' type: object labels: additionalProperties: type: string - description: 'Map of string keys and values - that can be used to organize and categorize - (scope and select) objects. May match - selectors of replication controllers and - services. More info: http://kubernetes.io/docs/user-guide/labels' type: object type: object metadata: - description: 'Standard object''s metadata. More - info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' properties: annotations: additionalProperties: type: string - description: 'Annotations is an unstructured - key value map stored with a resource that - may be set by external tools to store - and retrieve arbitrary metadata. They - are not queryable and should be preserved - when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' type: object labels: additionalProperties: type: string - description: 'Map of string keys and values - that can be used to organize and categorize - (scope and select) objects. May match - selectors of replication controllers and - services. More info: http://kubernetes.io/docs/user-guide/labels' type: object type: object spec: - description: 'Specification of the desired behavior - of the pod. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status' properties: affinity: - description: If specified, the pod's scheduling - constraints properties: nodeAffinity: - description: Describes node affinity - scheduling rules for the pod. properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will - prefer to schedule pods to nodes - that satisfy the affinity expressions - specified by this field, but it - may choose a node that violates - one or more of the expressions. - The node that is most preferred - is the one with the greatest sum - of weights, i.e. for each node - that meets all of the scheduling - requirements (resource request, - requiredDuringScheduling affinity - expressions, etc.), compute a - sum by iterating through the elements - of this field and adding "weight" - to the sum if the node matches - the corresponding matchExpressions; - the node(s) with the highest sum - are the most preferred. items: - description: An empty preferred - scheduling term matches all - objects with implicit weight - 0 (i.e. it's a no-op). A null - preferred scheduling term matches - no objects (i.e. is also a no-op). properties: preference: - description: A node selector - term, associated with the - corresponding weight. properties: matchExpressions: - description: A list of - node selector requirements - by node's labels. items: - description: A node - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. properties: key: - description: The - label key that - the selector applies - to. type: string operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, - Exists, DoesNotExist. - Gt, and Lt. type: string values: - description: An - array of string - values. If the - operator is In - or NotIn, the - values array must - be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - If the operator - is Gt or Lt, the - values array must - have a single - element, which - will be interpreted - as an integer. - This array is - replaced during - a strategic merge - patch. items: type: string type: array @@ -28948,56 +9463,13 @@ spec: type: array x-kubernetes-list-type: atomic matchFields: - description: A list of - node selector requirements - by node's fields. items: - description: A node - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. properties: key: - description: The - label key that - the selector applies - to. type: string operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, - Exists, DoesNotExist. - Gt, and Lt. type: string values: - description: An - array of string - values. If the - operator is In - or NotIn, the - values array must - be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - If the operator - is Gt or Lt, the - values array must - have a single - element, which - will be interpreted - as an integer. - This array is - replaced during - a strategic merge - patch. items: type: string type: array @@ -29011,10 +9483,6 @@ spec: type: object x-kubernetes-map-type: atomic weight: - description: Weight associated - with matching the corresponding - nodeSelectorTerm, in the - range 1-100. format: int32 type: integer required: @@ -29024,81 +9492,18 @@ spec: type: array x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements - specified by this field are not - met at scheduling time, the pod - will not be scheduled onto the - node. If the affinity requirements - specified by this field cease - to be met at some point during - pod execution (e.g. due to an - update), the system may or may - not try to eventually evict the - pod from its node. properties: nodeSelectorTerms: - description: Required. A list - of node selector terms. The - terms are ORed. items: - description: A null or empty - node selector term matches - no objects. The requirements - of them are ANDed. The TopologySelectorTerm - type implements a subset - of the NodeSelectorTerm. properties: matchExpressions: - description: A list of - node selector requirements - by node's labels. items: - description: A node - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. properties: key: - description: The - label key that - the selector applies - to. type: string operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, - Exists, DoesNotExist. - Gt, and Lt. type: string values: - description: An - array of string - values. If the - operator is In - or NotIn, the - values array must - be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - If the operator - is Gt or Lt, the - values array must - have a single - element, which - will be interpreted - as an integer. - This array is - replaced during - a strategic merge - patch. items: type: string type: array @@ -29110,56 +9515,13 @@ spec: type: array x-kubernetes-list-type: atomic matchFields: - description: A list of - node selector requirements - by node's fields. items: - description: A node - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. properties: key: - description: The - label key that - the selector applies - to. type: string operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, - Exists, DoesNotExist. - Gt, and Lt. type: string values: - description: An - array of string - values. If the - operator is In - or NotIn, the - values array must - be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - If the operator - is Gt or Lt, the - values array must - have a single - element, which - will be interpreted - as an integer. - This array is - replaced during - a strategic merge - patch. items: type: string type: array @@ -29180,103 +9542,22 @@ spec: x-kubernetes-map-type: atomic type: object podAffinity: - description: Describes pod affinity - scheduling rules (e.g. co-locate this - pod in the same node, zone, etc. as - some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will - prefer to schedule pods to nodes - that satisfy the affinity expressions - specified by this field, but it - may choose a node that violates - one or more of the expressions. - The node that is most preferred - is the one with the greatest sum - of weights, i.e. for each node - that meets all of the scheduling - requirements (resource request, - requiredDuringScheduling affinity - expressions, etc.), compute a - sum by iterating through the elements - of this field and adding "weight" - to the sum if the node has pods - which matches the corresponding - podAffinityTerm; the node(s) with - the highest sum are the most preferred. items: - description: The weights of all - of the matched WeightedPodAffinityTerm - fields are added per-node to - find the most preferred node(s) properties: podAffinityTerm: - description: Required. A pod - affinity term, associated - with the corresponding weight. properties: labelSelector: - description: A label query - over a set of resources, - in this case pods. If - it's null, this PodAffinityTerm - matches with no Pods. properties: matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements - are ANDed. items: - description: A label - selector requirement - is a selector - that contains - values, a key, - and an operator - that relates the - key and values. properties: key: - description: key - is the label - key that the - selector applies - to. type: string operator: - description: operator - represents - a key's relationship - to a set of - values. Valid - operators - are In, NotIn, - Exists and - DoesNotExist. type: string values: - description: values - is an array - of string - values. If - the operator - is In or NotIn, - the values - array must - be non-empty. - If the operator - is Exists - or DoesNotExist, - the values - array must - be empty. - This array - is replaced - during a strategic - merge patch. items: type: string type: array @@ -29290,163 +9571,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single - {key,value} in the - matchLabels map - is equivalent to - an element of matchExpressions, - whose key field - is "key", the operator - is "In", and the - values array contains - only "value". The - requirements are - ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys - is a set of pod label - keys to select which - pods will be taken into - consideration. The keys - are used to lookup values - from the incoming pod - labels, those key-value - labels are merged with - `labelSelector` as `key - in (value)` to select - the group of existing - pods which pods will - be taken into consideration - for the incoming pod's - pod (anti) affinity. - Keys that don't exist - in the incoming pod - labels will be ignored. - The default value is - empty. The same key - is forbidden to exist - in both matchLabelKeys - and labelSelector. Also, - matchLabelKeys cannot - be set when labelSelector - isn't set. This is an - alpha field and requires - enabling MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys - is a set of pod label - keys to select which - pods will be taken into - consideration. The keys - are used to lookup values - from the incoming pod - labels, those key-value - labels are merged with - `labelSelector` as `key - notin (value)` to select - the group of existing - pods which pods will - be taken into consideration - for the incoming pod's - pod (anti) affinity. - Keys that don't exist - in the incoming pod - labels will be ignored. - The default value is - empty. The same key - is forbidden to exist - in both mismatchLabelKeys - and labelSelector. Also, - mismatchLabelKeys cannot - be set when labelSelector - isn't set. This is an - alpha field and requires - enabling MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query - over the set of namespaces - that the term applies - to. The term is applied - to the union of the - namespaces selected - by this field and the - ones listed in the namespaces - field. null selector - and null or empty namespaces - list means "this pod's - namespace". An empty - selector ({}) matches - all namespaces. properties: matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements - are ANDed. items: - description: A label - selector requirement - is a selector - that contains - values, a key, - and an operator - that relates the - key and values. properties: key: - description: key - is the label - key that the - selector applies - to. type: string operator: - description: operator - represents - a key's relationship - to a set of - values. Valid - operators - are In, NotIn, - Exists and - DoesNotExist. type: string values: - description: values - is an array - of string - values. If - the operator - is In or NotIn, - the values - array must - be non-empty. - If the operator - is Exists - or DoesNotExist, - the values - array must - be empty. - This array - is replaced - during a strategic - merge patch. items: type: string type: array @@ -29460,66 +9607,20 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single - {key,value} in the - matchLabels map - is equivalent to - an element of matchExpressions, - whose key field - is "key", the operator - is "In", and the - values array contains - only "value". The - requirements are - ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces - specifies a static list - of namespace names that - the term applies to. - The term is applied - to the union of the - namespaces listed in - this field and the ones - selected by namespaceSelector. - null or empty namespaces - list and null namespaceSelector - means "this pod's namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: - description: This pod - should be co-located - (affinity) or not co-located - (anti-affinity) with - the pods matching the - labelSelector in the - specified namespaces, - where co-located is - defined as running on - a node whose value of - the label with key topologyKey - matches that of any - node on which any of - the selected pods is - running. Empty topologyKey - is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated - with matching the corresponding - podAffinityTerm, in the - range 1-100. format: int32 type: integer required: @@ -29529,88 +9630,18 @@ spec: type: array x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements - specified by this field are not - met at scheduling time, the pod - will not be scheduled onto the - node. If the affinity requirements - specified by this field cease - to be met at some point during - pod execution (e.g. due to a pod - label update), the system may - or may not try to eventually evict - the pod from its node. When there - are multiple elements, the lists - of nodes corresponding to each - podAffinityTerm are intersected, - i.e. all terms must be satisfied. items: - description: Defines a set of - pods (namely those matching - the labelSelector relative to - the given namespace(s)) that - this pod should be co-located - (affinity) or not co-located - (anti-affinity) with, where - co-located is defined as running - on a node whose value of the - label with key - matches that of any node on - which a pod of the set of pods - is running properties: labelSelector: - description: A label query - over a set of resources, - in this case pods. If it's - null, this PodAffinityTerm - matches with no Pods. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. properties: key: - description: key - is the label key - that the selector - applies to. type: string operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. items: type: string type: array @@ -29624,141 +9655,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys - is a set of pod label keys - to select which pods will - be taken into consideration. - The keys are used to lookup - values from the incoming - pod labels, those key-value - labels are merged with `labelSelector` - as `key in (value)` to select - the group of existing pods - which pods will be taken - into consideration for the - incoming pod's pod (anti) - affinity. Keys that don't - exist in the incoming pod - labels will be ignored. - The default value is empty. - The same key is forbidden - to exist in both matchLabelKeys - and labelSelector. Also, - matchLabelKeys cannot be - set when labelSelector isn't - set. This is an alpha field - and requires enabling MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys - is a set of pod label keys - to select which pods will - be taken into consideration. - The keys are used to lookup - values from the incoming - pod labels, those key-value - labels are merged with `labelSelector` - as `key notin (value)` to - select the group of existing - pods which pods will be - taken into consideration - for the incoming pod's pod - (anti) affinity. Keys that - don't exist in the incoming - pod labels will be ignored. - The default value is empty. - The same key is forbidden - to exist in both mismatchLabelKeys - and labelSelector. Also, - mismatchLabelKeys cannot - be set when labelSelector - isn't set. This is an alpha - field and requires enabling - MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query - over the set of namespaces - that the term applies to. - The term is applied to the - union of the namespaces - selected by this field and - the ones listed in the namespaces - field. null selector and - null or empty namespaces - list means "this pod's namespace". - An empty selector ({}) matches - all namespaces. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. properties: key: - description: key - is the label key - that the selector - applies to. type: string operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. items: type: string type: array @@ -29772,50 +9691,15 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies - a static list of namespace - names that the term applies - to. The term is applied - to the union of the namespaces - listed in this field and - the ones selected by namespaceSelector. - null or empty namespaces - list and null namespaceSelector - means "this pod's namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: - description: This pod should - be co-located (affinity) - or not co-located (anti-affinity) - with the pods matching the - labelSelector in the specified - namespaces, where co-located - is defined as running on - a node whose value of the - label with key topologyKey - matches that of any node - on which any of the selected - pods is running. Empty topologyKey - is not allowed. type: string required: - topologyKey @@ -29824,104 +9708,22 @@ spec: x-kubernetes-list-type: atomic type: object podAntiAffinity: - description: Describes pod anti-affinity - scheduling rules (e.g. avoid putting - this pod in the same node, zone, etc. - as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will - prefer to schedule pods to nodes - that satisfy the anti-affinity - expressions specified by this - field, but it may choose a node - that violates one or more of the - expressions. The node that is - most preferred is the one with - the greatest sum of weights, i.e. - for each node that meets all of - the scheduling requirements (resource - request, requiredDuringScheduling - anti-affinity expressions, etc.), - compute a sum by iterating through - the elements of this field and - adding "weight" to the sum if - the node has pods which matches - the corresponding podAffinityTerm; - the node(s) with the highest sum - are the most preferred. items: - description: The weights of all - of the matched WeightedPodAffinityTerm - fields are added per-node to - find the most preferred node(s) properties: podAffinityTerm: - description: Required. A pod - affinity term, associated - with the corresponding weight. properties: labelSelector: - description: A label query - over a set of resources, - in this case pods. If - it's null, this PodAffinityTerm - matches with no Pods. properties: matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements - are ANDed. items: - description: A label - selector requirement - is a selector - that contains - values, a key, - and an operator - that relates the - key and values. properties: key: - description: key - is the label - key that the - selector applies - to. type: string operator: - description: operator - represents - a key's relationship - to a set of - values. Valid - operators - are In, NotIn, - Exists and - DoesNotExist. type: string values: - description: values - is an array - of string - values. If - the operator - is In or NotIn, - the values - array must - be non-empty. - If the operator - is Exists - or DoesNotExist, - the values - array must - be empty. - This array - is replaced - during a strategic - merge patch. items: type: string type: array @@ -29935,163 +9737,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single - {key,value} in the - matchLabels map - is equivalent to - an element of matchExpressions, - whose key field - is "key", the operator - is "In", and the - values array contains - only "value". The - requirements are - ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys - is a set of pod label - keys to select which - pods will be taken into - consideration. The keys - are used to lookup values - from the incoming pod - labels, those key-value - labels are merged with - `labelSelector` as `key - in (value)` to select - the group of existing - pods which pods will - be taken into consideration - for the incoming pod's - pod (anti) affinity. - Keys that don't exist - in the incoming pod - labels will be ignored. - The default value is - empty. The same key - is forbidden to exist - in both matchLabelKeys - and labelSelector. Also, - matchLabelKeys cannot - be set when labelSelector - isn't set. This is an - alpha field and requires - enabling MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys - is a set of pod label - keys to select which - pods will be taken into - consideration. The keys - are used to lookup values - from the incoming pod - labels, those key-value - labels are merged with - `labelSelector` as `key - notin (value)` to select - the group of existing - pods which pods will - be taken into consideration - for the incoming pod's - pod (anti) affinity. - Keys that don't exist - in the incoming pod - labels will be ignored. - The default value is - empty. The same key - is forbidden to exist - in both mismatchLabelKeys - and labelSelector. Also, - mismatchLabelKeys cannot - be set when labelSelector - isn't set. This is an - alpha field and requires - enabling MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query - over the set of namespaces - that the term applies - to. The term is applied - to the union of the - namespaces selected - by this field and the - ones listed in the namespaces - field. null selector - and null or empty namespaces - list means "this pod's - namespace". An empty - selector ({}) matches - all namespaces. properties: matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements - are ANDed. items: - description: A label - selector requirement - is a selector - that contains - values, a key, - and an operator - that relates the - key and values. properties: key: - description: key - is the label - key that the - selector applies - to. type: string operator: - description: operator - represents - a key's relationship - to a set of - values. Valid - operators - are In, NotIn, - Exists and - DoesNotExist. type: string values: - description: values - is an array - of string - values. If - the operator - is In or NotIn, - the values - array must - be non-empty. - If the operator - is Exists - or DoesNotExist, - the values - array must - be empty. - This array - is replaced - during a strategic - merge patch. items: type: string type: array @@ -30105,66 +9773,20 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single - {key,value} in the - matchLabels map - is equivalent to - an element of matchExpressions, - whose key field - is "key", the operator - is "In", and the - values array contains - only "value". The - requirements are - ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces - specifies a static list - of namespace names that - the term applies to. - The term is applied - to the union of the - namespaces listed in - this field and the ones - selected by namespaceSelector. - null or empty namespaces - list and null namespaceSelector - means "this pod's namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: - description: This pod - should be co-located - (affinity) or not co-located - (anti-affinity) with - the pods matching the - labelSelector in the - specified namespaces, - where co-located is - defined as running on - a node whose value of - the label with key topologyKey - matches that of any - node on which any of - the selected pods is - running. Empty topologyKey - is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated - with matching the corresponding - podAffinityTerm, in the - range 1-100. format: int32 type: integer required: @@ -30174,88 +9796,18 @@ spec: type: array x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity - requirements specified by this - field are not met at scheduling - time, the pod will not be scheduled - onto the node. If the anti-affinity - requirements specified by this - field cease to be met at some - point during pod execution (e.g. - due to a pod label update), the - system may or may not try to eventually - evict the pod from its node. When - there are multiple elements, the - lists of nodes corresponding to - each podAffinityTerm are intersected, - i.e. all terms must be satisfied. items: - description: Defines a set of - pods (namely those matching - the labelSelector relative to - the given namespace(s)) that - this pod should be co-located - (affinity) or not co-located - (anti-affinity) with, where - co-located is defined as running - on a node whose value of the - label with key - matches that of any node on - which a pod of the set of pods - is running properties: labelSelector: - description: A label query - over a set of resources, - in this case pods. If it's - null, this PodAffinityTerm - matches with no Pods. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. properties: key: - description: key - is the label key - that the selector - applies to. type: string operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. items: type: string type: array @@ -30269,141 +9821,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys - is a set of pod label keys - to select which pods will - be taken into consideration. - The keys are used to lookup - values from the incoming - pod labels, those key-value - labels are merged with `labelSelector` - as `key in (value)` to select - the group of existing pods - which pods will be taken - into consideration for the - incoming pod's pod (anti) - affinity. Keys that don't - exist in the incoming pod - labels will be ignored. - The default value is empty. - The same key is forbidden - to exist in both matchLabelKeys - and labelSelector. Also, - matchLabelKeys cannot be - set when labelSelector isn't - set. This is an alpha field - and requires enabling MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys - is a set of pod label keys - to select which pods will - be taken into consideration. - The keys are used to lookup - values from the incoming - pod labels, those key-value - labels are merged with `labelSelector` - as `key notin (value)` to - select the group of existing - pods which pods will be - taken into consideration - for the incoming pod's pod - (anti) affinity. Keys that - don't exist in the incoming - pod labels will be ignored. - The default value is empty. - The same key is forbidden - to exist in both mismatchLabelKeys - and labelSelector. Also, - mismatchLabelKeys cannot - be set when labelSelector - isn't set. This is an alpha - field and requires enabling - MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query - over the set of namespaces - that the term applies to. - The term is applied to the - union of the namespaces - selected by this field and - the ones listed in the namespaces - field. null selector and - null or empty namespaces - list means "this pod's namespace". - An empty selector ({}) matches - all namespaces. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. properties: key: - description: key - is the label key - that the selector - applies to. type: string operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. items: type: string type: array @@ -30417,50 +9857,15 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies - a static list of namespace - names that the term applies - to. The term is applied - to the union of the namespaces - listed in this field and - the ones selected by namespaceSelector. - null or empty namespaces - list and null namespaceSelector - means "this pod's namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: - description: This pod should - be co-located (affinity) - or not co-located (anti-affinity) - with the pods matching the - labelSelector in the specified - namespaces, where co-located - is defined as running on - a node whose value of the - label with key topologyKey - matches that of any node - on which any of the selected - pods is running. Empty topologyKey - is not allowed. type: string required: - topologyKey @@ -30470,300 +9875,92 @@ spec: type: object type: object args: - description: 'Arguments to the entrypoint. - The docker image''s CMD is used if this - is not provided. Variable references $(VAR_NAME) - are expanded using the container''s environment. - If a variable cannot be resolved, the - reference in the input string will be - unchanged. The $(VAR_NAME) syntax can - be escaped with a double $$, ie: $$(VAR_NAME). - Escaped references will never be expanded, - regardless of whether the variable exists - or not. Cannot be updated. More info: - https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array containerSecurityContext: - description: 'Security options the pod should - run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation - controls whether a process can gain - more privileges than its parent process. - This bool directly controls if the - no_new_privs flag will be set on the - container process. AllowPrivilegeEscalation - is true always when the container - is: 1) run as Privileged 2) has CAP_SYS_ADMIN - Note that this field cannot be set - when spec.os.name is windows.' type: boolean appArmorProfile: - description: appArmorProfile is the - AppArmor options to use by this container. - If set, this profile overrides the - pod's appArmorProfile. Note that this - field cannot be set when spec.os.name - is windows. properties: localhostProfile: - description: localhostProfile indicates - a profile loaded on the node that - should be used. The profile must - be preconfigured on the node to - work. Must match the loaded name - of the profile. Must be set if - and only if type is "Localhost". type: string type: - description: 'type indicates which - kind of AppArmor profile will - be applied. Valid options are: - Localhost - a profile pre-loaded - on the node. RuntimeDefault - - the container runtime''s default - profile. Unconfined - no AppArmor - enforcement.' type: string required: - type type: object capabilities: - description: The capabilities to add/drop - when running containers. Defaults - to the default set of capabilities - granted by the container runtime. - Note that this field cannot be set - when spec.os.name is windows. properties: add: - description: Added capabilities items: - description: Capability represent - POSIX capabilities type type: string type: array x-kubernetes-list-type: atomic drop: - description: Removed capabilities items: - description: Capability represent - POSIX capabilities type type: string type: array x-kubernetes-list-type: atomic type: object privileged: - description: Run container in privileged - mode. Processes in privileged containers - are essentially equivalent to root - on the host. Defaults to false. Note - that this field cannot be set when - spec.os.name is windows. type: boolean procMount: - description: procMount denotes the type - of proc mount to use for the containers. - The default is DefaultProcMount which - uses the container runtime defaults - for readonly paths and masked paths. - This requires the ProcMountType feature - flag to be enabled. Note that this - field cannot be set when spec.os.name - is windows. type: string readOnlyRootFilesystem: - description: Whether this container - has a read-only root filesystem. Default - is false. Note that this field cannot - be set when spec.os.name is windows. type: boolean runAsGroup: - description: The GID to run the entrypoint - of the container process. Uses runtime - default if unset. May also be set - in PodSecurityContext. If set in - both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this field - cannot be set when spec.os.name is - windows. format: int64 type: integer runAsNonRoot: - description: Indicates that the container - must run as a non-root user. If true, - the Kubelet will validate the image - at runtime to ensure that it does - not run as UID 0 (root) and fail to - start the container if it does. If - unset or false, no such validation - will be performed. May also be set - in PodSecurityContext. If set in - both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint - of the container process. Defaults - to user specified in image metadata - if unspecified. May also be set in - PodSecurityContext. If set in both - SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this field - cannot be set when spec.os.name is - windows. format: int64 type: integer seLinuxOptions: - description: The SELinux context to - be applied to the container. If unspecified, - the container runtime will allocate - a random SELinux context for each - container. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this field - cannot be set when spec.os.name is - windows. properties: level: - description: Level is SELinux level - label that applies to the container. type: string role: - description: Role is a SELinux role - label that applies to the container. type: string type: - description: Type is a SELinux type - label that applies to the container. type: string user: - description: User is a SELinux user - label that applies to the container. type: string type: object seccompProfile: - description: The seccomp options to - use by this container. If seccomp - options are provided at both the pod - & container level, the container options - override the pod options. Note that - this field cannot be set when spec.os.name - is windows. properties: localhostProfile: - description: localhostProfile indicates - a profile defined in a file on - the node should be used. The profile - must be preconfigured on the node - to work. Must be a descending - path, relative to the kubelet's - configured seccomp profile location. - Must be set if type is "Localhost". - Must NOT be set for any other - type. type: string type: - description: "type indicates which - kind of seccomp profile will be - applied. Valid options are: \n - Localhost - a profile defined - in a file on the node should be - used. RuntimeDefault - the container - runtime default profile should - be used. Unconfined - no profile - should be applied." type: string required: - type type: object windowsOptions: - description: The Windows specific settings - applied to all containers. If unspecified, - the options from the PodSecurityContext - will be used. If set in both SecurityContext - and PodSecurityContext, the value - specified in SecurityContext takes - precedence. Note that this field cannot - be set when spec.os.name is linux. properties: gmsaCredentialSpec: - description: GMSACredentialSpec - is where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA - credential spec named by the GMSACredentialSpecName - field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName - is the name of the GMSA credential - spec to use. type: string hostProcess: - description: HostProcess determines - if a container should be run as - a 'Host Process' container. All - of a Pod's containers must have - the same effective HostProcess - value (it is not allowed to have - a mix of HostProcess containers - and non-HostProcess containers). - In addition, if HostProcess is - true then HostNetwork must also - be set to true. type: boolean runAsUserName: - description: The UserName in Windows - to run the entrypoint of the container - process. Defaults to the user - specified in image metadata if - unspecified. May also be set in - PodSecurityContext. If set in - both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. type: string type: object type: object dnsConfig: - description: Specifies the DNS parameters - of a pod. Parameters specified here will - be merged to the generated DNS configuration - based on DNSPolicy. properties: nameservers: - description: A list of DNS name server - IP addresses. This will be appended - to the base nameservers generated - from DNSPolicy. Duplicated nameservers - will be removed. items: type: string type: array x-kubernetes-list-type: atomic options: - description: A list of DNS resolver - options. This will be merged with - the base options generated from DNSPolicy. - Duplicated entries will be removed. - Resolution options given in Options - will override those that appear in - the base DNSPolicy. items: - description: PodDNSConfigOption defines - DNS resolver options of a pod. properties: name: - description: Required. type: string value: type: string @@ -30771,184 +9968,71 @@ spec: type: array x-kubernetes-list-type: atomic searches: - description: A list of DNS search domains - for host-name lookup. This will be - appended to the base search paths - generated from DNSPolicy. Duplicated - search paths will be removed. items: type: string type: array x-kubernetes-list-type: atomic type: object dnsPolicy: - description: Set DNS policy for the pod. - Defaults to "ClusterFirst". Valid values - are 'ClusterFirstWithHostNet', 'ClusterFirst', - 'Default' or 'None'. DNS parameters given - in DNSConfig will be merged with the policy - selected with DNSPolicy. To have DNS options - set along with hostNetwork, you have to - specify DNS policy explicitly to 'ClusterFirstWithHostNet'. type: string enableServiceLinks: - description: 'EnableServiceLinks indicates - whether information about services should - be injected into pod''s environment variables, - matching the syntax of Docker links. Optional: - Defaults to true.' type: boolean env: - description: List of environment variables - to set in the container. Cannot be updated. items: - description: EnvVar represents an environment - variable present in a Container. properties: name: - description: Name of the environment - variable. Must be a C_IDENTIFIER. type: string value: - description: 'Variable references - $(VAR_NAME) are expanded using the - previously defined environment variables - in the container and any service - environment variables. If a variable - cannot be resolved, the reference - in the input string will be unchanged. - Double $$ are reduced to a single - $, which allows for escaping the - $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" - will produce the string literal - "$(VAR_NAME)". Escaped references - will never be expanded, regardless - of whether the variable exists or - not. Defaults to "".' type: string valueFrom: - description: Source for the environment - variable's value. Cannot be used - if value is not empty. properties: configMapKeyRef: - description: Selects a key of - a ConfigMap. properties: key: - description: The key to select. type: string name: default: "" - description: 'Name of the - referent. This field is - effectively required, but - due to backwards compatibility - is allowed to be empty. - Instances of this type with - an empty value here are - almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether - the ConfigMap or its key - must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field - of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, - status.podIPs.' properties: apiVersion: - description: Version of the - schema the FieldPath is - written in terms of, defaults - to "v1". type: string fieldPath: - description: Path of the field - to select in the specified - API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource - of the container: only resources - limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, - requests.cpu, requests.memory - and requests.ephemeral-storage) - are currently supported.' properties: containerName: - description: 'Container name: - required for volumes, optional - for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the - output format of the exposed - resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource - to select' type: string required: - resource type: object x-kubernetes-map-type: atomic secretKeyRef: - description: Selects a key of - a secret in the pod's namespace properties: key: - description: The key of the - secret to select from. Must - be a valid secret key. type: string name: default: "" - description: 'Name of the - referent. This field is - effectively required, but - due to backwards compatibility - is allowed to be empty. - Instances of this type with - an empty value here are - almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether - the Secret or its key must - be defined type: boolean required: - key @@ -30960,290 +10044,89 @@ spec: type: object type: array hostIPC: - description: 'Use the host''s ipc namespace. - Optional: Default to false.' type: boolean hostNetwork: - description: Host networking requested for - this pod. Use the host's network namespace. - If this option is set, the ports that - will be used must be specified. Default - to false. type: boolean hostPID: - description: 'Use the host''s pid namespace. - Optional: Default to false.' type: boolean imagePullSecrets: - description: 'ImagePullSecrets is an optional - list of references to secrets in the same - namespace to use for pulling any of the - images used by this PodSpec. If specified, - these secrets will be passed to individual - puller implementations for them to use. - More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' items: - description: LocalObjectReference contains - enough information to let you locate - the referenced object inside the same - namespace. properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic type: array initContainers: - description: 'List of initialization containers - belonging to the pod. Init containers - are executed in order prior to containers - being started. If any init container fails, - the pod is considered to have failed and - is handled according to its restartPolicy. - The name for an init container or normal - container must be unique among all containers. - Init containers may not have Lifecycle - actions, Readiness probes, or Liveness - probes. The resourceRequirements of an - init container are taken into account - during scheduling by finding the highest - request/limit for each resource type, - and then using the max of of that value - or the sum of the normal containers. Limits - are applied to init containers in a similar - fashion. Init containers cannot currently - be added or removed. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' items: - description: A single application container - that you want to run within a pod. properties: args: - description: 'Arguments to the entrypoint. - The container image''s CMD is used - if this is not provided. Variable - references $(VAR_NAME) are expanded - using the container''s environment. - If a variable cannot be resolved, - the reference in the input string - will be unchanged. Double $$ are - reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: - i.e. "$$(VAR_NAME)" will produce - the string literal "$(VAR_NAME)". - Escaped references will never be - expanded, regardless of whether - the variable exists or not. Cannot - be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array x-kubernetes-list-type: atomic command: - description: 'Entrypoint array. Not - executed within a shell. The container - image''s ENTRYPOINT is used if this - is not provided. Variable references - $(VAR_NAME) are expanded using the - container''s environment. If a variable - cannot be resolved, the reference - in the input string will be unchanged. - Double $$ are reduced to a single - $, which allows for escaping the - $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" - will produce the string literal - "$(VAR_NAME)". Escaped references - will never be expanded, regardless - of whether the variable exists or - not. Cannot be updated. More info: - https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array x-kubernetes-list-type: atomic env: - description: List of environment variables - to set in the container. Cannot - be updated. items: - description: EnvVar represents an - environment variable present in - a Container. properties: name: - description: Name of the environment - variable. Must be a C_IDENTIFIER. type: string value: - description: 'Variable references - $(VAR_NAME) are expanded using - the previously defined environment - variables in the container - and any service environment - variables. If a variable cannot - be resolved, the reference - in the input string will be - unchanged. Double $$ are reduced - to a single $, which allows - for escaping the $(VAR_NAME) - syntax: i.e. "$$(VAR_NAME)" - will produce the string literal - "$(VAR_NAME)". Escaped references - will never be expanded, regardless - of whether the variable exists - or not. Defaults to "".' type: string valueFrom: - description: Source for the - environment variable's value. - Cannot be used if value is - not empty. properties: configMapKeyRef: - description: Selects a key - of a ConfigMap. properties: key: - description: The key - to select. type: string name: default: "" - description: 'Name of - the referent. This - field is effectively - required, but due - to backwards compatibility - is allowed to be empty. - Instances of this - type with an empty - value here are almost - certainly wrong. TODO: - Add other useful fields. - apiVersion, kind, - uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify - whether the ConfigMap - or its key must be - defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a - field of the pod: supports - metadata.name, metadata.namespace, - `metadata.labels['''']`, - `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, - status.podIPs.' properties: apiVersion: - description: Version - of the schema the - FieldPath is written - in terms of, defaults - to "v1". type: string fieldPath: - description: Path of - the field to select - in the specified API - version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a - resource of the container: - only resources limits - and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, - requests.cpu, requests.memory - and requests.ephemeral-storage) - are currently supported.' properties: containerName: - description: 'Container - name: required for - volumes, optional - for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies - the output format - of the exposed resources, - defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: - resource to select' type: string required: - resource type: object x-kubernetes-map-type: atomic secretKeyRef: - description: Selects a key - of a secret in the pod's - namespace properties: key: - description: The key - of the secret to select - from. Must be a valid - secret key. type: string name: default: "" - description: 'Name of - the referent. This - field is effectively - required, but due - to backwards compatibility - is allowed to be empty. - Instances of this - type with an empty - value here are almost - certainly wrong. TODO: - Add other useful fields. - apiVersion, kind, - uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify - whether the Secret - or its key must be - defined type: boolean required: - key @@ -31258,79 +10141,25 @@ spec: - name x-kubernetes-list-type: map envFrom: - description: List of sources to populate - environment variables in the container. - The keys defined within a source - must be a C_IDENTIFIER. All invalid - keys will be reported as an event - when the container is starting. - When a key exists in multiple sources, - the value associated with the last - source will take precedence. Values - defined by an Env with a duplicate - key will take precedence. Cannot - be updated. items: - description: EnvFromSource represents - the source of a set of ConfigMaps properties: configMapRef: - description: The ConfigMap to - select from properties: name: default: "" - description: 'Name of the - referent. This field is - effectively required, - but due to backwards compatibility - is allowed to be empty. - Instances of this type - with an empty value here - are almost certainly wrong. - TODO: Add other useful - fields. apiVersion, kind, - uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether - the ConfigMap must be - defined type: boolean type: object x-kubernetes-map-type: atomic prefix: - description: An optional identifier - to prepend to each key in - the ConfigMap. Must be a C_IDENTIFIER. type: string secretRef: - description: The Secret to select - from properties: name: default: "" - description: 'Name of the - referent. This field is - effectively required, - but due to backwards compatibility - is allowed to be empty. - Instances of this type - with an empty value here - are almost certainly wrong. - TODO: Add other useful - fields. apiVersion, kind, - uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether - the Secret must be defined type: boolean type: object x-kubernetes-map-type: atomic @@ -31338,100 +10167,31 @@ spec: type: array x-kubernetes-list-type: atomic image: - description: 'Container image name. - More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow - higher level config management to - default or override container images - in workload controllers like Deployments - and StatefulSets.' type: string imagePullPolicy: - description: 'Image pull policy. One - of Always, Never, IfNotPresent. - Defaults to Always if :latest tag - is specified, or IfNotPresent otherwise. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' type: string lifecycle: - description: Actions that the management - system should take in response to - container lifecycle events. Cannot - be updated. properties: postStart: - description: 'PostStart is called - immediately after a container - is created. If the handler fails, - the container is terminated - and restarted according to its - restart policy. Other management - of the container blocks until - the hook completes. More info: - https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: Exec specifies - the action to take. properties: command: - description: Command is - the command line to - execute inside the container, - the working directory - for the command is - root ('/') in the container's - filesystem. The command - is simply exec'd, it - is not run inside a - shell, so traditional - shell instructions ('|', - etc) won't work. To - use a shell, you need - to explicitly call out - to that shell. Exit - status of 0 is treated - as live/healthy and - non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies - the http request to perform. properties: host: - description: Host name - to connect to, defaults - to the pod IP. You probably - want to set "Host" in - httpHeaders instead. type: string httpHeaders: - description: Custom headers - to set in the request. - HTTP allows repeated - headers. items: - description: HTTPHeader - describes a custom - header to be used - in HTTP probes properties: name: - description: The - header field name. - This will be canonicalized - upon output, so - case-variant names - will be understood - as the same header. type: string value: - description: The - header field value type: string required: - name @@ -31440,160 +10200,58 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access - on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number - of the port to access - on the container. Number - must be in the range - 1 to 65535. Name must - be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to - use for connecting to - the host. Defaults to - HTTP. type: string required: - port type: object sleep: - description: Sleep represents - the duration that the container - should sleep before being - terminated. properties: seconds: - description: Seconds is - the number of seconds - to sleep. format: int64 type: integer required: - seconds type: object tcpSocket: - description: Deprecated. TCPSocket - is NOT supported as a LifecycleHandler - and kept for the backward - compatibility. There are - no validation of this field - and lifecycle hooks will - fail in runtime when tcp - handler is specified. properties: host: - description: 'Optional: - Host name to connect - to, defaults to the - pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or - name of the port to - access on the container. - Number must be in the - range 1 to 65535. Name - must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: - description: 'PreStop is called - immediately before a container - is terminated due to an API - request or management event - such as liveness/startup probe - failure, preemption, resource - contention, etc. The handler - is not called if the container - crashes or exits. The Pod''s - termination grace period countdown - begins before the PreStop hook - is executed. Regardless of the - outcome of the handler, the - container will eventually terminate - within the Pod''s termination - grace period (unless delayed - by finalizers). Other management - of the container blocks until - the hook completes or until - the termination grace period - is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: Exec specifies - the action to take. properties: command: - description: Command is - the command line to - execute inside the container, - the working directory - for the command is - root ('/') in the container's - filesystem. The command - is simply exec'd, it - is not run inside a - shell, so traditional - shell instructions ('|', - etc) won't work. To - use a shell, you need - to explicitly call out - to that shell. Exit - status of 0 is treated - as live/healthy and - non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies - the http request to perform. properties: host: - description: Host name - to connect to, defaults - to the pod IP. You probably - want to set "Host" in - httpHeaders instead. type: string httpHeaders: - description: Custom headers - to set in the request. - HTTP allows repeated - headers. items: - description: HTTPHeader - describes a custom - header to be used - in HTTP probes properties: name: - description: The - header field name. - This will be canonicalized - upon output, so - case-variant names - will be understood - as the same header. type: string value: - description: The - header field value type: string required: - name @@ -31602,70 +10260,33 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access - on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number - of the port to access - on the container. Number - must be in the range - 1 to 65535. Name must - be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to - use for connecting to - the host. Defaults to - HTTP. type: string required: - port type: object sleep: - description: Sleep represents - the duration that the container - should sleep before being - terminated. properties: seconds: - description: Seconds is - the number of seconds - to sleep. format: int64 type: integer required: - seconds type: object tcpSocket: - description: Deprecated. TCPSocket - is NOT supported as a LifecycleHandler - and kept for the backward - compatibility. There are - no validation of this field - and lifecycle hooks will - fail in runtime when tcp - handler is specified. properties: host: - description: 'Optional: - Host name to connect - to, defaults to the - pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or - name of the port to - access on the container. - Number must be in the - range 1 to 65535. Name - must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -31673,98 +10294,38 @@ spec: type: object type: object livenessProbe: - description: 'Periodic probe of container - liveness. Container will be restarted - if the probe fails. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the - action to take. properties: command: - description: Command is the - command line to execute - inside the container, the - working directory for the - command is root ('/') in - the container's filesystem. - The command is simply exec'd, - it is not run inside a shell, - so traditional shell instructions - ('|', etc) won't work. To - use a shell, you need to - explicitly call out to that - shell. Exit status of 0 - is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive - failures for the probe to be - considered failed after having - succeeded. Defaults to 3. Minimum - value is 1. format: int32 type: integer grpc: - description: GRPC specifies an - action involving a GRPC port. properties: port: - description: Port number of - the gRPC service. Number - must be in the range 1 to - 65535. format: int32 type: integer service: - description: "Service is the - name of the service to place - in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, - the default behavior is - defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies - the http request to perform. properties: host: - description: Host name to - connect to, defaults to - the pod IP. You probably - want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. items: - description: HTTPHeader - describes a custom header - to be used in HTTP probes properties: name: - description: The header - field name. This will - be canonicalized upon - output, so case-variant - names will be understood - as the same header. type: string value: - description: The header - field value type: string required: - name @@ -31773,166 +10334,62 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access - on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use - for connecting to the host. - Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds - after the container has started - before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) - to perform the probe. Default - to 10 seconds. Minimum value - is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive - successes for the probe to be - considered successful after - having failed. Defaults to 1. - Must be 1 for liveness and startup. - Minimum value is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies - an action involving a TCP port. properties: host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration - in seconds the pod needs to - terminate gracefully upon probe - failure. The grace period is - the duration in seconds after - the processes running in the - pod are sent a termination signal - and the time when the processes - are forcibly halted with a kill - signal. Set this value longer - than the expected cleanup time - for your process. If this value - is nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this - value overrides the value provided - by the pod spec. Value must - be non-negative integer. The - value zero indicates stop immediately - via the kill signal (no opportunity - to shut down). This is a beta - field and requires enabling - ProbeTerminationGracePeriod - feature gate. Minimum value - is 1. spec.terminationGracePeriodSeconds - is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds - after which the probe times - out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object name: - description: Name of the container - specified as a DNS_LABEL. Each container - in a pod must have a unique name - (DNS_LABEL). Cannot be updated. type: string ports: - description: List of ports to expose - from the container. Not specifying - a port here DOES NOT prevent that - port from being exposed. Any port - which is listening on the default - "0.0.0.0" address inside a container - will be accessible from the network. - Modifying this array with strategic - merge patch may corrupt the data. - For more information See https://github.com/kubernetes/kubernetes/issues/108255. - Cannot be updated. items: - description: ContainerPort represents - a network port in a single container. properties: containerPort: - description: Number of port - to expose on the pod's IP - address. This must be a valid - port number, 0 < x < 65536. format: int32 type: integer hostIP: - description: What host IP to - bind the external port to. type: string hostPort: - description: Number of port - to expose on the host. If - specified, this must be a - valid port number, 0 < x < - 65536. If HostNetwork is specified, - this must match ContainerPort. - Most containers do not need - this. format: int32 type: integer name: - description: If specified, this - must be an IANA_SVC_NAME and - unique within the pod. Each - named port in a pod must have - a unique name. Name for the - port that can be referred - to by services. type: string protocol: default: TCP - description: Protocol for port. - Must be UDP, TCP, or SCTP. - Defaults to "TCP". type: string required: - containerPort @@ -31943,99 +10400,38 @@ spec: - protocol x-kubernetes-list-type: map readinessProbe: - description: 'Periodic probe of container - service readiness. Container will - be removed from service endpoints - if the probe fails. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the - action to take. properties: command: - description: Command is the - command line to execute - inside the container, the - working directory for the - command is root ('/') in - the container's filesystem. - The command is simply exec'd, - it is not run inside a shell, - so traditional shell instructions - ('|', etc) won't work. To - use a shell, you need to - explicitly call out to that - shell. Exit status of 0 - is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive - failures for the probe to be - considered failed after having - succeeded. Defaults to 3. Minimum - value is 1. format: int32 type: integer grpc: - description: GRPC specifies an - action involving a GRPC port. properties: port: - description: Port number of - the gRPC service. Number - must be in the range 1 to - 65535. format: int32 type: integer service: - description: "Service is the - name of the service to place - in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, - the default behavior is - defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies - the http request to perform. properties: host: - description: Host name to - connect to, defaults to - the pod IP. You probably - want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. items: - description: HTTPHeader - describes a custom header - to be used in HTTP probes properties: name: - description: The header - field name. This will - be canonicalized upon - output, so case-variant - names will be understood - as the same header. type: string value: - description: The header - field value type: string required: - name @@ -32044,127 +10440,51 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access - on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use - for connecting to the host. - Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds - after the container has started - before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) - to perform the probe. Default - to 10 seconds. Minimum value - is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive - successes for the probe to be - considered successful after - having failed. Defaults to 1. - Must be 1 for liveness and startup. - Minimum value is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies - an action involving a TCP port. properties: host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration - in seconds the pod needs to - terminate gracefully upon probe - failure. The grace period is - the duration in seconds after - the processes running in the - pod are sent a termination signal - and the time when the processes - are forcibly halted with a kill - signal. Set this value longer - than the expected cleanup time - for your process. If this value - is nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this - value overrides the value provided - by the pod spec. Value must - be non-negative integer. The - value zero indicates stop immediately - via the kill signal (no opportunity - to shut down). This is a beta - field and requires enabling - ProbeTerminationGracePeriod - feature gate. Minimum value - is 1. spec.terminationGracePeriodSeconds - is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds - after which the probe times - out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object resizePolicy: - description: Resources resize policy - for the container. items: - description: ContainerResizePolicy - represents resource resize policy - for the container. properties: resourceName: - description: 'Name of the resource - to which this resource resize - policy applies. Supported - values: cpu, memory.' type: string restartPolicy: - description: Restart policy - to apply when specified resource - is resized. If not specified, - it defaults to NotRequired. type: string required: - resourceName @@ -32173,32 +10493,11 @@ spec: type: array x-kubernetes-list-type: atomic resources: - description: 'Compute Resources required - by this container. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' properties: claims: - description: "Claims lists the - names of resources, defined - in spec.resourceClaims, that - are used by this container. - \n This is an alpha field and - requires enabling the DynamicResourceAllocation - feature gate. \n This field - is immutable. It can only be - set for containers." items: - description: ResourceClaim references - one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match - the name of one entry - in pod.spec.resourceClaims - of the Pod where this - field is used. It makes - that resource available - inside a container. type: string required: - name @@ -32214,10 +10513,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes - the maximum amount of compute - resources allowed. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -32226,437 +10521,115 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes - the minimum amount of compute - resources required. If Requests - is omitted for a container, - it defaults to Limits if that - is explicitly specified, otherwise - to an implementation-defined - value. Requests cannot exceed - Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object restartPolicy: - description: 'RestartPolicy defines - the restart behavior of individual - containers in a pod. This field - may only be set for init containers, - and the only allowed value is "Always". - For non-init containers or when - this field is not specified, the - restart behavior is defined by the - Pod''s restart policy and the container - type. Setting the RestartPolicy - as "Always" for the init container - will have the following effect: - this init container will be continually - restarted on exit until all regular - containers have terminated. Once - all regular containers have completed, - all init containers with restartPolicy - "Always" will be shut down. This - lifecycle differs from normal init - containers and is often referred - to as a "sidecar" container. Although - this init container still starts - in the init container sequence, - it does not wait for the container - to complete before proceeding to - the next init container. Instead, - the next init container starts immediately - after this init container is started, - or after any startupProbe has successfully - completed.' type: string securityContext: - description: 'SecurityContext defines - the security options the container - should be run with. If set, the - fields of SecurityContext override - the equivalent fields of PodSecurityContext. - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation - controls whether a process can - gain more privileges than its - parent process. This bool directly - controls if the no_new_privs - flag will be set on the container - process. AllowPrivilegeEscalation - is true always when the container - is: 1) run as Privileged 2) - has CAP_SYS_ADMIN Note that - this field cannot be set when - spec.os.name is windows.' type: boolean appArmorProfile: - description: appArmorProfile is - the AppArmor options to use - by this container. If set, this - profile overrides the pod's - appArmorProfile. Note that this - field cannot be set when spec.os.name - is windows. properties: localhostProfile: - description: localhostProfile - indicates a profile loaded - on the node that should - be used. The profile must - be preconfigured on the - node to work. Must match - the loaded name of the profile. - Must be set if and only - if type is "Localhost". type: string type: - description: 'type indicates - which kind of AppArmor profile - will be applied. Valid options - are: Localhost - a profile - pre-loaded on the node. - RuntimeDefault - the container - runtime''s default profile. - Unconfined - no AppArmor - enforcement.' type: string required: - type type: object capabilities: - description: The capabilities - to add/drop when running containers. - Defaults to the default set - of capabilities granted by the - container runtime. Note that - this field cannot be set when - spec.os.name is windows. properties: add: - description: Added capabilities items: - description: Capability - represent POSIX capabilities - type type: string type: array x-kubernetes-list-type: atomic drop: - description: Removed capabilities items: - description: Capability - represent POSIX capabilities - type type: string type: array x-kubernetes-list-type: atomic type: object privileged: - description: Run container in - privileged mode. Processes in - privileged containers are essentially - equivalent to root on the host. - Defaults to false. Note that - this field cannot be set when - spec.os.name is windows. type: boolean procMount: - description: procMount denotes - the type of proc mount to use - for the containers. The default - is DefaultProcMount which uses - the container runtime defaults - for readonly paths and masked - paths. This requires the ProcMountType - feature flag to be enabled. - Note that this field cannot - be set when spec.os.name is - windows. type: string readOnlyRootFilesystem: - description: Whether this container - has a read-only root filesystem. - Default is false. Note that - this field cannot be set when - spec.os.name is windows. type: boolean runAsGroup: - description: The GID to run the - entrypoint of the container - process. Uses runtime default - if unset. May also be set in - PodSecurityContext. If set - in both SecurityContext and - PodSecurityContext, the value - specified in SecurityContext - takes precedence. Note that - this field cannot be set when - spec.os.name is windows. format: int64 type: integer runAsNonRoot: - description: Indicates that the - container must run as a non-root - user. If true, the Kubelet will - validate the image at runtime - to ensure that it does not run - as UID 0 (root) and fail to - start the container if it does. - If unset or false, no such validation - will be performed. May also - be set in PodSecurityContext. If - set in both SecurityContext - and PodSecurityContext, the - value specified in SecurityContext - takes precedence. type: boolean runAsUser: - description: The UID to run the - entrypoint of the container - process. Defaults to user specified - in image metadata if unspecified. - May also be set in PodSecurityContext. If - set in both SecurityContext - and PodSecurityContext, the - value specified in SecurityContext - takes precedence. Note that - this field cannot be set when - spec.os.name is windows. format: int64 type: integer seLinuxOptions: - description: The SELinux context - to be applied to the container. - If unspecified, the container - runtime will allocate a random - SELinux context for each container. May - also be set in PodSecurityContext. If - set in both SecurityContext - and PodSecurityContext, the - value specified in SecurityContext - takes precedence. Note that - this field cannot be set when - spec.os.name is windows. properties: level: - description: Level is SELinux - level label that applies - to the container. type: string role: - description: Role is a SELinux - role label that applies - to the container. type: string type: - description: Type is a SELinux - type label that applies - to the container. type: string user: - description: User is a SELinux - user label that applies - to the container. type: string type: object seccompProfile: - description: The seccomp options - to use by this container. If - seccomp options are provided - at both the pod & container - level, the container options - override the pod options. Note - that this field cannot be set - when spec.os.name is windows. properties: localhostProfile: - description: localhostProfile - indicates a profile defined - in a file on the node should - be used. The profile must - be preconfigured on the - node to work. Must be a - descending path, relative - to the kubelet's configured - seccomp profile location. - Must be set if type is "Localhost". - Must NOT be set for any - other type. type: string type: - description: "type indicates - which kind of seccomp profile - will be applied. Valid options - are: \n Localhost - a profile - defined in a file on the - node should be used. RuntimeDefault - - the container runtime - default profile should be - used. Unconfined - no profile - should be applied." type: string required: - type type: object windowsOptions: - description: The Windows specific - settings applied to all containers. - If unspecified, the options - from the PodSecurityContext - will be used. If set in both - SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that - this field cannot be set when - spec.os.name is linux. properties: gmsaCredentialSpec: - description: GMSACredentialSpec - is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of - the GMSA credential spec - named by the GMSACredentialSpecName - field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName - is the name of the GMSA - credential spec to use. type: string hostProcess: - description: HostProcess determines - if a container should be - run as a 'Host Process' - container. All of a Pod's - containers must have the - same effective HostProcess - value (it is not allowed - to have a mix of HostProcess - containers and non-HostProcess - containers). In addition, - if HostProcess is true then - HostNetwork must also be - set to true. type: boolean runAsUserName: - description: The UserName - in Windows to run the entrypoint - of the container process. - Defaults to the user specified - in image metadata if unspecified. - May also be set in PodSecurityContext. - If set in both SecurityContext - and PodSecurityContext, - the value specified in SecurityContext - takes precedence. type: string type: object type: object startupProbe: - description: 'StartupProbe indicates - that the Pod has successfully initialized. - If specified, no other probes are - executed until this completes successfully. - If this probe fails, the Pod will - be restarted, just as if the livenessProbe - failed. This can be used to provide - different probe parameters at the - beginning of a Pod''s lifecycle, - when it might take a long time to - load data or warm a cache, than - during steady-state operation. This - cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the - action to take. properties: command: - description: Command is the - command line to execute - inside the container, the - working directory for the - command is root ('/') in - the container's filesystem. - The command is simply exec'd, - it is not run inside a shell, - so traditional shell instructions - ('|', etc) won't work. To - use a shell, you need to - explicitly call out to that - shell. Exit status of 0 - is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive - failures for the probe to be - considered failed after having - succeeded. Defaults to 3. Minimum - value is 1. format: int32 type: integer grpc: - description: GRPC specifies an - action involving a GRPC port. properties: port: - description: Port number of - the gRPC service. Number - must be in the range 1 to - 65535. format: int32 type: integer service: - description: "Service is the - name of the service to place - in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, - the default behavior is - defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies - the http request to perform. properties: host: - description: Host name to - connect to, defaults to - the pod IP. You probably - want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. items: - description: HTTPHeader - describes a custom header - to be used in HTTP probes properties: name: - description: The header - field name. This will - be canonicalized upon - output, so case-variant - names will be understood - as the same header. type: string value: - description: The header - field value type: string required: - name @@ -32665,190 +10638,61 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access - on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use - for connecting to the host. - Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds - after the container has started - before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) - to perform the probe. Default - to 10 seconds. Minimum value - is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive - successes for the probe to be - considered successful after - having failed. Defaults to 1. - Must be 1 for liveness and startup. - Minimum value is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies - an action involving a TCP port. properties: host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration - in seconds the pod needs to - terminate gracefully upon probe - failure. The grace period is - the duration in seconds after - the processes running in the - pod are sent a termination signal - and the time when the processes - are forcibly halted with a kill - signal. Set this value longer - than the expected cleanup time - for your process. If this value - is nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this - value overrides the value provided - by the pod spec. Value must - be non-negative integer. The - value zero indicates stop immediately - via the kill signal (no opportunity - to shut down). This is a beta - field and requires enabling - ProbeTerminationGracePeriod - feature gate. Minimum value - is 1. spec.terminationGracePeriodSeconds - is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds - after which the probe times - out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object stdin: - description: Whether this container - should allocate a buffer for stdin - in the container runtime. If this - is not set, reads from stdin in - the container will always result - in EOF. Default is false. type: boolean stdinOnce: - description: Whether the container - runtime should close the stdin channel - after it has been opened by a single - attach. When stdin is true the stdin - stream will remain open across multiple - attach sessions. If stdinOnce is - set to true, stdin is opened on - container start, is empty until - the first client attaches to stdin, - and then remains open and accepts - data until the client disconnects, - at which time stdin is closed and - remains closed until the container - is restarted. If this flag is false, - a container processes that reads - from stdin will never receive an - EOF. Default is false type: boolean terminationMessagePath: - description: 'Optional: Path at which - the file to which the container''s - termination message will be written - is mounted into the container''s - filesystem. Message written is intended - to be brief final status, such as - an assertion failure message. Will - be truncated by the node if greater - than 4096 bytes. The total message - length across all containers will - be limited to 12kb. Defaults to - /dev/termination-log. Cannot be - updated.' type: string terminationMessagePolicy: - description: Indicate how the termination - message should be populated. File - will use the contents of terminationMessagePath - to populate the container status - message on both success and failure. - FallbackToLogsOnError will use the - last chunk of container log output - if the termination message file - is empty and the container exited - with an error. The log output is - limited to 2048 bytes or 80 lines, - whichever is smaller. Defaults to - File. Cannot be updated. type: string tty: - description: Whether this container - should allocate a TTY for itself, - also requires 'stdin' to be true. - Default is false. type: boolean volumeDevices: - description: volumeDevices is the - list of block devices to be used - by the container. items: - description: volumeDevice describes - a mapping of a raw block device - within a container. properties: devicePath: - description: devicePath is the - path inside of the container - that the device will be mapped - to. type: string name: - description: name must match - the name of a persistentVolumeClaim - in the pod type: string required: - devicePath @@ -32859,90 +10703,21 @@ spec: - devicePath x-kubernetes-list-type: map volumeMounts: - description: Pod volumes to mount - into the container's filesystem. - Cannot be updated. items: - description: VolumeMount describes - a mounting of a Volume within - a container. properties: mountPath: - description: Path within the - container at which the volume - should be mounted. Must not - contain ':'. type: string mountPropagation: - description: mountPropagation - determines how mounts are - propagated from the host to - container and the other way - around. When not set, MountPropagationNone - is used. This field is beta - in 1.10. When RecursiveReadOnly - is set to IfPossible or to - Enabled, MountPropagation - must be None or unspecified - (which defaults to None). type: string name: - description: This must match - the Name of a Volume. type: string readOnly: - description: Mounted read-only - if true, read-write otherwise - (false or unspecified). Defaults - to false. type: boolean recursiveReadOnly: - description: "RecursiveReadOnly - specifies whether read-only - mounts should be handled recursively. - \n If ReadOnly is false, this - field has no meaning and must - be unspecified. \n If ReadOnly - is true, and this field is - set to Disabled, the mount - is not made recursively read-only. - \ If this field is set to - IfPossible, the mount is made - recursively read-only, if - it is supported by the container - runtime. If this field is - set to Enabled, the mount - is made recursively read-only - if it is supported by the - container runtime, otherwise - the pod will not be started - and an error will be generated - to indicate the reason. \n - If this field is set to IfPossible - or Enabled, MountPropagation - must be set to None (or be - unspecified, which defaults - to None). \n If this field - is not specified, it is treated - as an equivalent of Disabled." type: string subPath: - description: Path within the - volume from which the container's - volume should be mounted. - Defaults to "" (volume's root). type: string subPathExpr: - description: Expanded path within - the volume from which the - container's volume should - be mounted. Behaves similarly - to SubPath but environment - variable references $(VAR_NAME) - are expanded using the container's - environment. Defaults to "" - (volume's root). SubPathExpr - and SubPath are mutually exclusive. type: string required: - mountPath @@ -32953,84 +10728,33 @@ spec: - mountPath x-kubernetes-list-type: map workingDir: - description: Container's working directory. - If not specified, the container - runtime's default will be used, - which might be configured in the - container image. Cannot be updated. type: string required: - name type: object type: array lifecycle: - description: Actions that the management - system should take in response to container - lifecycle events. Cannot be updated. properties: postStart: - description: 'PostStart is called immediately - after a container is created. If the - handler fails, the container is terminated - and restarted according to its restart - policy. Other management of the container - blocks until the hook completes. More - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: Exec specifies the - action to take. properties: command: - description: Command is the - command line to execute inside - the container, the working - directory for the command is - root ('/') in the container's - filesystem. The command is - simply exec'd, it is not run - inside a shell, so traditional - shell instructions ('|', etc) - won't work. To use a shell, - you need to explicitly call - out to that shell. Exit status - of 0 is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the - http request to perform. properties: host: - description: Host name to connect - to, defaults to the pod IP. - You probably want to set "Host" - in httpHeaders instead. type: string httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. items: - description: HTTPHeader describes - a custom header to be used - in HTTP probes properties: name: - description: The header - field name. This will - be canonicalized upon - output, so case-variant - names will be understood - as the same header. type: string value: - description: The header - field value type: string required: - name @@ -33039,141 +10763,58 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access - on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number - of the port to access on the - container. Number must be - in the range 1 to 65535. Name - must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for - connecting to the host. Defaults - to HTTP. type: string required: - port type: object sleep: - description: Sleep represents the - duration that the container should - sleep before being terminated. properties: seconds: - description: Seconds is the - number of seconds to sleep. format: int64 type: integer required: - seconds type: object tcpSocket: - description: Deprecated. TCPSocket - is NOT supported as a LifecycleHandler - and kept for the backward compatibility. - There are no validation of this - field and lifecycle hooks will - fail in runtime when tcp handler - is specified. properties: host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name - of the port to access on the - container. Number must be - in the range 1 to 65535. Name - must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: - description: 'PreStop is called immediately - before a container is terminated due - to an API request or management event - such as liveness/startup probe failure, - preemption, resource contention, etc. - The handler is not called if the container - crashes or exits. The Pod''s termination - grace period countdown begins before - the PreStop hook is executed. Regardless - of the outcome of the handler, the - container will eventually terminate - within the Pod''s termination grace - period (unless delayed by finalizers). - Other management of the container - blocks until the hook completes or - until the termination grace period - is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: Exec specifies the - action to take. properties: command: - description: Command is the - command line to execute inside - the container, the working - directory for the command is - root ('/') in the container's - filesystem. The command is - simply exec'd, it is not run - inside a shell, so traditional - shell instructions ('|', etc) - won't work. To use a shell, - you need to explicitly call - out to that shell. Exit status - of 0 is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the - http request to perform. properties: host: - description: Host name to connect - to, defaults to the pod IP. - You probably want to set "Host" - in httpHeaders instead. type: string httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. items: - description: HTTPHeader describes - a custom header to be used - in HTTP probes properties: name: - description: The header - field name. This will - be canonicalized upon - output, so case-variant - names will be understood - as the same header. type: string value: - description: The header - field value type: string required: - name @@ -33182,63 +10823,33 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access - on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number - of the port to access on the - container. Number must be - in the range 1 to 65535. Name - must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for - connecting to the host. Defaults - to HTTP. type: string required: - port type: object sleep: - description: Sleep represents the - duration that the container should - sleep before being terminated. properties: seconds: - description: Seconds is the - number of seconds to sleep. format: int64 type: integer required: - seconds type: object tcpSocket: - description: Deprecated. TCPSocket - is NOT supported as a LifecycleHandler - and kept for the backward compatibility. - There are no validation of this - field and lifecycle hooks will - fail in runtime when tcp handler - is specified. properties: host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name - of the port to access on the - container. Number must be - in the range 1 to 65535. Name - must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -33246,94 +10857,38 @@ spec: type: object type: object livenessProbe: - description: 'Periodic probe of container - liveness. Container will be restarted - if the probe fails. Controllers may set - default LivenessProbe if no liveness probe - is provided. To ignore defaulting, set - the value to empty LivenessProbe "{}". - Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action - to take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the - command is root ('/') in the - container's filesystem. The command - is simply exec'd, it is not run - inside a shell, so traditional - shell instructions ('|', etc) - won't work. To use a shell, you - need to explicitly call out to - that shell. Exit status of 0 is - treated as live/healthy and non-zero - is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults to - 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action - involving a GRPC port. properties: port: - description: Port number of the - gRPC service. Number must be in - the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name - of the service to place in the - gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the - default behavior is defined by - gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http - request to perform. properties: host: - description: Host name to connect - to, defaults to the pod IP. You - probably want to set "Host" in - httpHeaders instead. type: string httpHeaders: - description: Custom headers to set - in the request. HTTP allows repeated - headers. items: - description: HTTPHeader describes - a custom header to be used in - HTTP probes properties: name: - description: The header field - name. This will be canonicalized - upon output, so case-variant - names will be understood - as the same header. type: string value: - description: The header field - value type: string required: - name @@ -33342,239 +10897,95 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the - HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the - port to access on the container. - Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after - the container has started before liveness - probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) - to perform the probe. Default to 10 - seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to 1. - Must be 1 for liveness and startup. - Minimum value is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an - action involving a TCP port. properties: host: - description: 'Optional: Host name - to connect to, defaults to the - pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the - port to access on the container. - Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds - the pod needs to terminate gracefully - upon probe failure. The grace period - is the duration in seconds after the - processes running in the pod are sent - a termination signal and the time - when the processes are forcibly halted - with a kill signal. Set this value - longer than the expected cleanup time - for your process. If this value is - nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this value - overrides the value provided by the - pod spec. Value must be non-negative - integer. The value zero indicates - stop immediately via the kill signal - (no opportunity to shut down). This - is a beta field and requires enabling - ProbeTerminationGracePeriod feature - gate. Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after - which the probe times out. Defaults - to 1 second. Minimum value is 1. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object nodeSelector: additionalProperties: type: string - description: 'NodeSelector is a selector - which must be true for the pod to fit - on a node. Selector which must match a - node''s labels for the pod to be scheduled - on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' type: object x-kubernetes-map-type: atomic podPlacementPolicy: - description: PodPlacementPolicy is the reference - of the podPlacementPolicy properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value here - are almost certainly wrong. TODO: - Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic priority: - description: The priority value. Various - system components use this field to find - the priority of the pod. When Priority - Admission Controller is enabled, it prevents - users from setting this field. The admission - controller populates this field from PriorityClassName. - The higher the value, the higher the priority. format: int32 type: integer priorityClassName: - description: If specified, indicates the - pod's priority. "system-node-critical" - and "system-cluster-critical" are two - special keywords which indicate the highest - priorities with the former being the highest - priority. Any other name must be defined - by creating a PriorityClass object with - that name. If not specified, the pod priority - will be default or zero if there is no - default. type: string readinessProbe: - description: 'Periodic probe of container - service readiness. Container will be removed - from service endpoints if the probe fails. - Cannot be updated. Controllers may set - default ReadinessProbe if no readyness - probe is provided. To ignore defaulting, - set the value to empty ReadynessProbe - "{}". More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action - to take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the - command is root ('/') in the - container's filesystem. The command - is simply exec'd, it is not run - inside a shell, so traditional - shell instructions ('|', etc) - won't work. To use a shell, you - need to explicitly call out to - that shell. Exit status of 0 is - treated as live/healthy and non-zero - is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults to - 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action - involving a GRPC port. properties: port: - description: Port number of the - gRPC service. Number must be in - the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name - of the service to place in the - gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the - default behavior is defined by - gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http - request to perform. properties: host: - description: Host name to connect - to, defaults to the pod IP. You - probably want to set "Host" in - httpHeaders instead. type: string httpHeaders: - description: Custom headers to set - in the request. HTTP allows repeated - headers. items: - description: HTTPHeader describes - a custom header to be used in - HTTP probes properties: name: - description: The header field - name. This will be canonicalized - upon output, so case-variant - names will be understood - as the same header. type: string value: - description: The header field - value type: string required: - name @@ -33583,120 +10994,51 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the - HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the - port to access on the container. - Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after - the container has started before liveness - probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) - to perform the probe. Default to 10 - seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to 1. - Must be 1 for liveness and startup. - Minimum value is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an - action involving a TCP port. properties: host: - description: 'Optional: Host name - to connect to, defaults to the - pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the - port to access on the container. - Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds - the pod needs to terminate gracefully - upon probe failure. The grace period - is the duration in seconds after the - processes running in the pod are sent - a termination signal and the time - when the processes are forcibly halted - with a kill signal. Set this value - longer than the expected cleanup time - for your process. If this value is - nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this value - overrides the value provided by the - pod spec. Value must be non-negative - integer. The value zero indicates - stop immediately via the kill signal - (no opportunity to shut down). This - is a beta field and requires enabling - ProbeTerminationGracePeriod feature - gate. Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after - which the probe times out. Defaults - to 1 second. Minimum value is 1. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object resources: - description: Compute Resources required - by the sidecar container. properties: claims: - description: "Claims lists the names - of resources, defined in spec.resourceClaims, - that are used by this container. \n - This is an alpha field and requires - enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. - It can only be set for containers." items: - description: ResourceClaim references - one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the - name of one entry in pod.spec.resourceClaims - of the Pod where this field - is used. It makes that resource - available inside a container. type: string required: - name @@ -33712,9 +11054,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum - amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -33723,239 +11062,68 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the - minimum amount of compute resources - required. If Requests is omitted for - a container, it defaults to Limits - if that is explicitly specified, otherwise - to an implementation-defined value. - Requests cannot exceed Limits. More - info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object runtimeClassName: - description: 'RuntimeClassName refers to - a RuntimeClass object in the node.k8s.io - group, which should be used to run this - pod. If no RuntimeClass resource matches - the named class, the pod will not be run. - If unset or empty, the "legacy" RuntimeClass - will be used, which is an implicit class - with an empty definition that uses the - default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class' type: string schedulerName: - description: If specified, the pod will - be dispatched by specified scheduler. - If not specified, the pod will be dispatched - by default scheduler. type: string securityContext: - description: 'SecurityContext holds pod-level - security attributes and common container - settings. Optional: Defaults to empty. See - type description for default values of - each field.' properties: appArmorProfile: - description: appArmorProfile is the - AppArmor options to use by the containers - in this pod. Note that this field - cannot be set when spec.os.name is - windows. properties: localhostProfile: - description: localhostProfile indicates - a profile loaded on the node that - should be used. The profile must - be preconfigured on the node to - work. Must match the loaded name - of the profile. Must be set if - and only if type is "Localhost". type: string type: - description: 'type indicates which - kind of AppArmor profile will - be applied. Valid options are: - Localhost - a profile pre-loaded - on the node. RuntimeDefault - - the container runtime''s default - profile. Unconfined - no AppArmor - enforcement.' type: string required: - type type: object fsGroup: - description: "A special supplemental - group that applies to all containers - in a pod. Some volume types allow - the Kubelet to change the ownership - of that volume to be owned by the - pod: \n 1. The owning GID will be - the FSGroup 2. The setgid bit is set - (new files created in the volume will - be owned by FSGroup) 3. The permission - bits are OR'd with rw-rw---- \n If - unset, the Kubelet will not modify - the ownership and permissions of any - volume. Note that this field cannot - be set when spec.os.name is windows." format: int64 type: integer fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines - behavior of changing ownership and - permission of the volume before being - exposed inside Pod. This field will - only apply to volume types which support - fsGroup based ownership(and permissions). - It will have no effect on ephemeral - volume types such as: secret, configmaps - and emptydir. Valid values are "OnRootMismatch" - and "Always". If not specified, "Always" - is used. Note that this field cannot - be set when spec.os.name is windows.' type: string runAsGroup: - description: The GID to run the entrypoint - of the container process. Uses runtime - default if unset. May also be set - in SecurityContext. If set in both - SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence for that container. - Note that this field cannot be set - when spec.os.name is windows. format: int64 type: integer runAsNonRoot: - description: Indicates that the container - must run as a non-root user. If true, - the Kubelet will validate the image - at runtime to ensure that it does - not run as UID 0 (root) and fail to - start the container if it does. If - unset or false, no such validation - will be performed. May also be set - in SecurityContext. If set in both - SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint - of the container process. Defaults - to user specified in image metadata - if unspecified. May also be set in - SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value - specified in SecurityContext takes - precedence for that container. Note - that this field cannot be set when - spec.os.name is windows. format: int64 type: integer seLinuxOptions: - description: The SELinux context to - be applied to all containers. If unspecified, - the container runtime will allocate - a random SELinux context for each - container. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence for that container. - Note that this field cannot be set - when spec.os.name is windows. properties: level: - description: Level is SELinux level - label that applies to the container. type: string role: - description: Role is a SELinux role - label that applies to the container. type: string type: - description: Type is a SELinux type - label that applies to the container. type: string user: - description: User is a SELinux user - label that applies to the container. type: string type: object seccompProfile: - description: The seccomp options to - use by the containers in this pod. - Note that this field cannot be set - when spec.os.name is windows. properties: localhostProfile: - description: localhostProfile indicates - a profile defined in a file on - the node should be used. The profile - must be preconfigured on the node - to work. Must be a descending - path, relative to the kubelet's - configured seccomp profile location. - Must be set if type is "Localhost". - Must NOT be set for any other - type. type: string type: - description: "type indicates which - kind of seccomp profile will be - applied. Valid options are: \n - Localhost - a profile defined - in a file on the node should be - used. RuntimeDefault - the container - runtime default profile should - be used. Unconfined - no profile - should be applied." type: string required: - type type: object supplementalGroups: - description: A list of groups applied - to the first process run in each container, - in addition to the container's primary - GID, the fsGroup (if specified), and - group memberships defined in the container - image for the uid of the container - process. If unspecified, no additional - groups are added to any container. - Note that group memberships defined - in the container image for the uid - of the container process are still - effective, even if they are not included - in this list. Note that this field - cannot be set when spec.os.name is - windows. items: format: int64 type: integer type: array x-kubernetes-list-type: atomic sysctls: - description: Sysctls hold a list of - namespaced sysctls used for the pod. - Pods with unsupported sysctls (by - the container runtime) might fail - to launch. Note that this field cannot - be set when spec.os.name is windows. items: - description: Sysctl defines a kernel - parameter to be set properties: name: - description: Name of a property - to set type: string value: - description: Value of a property - to set type: string required: - name @@ -33964,196 +11132,53 @@ spec: type: array x-kubernetes-list-type: atomic windowsOptions: - description: The Windows specific settings - applied to all containers. If unspecified, - the options within a container's SecurityContext - will be used. If set in both SecurityContext - and PodSecurityContext, the value - specified in SecurityContext takes - precedence. Note that this field cannot - be set when spec.os.name is linux. properties: gmsaCredentialSpec: - description: GMSACredentialSpec - is where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA - credential spec named by the GMSACredentialSpecName - field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName - is the name of the GMSA credential - spec to use. type: string hostProcess: - description: HostProcess determines - if a container should be run as - a 'Host Process' container. All - of a Pod's containers must have - the same effective HostProcess - value (it is not allowed to have - a mix of HostProcess containers - and non-HostProcess containers). - In addition, if HostProcess is - true then HostNetwork must also - be set to true. type: boolean runAsUserName: - description: The UserName in Windows - to run the entrypoint of the container - process. Defaults to the user - specified in image metadata if - unspecified. May also be set in - PodSecurityContext. If set in - both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. type: string type: object type: object serviceAccountName: - description: 'ServiceAccountName is the - name of the ServiceAccount to use to run - this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' type: string shareProcessNamespace: - description: 'Share a single process namespace - between all of the containers in a pod. - When this is set containers will be able - to view and signal processes from other - containers in the same pod, and the first - process in each container will not be - assigned PID 1. HostPID and ShareProcessNamespace - cannot both be set. Optional: Default - to false.' type: boolean terminationGracePeriodSeconds: - description: Optional duration in seconds - the pod needs to terminate gracefully. - May be decreased in delete request. Value - must be non-negative integer. The value - zero indicates stop immediately via the - kill signal (no opportunity to shut down). - If this value is nil, the default grace - period will be used instead. The grace - period is the duration in seconds after - the processes running in the pod are sent - a termination signal and the time when - the processes are forcibly halted with - a kill signal. Set this value longer than - the expected cleanup time for your process. - Defaults to 30 seconds. format: int64 type: integer tolerations: - description: If specified, the pod's tolerations. items: - description: The pod this Toleration is - attached to tolerates any taint that - matches the triple - using the matching operator . properties: effect: - description: Effect indicates the - taint effect to match. Empty means - match all taint effects. When specified, - allowed values are NoSchedule, PreferNoSchedule - and NoExecute. type: string key: - description: Key is the taint key - that the toleration applies to. - Empty means match all taint keys. - If the key is empty, operator must - be Exists; this combination means - to match all values and all keys. type: string operator: - description: Operator represents a - key's relationship to the value. - Valid operators are Exists and Equal. - Defaults to Equal. Exists is equivalent - to wildcard for value, so that a - pod can tolerate all taints of a - particular category. type: string tolerationSeconds: - description: TolerationSeconds represents - the period of time the toleration - (which must be of effect NoExecute, - otherwise this field is ignored) - tolerates the taint. By default, - it is not set, which means tolerate - the taint forever (do not evict). - Zero and negative values will be - treated as 0 (evict immediately) - by the system. format: int64 type: integer value: - description: Value is the taint value - the toleration matches to. If the - operator is Exists, the value should - be empty, otherwise just a regular - string. type: string type: object type: array topologySpreadConstraints: - description: TopologySpreadConstraints describes - how a group of pods ought to spread across - topology domains. Scheduler will schedule - pods in a way which abides by the constraints. - All topologySpreadConstraints are ANDed. items: - description: TopologySpreadConstraint - specifies how to spread matching pods - among the given topology. properties: labelSelector: - description: LabelSelector is used - to find matching pods. Pods that - match this label selector are counted - to determine the number of pods - in their corresponding topology - domain. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, a key, - and an operator that relates - the key and values. properties: key: - description: key is the - label key that the selector - applies to. type: string operator: - description: operator represents - a key's relationship to - a set of values. Valid - operators are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values is an - array of string values. - If the operator is In - or NotIn, the values array - must be non-empty. If - the operator is Exists - or DoesNotExist, the values - array must be empty. This - array is replaced during - a strategic merge patch. items: type: string type: array @@ -34167,192 +11192,27 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a - map of {key,value} pairs. A - single {key,value} in the matchLabels - map is equivalent to an element - of matchExpressions, whose key - field is "key", the operator - is "In", and the values array - contains only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: "MatchLabelKeys is a - set of pod label keys to select - the pods over which spreading will - be calculated. The keys are used - to lookup values from the incoming - pod labels, those key-value labels - are ANDed with labelSelector to - select the group of existing pods - over which spreading will be calculated - for the incoming pod. The same key - is forbidden to exist in both MatchLabelKeys - and LabelSelector. MatchLabelKeys - cannot be set when LabelSelector - isn't set. Keys that don't exist - in the incoming pod labels will - be ignored. A null or empty list - means only match against labelSelector. - \n This is a beta field and requires - the MatchLabelKeysInPodTopologySpread - feature gate to be enabled (enabled - by default)." items: type: string type: array x-kubernetes-list-type: atomic maxSkew: - description: 'MaxSkew describes the - degree to which pods may be unevenly - distributed. When `whenUnsatisfiable=DoNotSchedule`, - it is the maximum permitted difference - between the number of matching pods - in the target topology and the global - minimum. The global minimum is the - minimum number of matching pods - in an eligible domain or zero if - the number of eligible domains is - less than MinDomains. For example, - in a 3-zone cluster, MaxSkew is - set to 1, and pods with the same - labelSelector spread as 2/2/1: In - this case, the global minimum is - 1. | zone1 | zone2 | zone3 | | P - P | P P | P | - if MaxSkew - is 1, incoming pod can only be scheduled - to zone3 to become 2/2/2; scheduling - it onto zone1(zone2) would make - the ActualSkew(3-1) on zone1(zone2) - violate MaxSkew(1). - if MaxSkew - is 2, incoming pod can be scheduled - onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, - it is used to give higher precedence - to topologies that satisfy it. It''s - a required field. Default value - is 1 and 0 is not allowed.' format: int32 type: integer minDomains: - description: "MinDomains indicates - a minimum number of eligible domains. - When the number of eligible domains - with matching topology keys is less - than minDomains, Pod Topology Spread - treats \"global minimum\" as 0, - and then the calculation of Skew - is performed. And when the number - of eligible domains with matching - topology keys equals or greater - than minDomains, this value has - no effect on scheduling. As a result, - when the number of eligible domains - is less than minDomains, scheduler - won't schedule more than maxSkew - Pods to those domains. If value - is nil, the constraint behaves as - if MinDomains is equal to 1. Valid - values are integers greater than - 0. When value is not nil, WhenUnsatisfiable - must be DoNotSchedule. \n For example, - in a 3-zone cluster, MaxSkew is - set to 2, MinDomains is set to 5 - and pods with the same labelSelector - spread as 2/2/2: | zone1 | zone2 - | zone3 | | P P | P P | P P - \ | The number of domains is less - than 5(MinDomains), so \"global - minimum\" is treated as 0. In this - situation, new pod with the same - labelSelector cannot be scheduled, - because computed skew will be 3(3 - - 0) if new Pod is scheduled to - any of the three zones, it will - violate MaxSkew." format: int32 type: integer nodeAffinityPolicy: - description: "NodeAffinityPolicy indicates - how we will treat Pod's nodeAffinity/nodeSelector - when calculating pod topology spread - skew. Options are: - Honor: only - nodes matching nodeAffinity/nodeSelector - are included in the calculations. - - Ignore: nodeAffinity/nodeSelector - are ignored. All nodes are included - in the calculations. \n If this - value is nil, the behavior is equivalent - to the Honor policy. This is a beta-level - feature default enabled by the NodeInclusionPolicyInPodTopologySpread - feature flag." type: string nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates - how we will treat node taints when - calculating pod topology spread - skew. Options are: - Honor: nodes - without taints, along with tainted - nodes for which the incoming pod - has a toleration, are included. - - Ignore: node taints are ignored. - All nodes are included. \n If this - value is nil, the behavior is equivalent - to the Ignore policy. This is a - beta-level feature default enabled - by the NodeInclusionPolicyInPodTopologySpread - feature flag." type: string topologyKey: - description: TopologyKey is the key - of node labels. Nodes that have - a label with this key and identical - values are considered to be in the - same topology. We consider each - as a "bucket", and - try to put balanced number of pods - into each bucket. We define a domain - as a particular instance of a topology. - Also, we define an eligible domain - as a domain whose nodes meet the - requirements of nodeAffinityPolicy - and nodeTaintsPolicy. e.g. If TopologyKey - is "kubernetes.io/hostname", each - Node is a domain of that topology. - And, if TopologyKey is "topology.kubernetes.io/zone", - each zone is a domain of that topology. - It's a required field. type: string whenUnsatisfiable: - description: 'WhenUnsatisfiable indicates - how to deal with a pod if it doesn''t - satisfy the spread constraint. - - DoNotSchedule (default) tells the - scheduler not to schedule it. - - ScheduleAnyway tells the scheduler - to schedule the pod in any location, - but giving higher precedence to - topologies that would help reduce - the skew. A constraint is considered - "Unsatisfiable" for an incoming - pod if and only if every possible - node assignment for that pod would - violate "MaxSkew" on some topology. - For example, in a 3-zone cluster, - MaxSkew is set to 1, and pods with - the same labelSelector spread as - 3/1/1: | zone1 | zone2 | zone3 | - | P P P | P | P | If WhenUnsatisfiable - is set to DoNotSchedule, incoming - pod can only be scheduled to zone2(zone3) - to become 3/2/1(3/1/2) as ActualSkew(2-1) - on zone2(zone3) satisfies MaxSkew(1). - In other words, the cluster can - still be imbalanced, but scheduler - won''t make it *more* imbalanced. - It''s a required field.' type: string required: - maxSkew @@ -34365,78 +11225,21 @@ spec: - whenUnsatisfiable x-kubernetes-list-type: map volumeMounts: - description: Pod volumes to mount into the - container's filesystem. Cannot be updated. items: - description: VolumeMount describes a mounting - of a Volume within a container. properties: mountPath: - description: Path within the container - at which the volume should be mounted. Must - not contain ':'. type: string mountPropagation: - description: mountPropagation determines - how mounts are propagated from the - host to container and the other - way around. When not set, MountPropagationNone - is used. This field is beta in 1.10. - When RecursiveReadOnly is set to - IfPossible or to Enabled, MountPropagation - must be None or unspecified (which - defaults to None). type: string name: - description: This must match the Name - of a Volume. type: string readOnly: - description: Mounted read-only if - true, read-write otherwise (false - or unspecified). Defaults to false. type: boolean recursiveReadOnly: - description: "RecursiveReadOnly specifies - whether read-only mounts should - be handled recursively. \n If ReadOnly - is false, this field has no meaning - and must be unspecified. \n If ReadOnly - is true, and this field is set to - Disabled, the mount is not made - recursively read-only. If this - field is set to IfPossible, the - mount is made recursively read-only, - if it is supported by the container - runtime. If this field is set to - Enabled, the mount is made recursively - read-only if it is supported by - the container runtime, otherwise - the pod will not be started and - an error will be generated to indicate - the reason. \n If this field is - set to IfPossible or Enabled, MountPropagation - must be set to None (or be unspecified, - which defaults to None). \n If this - field is not specified, it is treated - as an equivalent of Disabled." type: string subPath: - description: Path within the volume - from which the container's volume - should be mounted. Defaults to "" - (volume's root). type: string subPathExpr: - description: Expanded path within - the volume from which the container's - volume should be mounted. Behaves - similarly to SubPath but environment - variable references $(VAR_NAME) - are expanded using the container's - environment. Defaults to "" (volume's - root). SubPathExpr and SubPath are - mutually exclusive. type: string required: - mountPath @@ -34444,333 +11247,109 @@ spec: type: object type: array volumes: - description: 'List of volumes that can be - mounted by containers belonging to the - pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' items: - description: Volume represents a named - volume in a pod that may be accessed - by any container in the pod. properties: awsElasticBlockStore: - description: 'awsElasticBlockStore - represents an AWS Disk resource - that is attached to a kubelet''s - host machine and then exposed to - the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' properties: fsType: - description: 'fsType is the filesystem - type of the volume that you - want to mount. Tip: Ensure that - the filesystem type is supported - by the host operating system. - Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors - in the filesystem from compromising - the machine' type: string partition: - description: 'partition is the - partition in the volume that - you want to mount. If omitted, - the default is to mount by volume - name. Examples: For volume /dev/sda1, - you specify the partition as - "1". Similarly, the volume partition - for /dev/sda is "0" (or you - can leave the property empty).' format: int32 type: integer readOnly: - description: 'readOnly value true - will force the readOnly setting - in VolumeMounts. More info: - https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: boolean volumeID: - description: 'volumeID is unique - ID of the persistent disk resource - in AWS (Amazon EBS volume). - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: string required: - volumeID type: object azureDisk: - description: azureDisk represents - an Azure Data Disk mount on the - host and bind mount to the pod. properties: cachingMode: - description: 'cachingMode is the - Host Caching mode: None, Read - Only, Read Write.' type: string diskName: - description: diskName is the Name - of the data disk in the blob - storage type: string diskURI: - description: diskURI is the URI - of data disk in the blob storage type: string fsType: - description: fsType is Filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. type: string kind: - description: 'kind expected values - are Shared: multiple blob disks - per storage account Dedicated: - single blob disk per storage - account Managed: azure managed - data disk (only in managed availability - set). defaults to shared' type: string readOnly: - description: readOnly Defaults - to false (read/write). ReadOnly - here will force the ReadOnly - setting in VolumeMounts. type: boolean required: - diskName - diskURI type: object azureFile: - description: azureFile represents - an Azure File Service mount on the - host and bind mount to the pod. properties: readOnly: - description: readOnly defaults - to false (read/write). ReadOnly - here will force the ReadOnly - setting in VolumeMounts. type: boolean secretName: - description: secretName is the name - of secret that contains Azure - Storage Account Name and Key type: string shareName: - description: shareName is the - azure share Name type: string required: - secretName - shareName type: object cephfs: - description: cephFS represents a Ceph - FS mount on the host that shares - a pod's lifetime properties: monitors: - description: 'monitors is Required: - Monitors is a collection of - Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' items: type: string type: array x-kubernetes-list-type: atomic path: - description: 'path is Optional: - Used as the mounted root, rather - than the full Ceph tree, default - is /' type: string readOnly: - description: 'readOnly is Optional: - Defaults to false (read/write). - ReadOnly here will force the - ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: boolean secretFile: - description: 'secretFile is Optional: - SecretFile is the path to key - ring for User, default is /etc/ceph/user.secret - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string secretRef: - description: 'secretRef is Optional: - SecretRef is reference to the - authentication secret for User, - default is empty. More info: - https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' properties: name: default: "" - description: 'Name of the - referent. This field is - effectively required, but - due to backwards compatibility - is allowed to be empty. - Instances of this type with - an empty value here are - almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is optional: - User is the rados user name, - default is admin More info: - https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string required: - monitors type: object cinder: - description: 'cinder represents a - cinder volume attached and mounted - on kubelets host machine. More info: - https://examples.k8s.io/mysql-cinder-pd/README.md' properties: fsType: - description: 'fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred - to be "ext4" if unspecified. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string readOnly: - description: 'readOnly defaults - to false (read/write). ReadOnly - here will force the ReadOnly - setting in VolumeMounts. More - info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: boolean secretRef: - description: 'secretRef is optional: - points to a secret object containing - parameters used to connect to - OpenStack.' properties: name: default: "" - description: 'Name of the - referent. This field is - effectively required, but - due to backwards compatibility - is allowed to be empty. - Instances of this type with - an empty value here are - almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic volumeID: - description: 'volumeID used to - identify the volume in cinder. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string required: - volumeID type: object configMap: - description: configMap represents - a configMap that should populate - this volume properties: defaultMode: - description: 'defaultMode is optional: - mode bits used to set permissions - on created files by default. - Must be an octal value between - 0000 and 0777 or a decimal value - between 0 and 511. YAML accepts - both octal and decimal values, - JSON requires decimal values - for mode bits. Defaults to 0644. - Directories within the path - are not affected by this setting. - This might be in conflict with - other options that affect the - file mode, like fsGroup, and - the result can be other mode - bits set.' format: int32 type: integer items: - description: items if unspecified, - each key-value pair in the Data - field of the referenced ConfigMap - will be projected into the volume - as a file whose name is the - key and content is the value. - If specified, the listed keys - will be projected into the specified - paths, and unlisted keys will - not be present. If a key is - specified which is not present - in the ConfigMap, the volume - setup will error unless it is - marked optional. Paths must - be relative and may not contain - the '..' path or start with - '..'. items: - description: Maps a string key - to a path within a volume. properties: key: - description: key is the - key to project. type: string mode: - description: 'mode is Optional: - mode bits used to set - permissions on this file. - Must be an octal value - between 0000 and 0777 - or a decimal value between - 0 and 511. YAML accepts - both octal and decimal - values, JSON requires - decimal values for mode - bits. If not specified, - the volume defaultMode - will be used. This might - be in conflict with other - options that affect the - file mode, like fsGroup, - and the result can be - other mode bits set.' format: int32 type: integer path: - description: path is the - relative path of the file - to map the key to. May - not be an absolute path. - May not contain the path - element '..'. May not - start with the string - '..'. type: string required: - key @@ -34780,217 +11359,67 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional specify - whether the ConfigMap or its - keys must be defined type: boolean type: object x-kubernetes-map-type: atomic csi: - description: csi (Container Storage - Interface) represents ephemeral - storage that is handled by certain - external CSI drivers (Beta feature). properties: driver: - description: driver is the name - of the CSI driver that handles - this volume. Consult with your - admin for the correct name as - registered in the cluster. type: string fsType: - description: fsType to mount. - Ex. "ext4", "xfs", "ntfs". If - not provided, the empty value - is passed to the associated - CSI driver which will determine - the default filesystem to apply. type: string nodePublishSecretRef: - description: nodePublishSecretRef - is a reference to the secret - object containing sensitive - information to pass to the CSI - driver to complete the CSI NodePublishVolume - and NodeUnpublishVolume calls. - This field is optional, and may - be empty if no secret is required. - If the secret object contains - more than one secret, all secret - references are passed. properties: name: default: "" - description: 'Name of the - referent. This field is - effectively required, but - due to backwards compatibility - is allowed to be empty. - Instances of this type with - an empty value here are - almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic readOnly: - description: readOnly specifies - a read-only configuration for - the volume. Defaults to false - (read/write). type: boolean volumeAttributes: additionalProperties: type: string - description: volumeAttributes - stores driver-specific properties - that are passed to the CSI driver. - Consult your driver's documentation - for supported values. type: object required: - driver type: object downwardAPI: - description: downwardAPI represents - downward API about the pod that - should populate this volume properties: defaultMode: - description: 'Optional: mode bits - to use on created files by default. - Must be a Optional: mode bits - used to set permissions on created - files by default. Must be an - octal value between 0000 and - 0777 or a decimal value between - 0 and 511. YAML accepts both - octal and decimal values, JSON - requires decimal values for - mode bits. Defaults to 0644. - Directories within the path - are not affected by this setting. - This might be in conflict with - other options that affect the - file mode, like fsGroup, and - the result can be other mode - bits set.' format: int32 type: integer items: - description: Items is a list of - downward API volume file items: - description: DownwardAPIVolumeFile - represents information to - create the file containing - the pod field properties: fieldRef: - description: 'Required: - Selects a field of the - pod: only annotations, - labels, name, namespace - and uid are supported.' properties: apiVersion: - description: Version - of the schema the - FieldPath is written - in terms of, defaults - to "v1". type: string fieldPath: - description: Path of - the field to select - in the specified API - version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: - mode bits used to set - permissions on this file, - must be an octal value - between 0000 and 0777 - or a decimal value between - 0 and 511. YAML accepts - both octal and decimal - values, JSON requires - decimal values for mode - bits. If not specified, - the volume defaultMode - will be used. This might - be in conflict with other - options that affect the - file mode, like fsGroup, - and the result can be - other mode bits set.' format: int32 type: integer path: - description: 'Required: - Path is the relative - path name of the file - to be created. Must not - be absolute or contain - the ''..'' path. Must - be utf-8 encoded. The - first item of the relative - path must not start with - ''..''' type: string resourceFieldRef: - description: 'Selects a - resource of the container: - only resources limits - and requests (limits.cpu, - limits.memory, requests.cpu - and requests.memory) are - currently supported.' properties: containerName: - description: 'Container - name: required for - volumes, optional - for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies - the output format - of the exposed resources, - defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: - resource to select' type: string required: - resource @@ -35003,294 +11432,50 @@ spec: x-kubernetes-list-type: atomic type: object emptyDir: - description: 'emptyDir represents - a temporary directory that shares - a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' properties: medium: - description: 'medium represents - what type of storage medium - should back this directory. - The default is "" which means - to use the node''s default medium. - Must be an empty string (default) - or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: anyOf: - type: integer - type: string - description: 'sizeLimit is the - total amount of local storage - required for this EmptyDir volume. - The size limit is also applicable - for memory medium. The maximum - usage on memory medium EmptyDir - would be the minimum value between - the SizeLimit specified here - and the sum of memory limits - of all containers in a pod. - The default is nil which means - that the limit is undefined. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object ephemeral: - description: "ephemeral represents - a volume that is handled by a cluster - storage driver. The volume's lifecycle - is tied to the pod that defines - it - it will be created before the - pod starts, and deleted when the - pod is removed. \n Use this if: - a) the volume is only needed while - the pod runs, b) features of normal - volumes like restoring from snapshot - or capacity tracking are needed, - c) the storage driver is specified - through a storage class, and d) - the storage driver supports dynamic - volume provisioning through a PersistentVolumeClaim - (see EphemeralVolumeSource for more - information on the connection between - this volume type and PersistentVolumeClaim). - \n Use PersistentVolumeClaim or - one of the vendor-specific APIs - for volumes that persist for longer - than the lifecycle of an individual - pod. \n Use CSI for light-weight - local ephemeral volumes if the CSI - driver is meant to be used that - way - see the documentation of the - driver for more information. \n - A pod can use both types of ephemeral - volumes and persistent volumes at - the same time." properties: volumeClaimTemplate: - description: "Will be used to - create a stand-alone PVC to - provision the volume. The pod - in which this EphemeralVolumeSource - is embedded will be the owner - of the PVC, i.e. the PVC will - be deleted together with the - pod. The name of the PVC will - be `-` - where `` is the - name from the `PodSpec.Volumes` - array entry. Pod validation - will reject the pod if the concatenated - name is not valid for a PVC - (for example, too long). \n - An existing PVC with that name - that is not owned by the pod - will *not* be used for the pod - to avoid using an unrelated - volume by mistake. Starting - the pod is then blocked until - the unrelated PVC is removed. - If such a pre-created PVC is - meant to be used by the pod, - the PVC has to updated with - an owner reference to the pod - once the pod exists. Normally - this should not be necessary, - but it may be useful when manually - reconstructing a broken cluster. - \n This field is read-only and - no changes will be made by Kubernetes - to the PVC after it has been - created. \n Required, must not - be nil." properties: metadata: - description: May contain labels - and annotations that will - be copied into the PVC when - creating it. No other fields - are allowed and will be - rejected during validation. properties: annotations: additionalProperties: type: string - description: 'Annotations - is an unstructured key - value map stored with - a resource that may - be set by external tools - to store and retrieve - arbitrary metadata. - They are not queryable - and should be preserved - when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations' type: object generateName: - description: "GenerateName - is an optional prefix, - used by the server, - to generate a unique - name ONLY IF the Name - field has not been provided. - If this field is used, - the name returned to - the client will be different - than the name passed. - This value will also - be combined with a unique - suffix. The provided - value has the same validation - rules as the Name field, - and may be truncated - by the length of the - suffix required to make - the value unique on - the server. \n If this - field is specified and - the generated name exists, - the server will NOT - return a 409 - instead, - it will either return - 201 Created or 500 with - Reason ServerTimeout - indicating a unique - name could not be found - in the time allotted, - and the client should - retry (optionally after - the time indicated in - the Retry-After header). - \n Applied only if Name - is not specified. More - info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" type: string labels: additionalProperties: type: string - description: 'Map of string - keys and values that - can be used to organize - and categorize (scope - and select) objects. - May match selectors - of replication controllers - and services. More info: - http://kubernetes.io/docs/user-guide/labels' type: object name: - description: 'Name must - be unique within a namespace. - Is required when creating - resources, although - some resources may allow - a client to request - the generation of an - appropriate name automatically. - Name is primarily intended - for creation idempotence - and configuration definition. - Cannot be updated. More - info: http://kubernetes.io/docs/user-guide/identifiers#names' type: string namespace: - description: "Namespace - defines the space within - each name must be unique. - An empty namespace is - equivalent to the \"default\" - namespace, but \"default\" - is the canonical representation. - Not all objects are - required to be scoped - to a namespace - the - value of this field - for those objects will - be empty. \n Must be - a DNS_LABEL. Cannot - be updated. More info: - http://kubernetes.io/docs/user-guide/namespaces" type: string ownerReferences: - description: List of objects - depended by this object. - If ALL objects in the - list have been deleted, - this object will be - garbage collected. If - this object is managed - by a controller, then - an entry in this list - will point to this controller, - with the controller - field set to true. There - cannot be more than - one managing controller. items: - description: OwnerReference - contains enough information - to let you identify - an owning object. - An owning object must - be in the same namespace - as the dependent, - or be cluster-scoped, - so there is no namespace - field. properties: apiVersion: - description: API - version of the - referent. type: string blockOwnerDeletion: - description: If - true, AND if the - owner has the - "foregroundDeletion" - finalizer, then - the owner cannot - be deleted from - the key-value - store until this - reference is removed. - See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion - for how the garbage - collector interacts - with this field - and enforces the - foreground deletion. - Defaults to false. - To set this field, - a user needs "delete" - permission of - the owner, otherwise - 422 (Unprocessable - Entity) will be - returned. type: boolean controller: - description: If - true, this reference - points to the - managing controller. type: boolean kind: - description: 'Kind - of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string name: - description: 'Name - of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: - description: 'UID - of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -35302,73 +11487,19 @@ spec: type: array type: object spec: - description: The specification - for the PersistentVolumeClaim. - The entire content is copied - unchanged into the PVC that - gets created from this template. - The same fields as in a - PersistentVolumeClaim are - also valid here. properties: accessModes: - description: 'accessModes - contains the desired - access modes the volume - should have. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array x-kubernetes-list-type: atomic dataSource: - description: 'dataSource - field can be used to - specify either: * An - existing VolumeSnapshot - object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or - an external controller - can support the specified - data source, it will - create a new volume - based on the contents - of the specified data - source. When the AnyVolumeDataSource - feature gate is enabled, - dataSource contents - will be copied to dataSourceRef, - and dataSourceRef contents - will be copied to dataSource - when dataSourceRef.namespace - is not specified. If - the namespace is specified, - then dataSourceRef will - not be copied to dataSource.' properties: apiGroup: - description: APIGroup - is the group for - the resource being - referenced. If APIGroup - is not specified, - the specified Kind - must be in the core - API group. For any - other third-party - types, APIGroup - is required. type: string kind: - description: Kind - is the type of resource - being referenced type: string name: - description: Name - is the name of resource - being referenced type: string required: - kind @@ -35376,134 +11507,20 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef - specifies the object - from which to populate - the volume with data, - if a non-empty volume - is desired. This may - be any object from a - non-empty API group - (non core object) or - a PersistentVolumeClaim - object. When this field - is specified, volume - binding will only succeed - if the type of the specified - object matches some - installed volume populator - or dynamic provisioner. - This field will replace - the functionality of - the dataSource field - and as such if both - fields are non-empty, - they must have the same - value. For backwards - compatibility, when - namespace isn''t specified - in dataSourceRef, both - fields (dataSource and - dataSourceRef) will - be set to the same value - automatically if one - of them is empty and - the other is non-empty. - When namespace is specified - in dataSourceRef, dataSource - isn''t set to the same - value and must be empty. - There are three important - differences between - dataSource and dataSourceRef: - * While dataSource only - allows two specific - types of objects, dataSourceRef - allows any non-core - object, as well as PersistentVolumeClaim - objects. * While dataSource - ignores disallowed values - (dropping them), dataSourceRef - preserves all values, - and generates an error - if a disallowed value - is specified. * While - dataSource only allows - local objects, dataSourceRef - allows objects in any - namespaces. (Beta) Using - this field requires - the AnyVolumeDataSource - feature gate to be enabled. - (Alpha) Using the namespace - field of dataSourceRef - requires the CrossNamespaceVolumeDataSource - feature gate to be enabled.' properties: apiGroup: - description: APIGroup - is the group for - the resource being - referenced. If APIGroup - is not specified, - the specified Kind - must be in the core - API group. For any - other third-party - types, APIGroup - is required. type: string kind: - description: Kind - is the type of resource - being referenced type: string name: - description: Name - is the name of resource - being referenced type: string namespace: - description: Namespace - is the namespace - of resource being - referenced Note - that when a namespace - is specified, a - gateway.networking.k8s.io/ReferenceGrant - object is required - in the referent - namespace to allow - that namespace's - owner to accept - the reference. See - the ReferenceGrant - documentation for - details. (Alpha) - This field requires - the CrossNamespaceVolumeDataSource - feature gate to - be enabled. type: string required: - kind - name type: object resources: - description: 'resources - represents the minimum - resources the volume - should have. If RecoverVolumeExpansionFailure - feature is enabled users - are allowed to specify - resource requirements - that are lower than - previous value but must - still be higher than - capacity recorded in - the status field of - the claim. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: @@ -35512,11 +11529,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits - describes the maximum - amount of compute - resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -35525,81 +11537,18 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests - describes the minimum - amount of compute - resources required. - If Requests is omitted - for a container, - it defaults to Limits - if that is explicitly - specified, otherwise - to an implementation-defined - value. Requests - cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: - description: selector - is a label query over - volumes to consider - for binding. properties: matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements - are ANDed. items: - description: A label - selector requirement - is a selector - that contains - values, a key, - and an operator - that relates the - key and values. properties: key: - description: key - is the label - key that the - selector applies - to. type: string operator: - description: operator - represents - a key's relationship - to a set of - values. Valid - operators - are In, NotIn, - Exists and - DoesNotExist. type: string values: - description: values - is an array - of string - values. If - the operator - is In or NotIn, - the values - array must - be non-empty. - If the operator - is Exists - or DoesNotExist, - the values - array must - be empty. - This array - is replaced - during a strategic - merge patch. items: type: string type: array @@ -35613,84 +11562,16 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single - {key,value} in the - matchLabels map - is equivalent to - an element of matchExpressions, - whose key field - is "key", the operator - is "In", and the - values array contains - only "value". The - requirements are - ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName - is the name of the StorageClass - required by the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeAttributesClassName: - description: 'volumeAttributesClassName - may be used to set the - VolumeAttributesClass - used by this claim. - If specified, the CSI - driver will create or - update the volume with - the attributes defined - in the corresponding - VolumeAttributesClass. - This has a different - purpose than storageClassName, - it can be changed after - the claim is created. - An empty string value - means that no VolumeAttributesClass - will be applied to the - claim but it''s not - allowed to reset this - field to empty string - once it is set. If unspecified - and the PersistentVolumeClaim - is unbound, the default - VolumeAttributesClass - will be set by the persistentvolume - controller if it exists. - If the resource referred - to by volumeAttributesClass - does not exist, this - PersistentVolumeClaim - will be set to a Pending - state, as reflected - by the modifyVolumeStatus - field, until such as - a resource exists. More - info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field - requires the VolumeAttributesClass - feature gate to be enabled.' type: string volumeMode: - description: volumeMode - defines what type of - volume is required by - the claim. Value of - Filesystem is implied - when not included in - claim spec. type: string volumeName: - description: volumeName - is the binding reference - to the PersistentVolume - backing this claim. type: string type: object required: @@ -35698,109 +11579,41 @@ spec: type: object type: object fc: - description: fc represents a Fibre - Channel resource that is attached - to a kubelet's host machine and - then exposed to the pod. properties: fsType: - description: 'fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. TODO: how do - we prevent errors in the filesystem - from compromising the machine' type: string lun: - description: 'lun is Optional: - FC target lun number' format: int32 type: integer readOnly: - description: 'readOnly is Optional: - Defaults to false (read/write). - ReadOnly here will force the - ReadOnly setting in VolumeMounts.' type: boolean targetWWNs: - description: 'targetWWNs is Optional: - FC target worldwide names (WWNs)' items: type: string type: array x-kubernetes-list-type: atomic wwids: - description: 'wwids Optional: - FC volume world wide identifiers - (wwids) Either wwids or combination - of targetWWNs and lun must be - set, but not both simultaneously.' items: type: string type: array x-kubernetes-list-type: atomic type: object flexVolume: - description: flexVolume represents - a generic volume resource that is - provisioned/attached using an exec - based plugin. properties: driver: - description: driver is the name - of the driver to use for this - volume. type: string fsType: - description: fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - The default filesystem depends - on FlexVolume script. type: string options: additionalProperties: type: string - description: 'options is Optional: - this field holds extra command - options if any.' type: object readOnly: - description: 'readOnly is Optional: - defaults to false (read/write). - ReadOnly here will force the - ReadOnly setting in VolumeMounts.' type: boolean secretRef: - description: 'secretRef is Optional: - secretRef is reference to the - secret object containing sensitive - information to pass to the plugin - scripts. This may be empty if - no secret object is specified. - If the secret object contains - more than one secret, all secrets - are passed to the plugin scripts.' properties: name: default: "" - description: 'Name of the - referent. This field is - effectively required, but - due to backwards compatibility - is allowed to be empty. - Instances of this type with - an empty value here are - almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic @@ -35808,229 +11621,79 @@ spec: - driver type: object flocker: - description: flocker represents a - Flocker volume attached to a kubelet's - host machine. This depends on the - Flocker control service being running properties: datasetName: - description: datasetName is Name - of the dataset stored as metadata - -> name on the dataset for Flocker - should be considered as deprecated type: string datasetUUID: - description: datasetUUID is the - UUID of the dataset. This is - unique identifier of a Flocker - dataset type: string type: object gcePersistentDisk: - description: 'gcePersistentDisk represents - a GCE Disk resource that is attached - to a kubelet''s host machine and - then exposed to the pod. More info: - https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' properties: fsType: - description: 'fsType is filesystem - type of the volume that you - want to mount. Tip: Ensure that - the filesystem type is supported - by the host operating system. - Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors - in the filesystem from compromising - the machine' type: string partition: - description: 'partition is the - partition in the volume that - you want to mount. If omitted, - the default is to mount by volume - name. Examples: For volume /dev/sda1, - you specify the partition as - "1". Similarly, the volume partition - for /dev/sda is "0" (or you - can leave the property empty). - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' format: int32 type: integer pdName: - description: 'pdName is unique - name of the PD resource in GCE. - Used to identify the disk in - GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: string readOnly: - description: 'readOnly here will - force the ReadOnly setting in - VolumeMounts. Defaults to false. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: boolean required: - pdName type: object glusterfs: - description: 'glusterfs represents - a Glusterfs mount on the host that - shares a pod''s lifetime. More info: - https://examples.k8s.io/volumes/glusterfs/README.md' properties: endpoints: - description: 'endpoints is the - endpoint name that details Glusterfs - topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string path: - description: 'path is the Glusterfs - volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string readOnly: - description: 'readOnly here will - force the Glusterfs volume to - be mounted with read-only permissions. - Defaults to false. More info: - https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: boolean required: - endpoints - path type: object hostPath: - description: 'hostPath represents - a pre-existing file or directory - on the host machine that is directly - exposed to the container. This is - generally used for system agents - or other privileged things that - are allowed to see the host machine. - Most containers will NOT need this. - More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict - who can use host directory mounts - and who can/can not mount host directories - as read/write.' properties: path: - description: 'path of the directory - on the host. If the path is - a symlink, it will follow the - link to the real path. More - info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string type: - description: 'type for HostPath - Volume Defaults to "" More info: - https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string required: - path type: object iscsi: - description: 'iscsi represents an - ISCSI Disk resource that is attached - to a kubelet''s host machine and - then exposed to the pod. More info: - https://examples.k8s.io/volumes/iscsi/README.md' properties: chapAuthDiscovery: - description: chapAuthDiscovery - defines whether support iSCSI - Discovery CHAP authentication type: boolean chapAuthSession: - description: chapAuthSession defines - whether support iSCSI Session - CHAP authentication type: boolean fsType: - description: 'fsType is the filesystem - type of the volume that you - want to mount. Tip: Ensure that - the filesystem type is supported - by the host operating system. - Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors - in the filesystem from compromising - the machine' type: string initiatorName: - description: initiatorName is - the custom iSCSI Initiator Name. - If initiatorName is specified - with iscsiInterface simultaneously, - new iSCSI interface : will be - created for the connection. type: string iqn: - description: iqn is the target - iSCSI Qualified Name. type: string iscsiInterface: - description: iscsiInterface is - the interface Name that uses - an iSCSI transport. Defaults - to 'default' (tcp). type: string lun: - description: lun represents iSCSI - Target Lun number. format: int32 type: integer portals: - description: portals is the iSCSI - Target Portal List. The portal - is either an IP or ip_addr:port - if the port is other than default - (typically TCP ports 860 and - 3260). items: type: string type: array x-kubernetes-list-type: atomic readOnly: - description: readOnly here will - force the ReadOnly setting in - VolumeMounts. Defaults to false. type: boolean secretRef: - description: secretRef is the - CHAP Secret for iSCSI target - and initiator authentication properties: name: default: "" - description: 'Name of the - referent. This field is - effectively required, but - due to backwards compatibility - is allowed to be empty. - Instances of this type with - an empty value here are - almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic targetPortal: - description: targetPortal is iSCSI - Target Portal. The Portal is - either an IP or ip_addr:port - if the port is other than default - (typically TCP ports 860 and - 3260). type: string required: - iqn @@ -36038,235 +11701,68 @@ spec: - targetPortal type: object name: - description: 'name of the volume. - Must be a DNS_LABEL and unique within - the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string nfs: - description: 'nfs represents an NFS - mount on the host that shares a - pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' properties: path: - description: 'path that is exported - by the NFS server. More info: - https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string readOnly: - description: 'readOnly here will - force the NFS export to be mounted - with read-only permissions. - Defaults to false. More info: - https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: boolean server: - description: 'server is the hostname - or IP address of the NFS server. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string required: - path - server type: object persistentVolumeClaim: - description: 'persistentVolumeClaimVolumeSource - represents a reference to a PersistentVolumeClaim - in the same namespace. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: claimName: - description: 'claimName is the - name of a PersistentVolumeClaim - in the same namespace as the - pod using this volume. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' type: string readOnly: - description: readOnly Will force - the ReadOnly setting in VolumeMounts. - Default false. type: boolean required: - claimName type: object photonPersistentDisk: - description: photonPersistentDisk - represents a PhotonController persistent - disk attached and mounted on kubelets - host machine properties: fsType: - description: fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. type: string pdID: - description: pdID is the ID that - identifies Photon Controller - persistent disk type: string required: - pdID type: object portworxVolume: - description: portworxVolume represents - a portworx volume attached and mounted - on kubelets host machine properties: fsType: - description: fSType represents - the filesystem type to mount - Must be a filesystem type supported - by the host operating system. - Ex. "ext4", "xfs". Implicitly - inferred to be "ext4" if unspecified. type: string readOnly: - description: readOnly defaults - to false (read/write). ReadOnly - here will force the ReadOnly - setting in VolumeMounts. type: boolean volumeID: - description: volumeID uniquely - identifies a Portworx volume type: string required: - volumeID type: object projected: - description: projected items for all - in one resources secrets, configmaps, - and downward API properties: defaultMode: - description: defaultMode are the - mode bits used to set permissions - on created files by default. - Must be an octal value between - 0000 and 0777 or a decimal value - between 0 and 511. YAML accepts - both octal and decimal values, - JSON requires decimal values - for mode bits. Directories within - the path are not affected by - this setting. This might be - in conflict with other options - that affect the file mode, like - fsGroup, and the result can - be other mode bits set. format: int32 type: integer sources: - description: sources is the list - of volume projections items: - description: Projection that - may be projected along with - other supported volume types properties: clusterTrustBundle: - description: "ClusterTrustBundle - allows a pod to access - the `.spec.trustBundle` - field of ClusterTrustBundle - objects in an auto-updating - file. \n Alpha, gated - by the ClusterTrustBundleProjection - feature gate. \n ClusterTrustBundle - objects can either be - selected by name, or by - the combination of signer - name and a label selector. - \n Kubelet performs aggressive - normalization of the PEM - contents written into - the pod filesystem. Esoteric - PEM features such as inter-block - comments and block headers - are stripped. Certificates - are deduplicated. The - ordering of certificates - within the file is arbitrary, - and Kubelet may change - the order over time." properties: labelSelector: - description: Select - all ClusterTrustBundles - that match this label - selector. Only has - effect if signerName - is set. Mutually-exclusive - with name. If unset, - interpreted as "match - nothing". If set - but empty, interpreted - as "match everything". properties: matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements - are ANDed. items: - description: A - label selector - requirement - is a selector - that contains - values, a key, - and an operator - that relates - the key and - values. properties: key: - description: key - is the label - key that - the selector - applies - to. type: string operator: - description: operator - represents - a key's - relationship - to a set - of values. - Valid operators - are In, - NotIn, Exists - and DoesNotExist. type: string values: - description: values - is an array - of string - values. - If the operator - is In or - NotIn, the - values array - must be - non-empty. - If the operator - is Exists - or DoesNotExist, - the values - array must - be empty. - This array - is replaced - during a - strategic - merge patch. items: type: string type: array @@ -36280,153 +11776,31 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single - {key,value} in - the matchLabels - map is equivalent - to an element - of matchExpressions, - whose key field - is "key", the - operator is "In", - and the values - array contains - only "value". - The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic name: - description: Select - a single ClusterTrustBundle - by object name. Mutually-exclusive - with signerName and - labelSelector. type: string optional: - description: If true, - don't block pod startup - if the referenced - ClusterTrustBundle(s) - aren't available. If - using name, then the - named ClusterTrustBundle - is allowed not to - exist. If using signerName, - then the combination - of signerName and - labelSelector is allowed - to match zero ClusterTrustBundles. type: boolean path: - description: Relative - path from the volume - root to write the - bundle. type: string signerName: - description: Select - all ClusterTrustBundles - that match this signer - name. Mutually-exclusive - with name. The contents - of all selected ClusterTrustBundles - will be unified and - deduplicated. type: string required: - path type: object configMap: - description: configMap information - about the configMap data - to project properties: items: - description: items if - unspecified, each - key-value pair in - the Data field of - the referenced ConfigMap - will be projected - into the volume as - a file whose name - is the key and content - is the value. If specified, - the listed keys will - be projected into - the specified paths, - and unlisted keys - will not be present. - If a key is specified - which is not present - in the ConfigMap, - the volume setup will - error unless it is - marked optional. Paths - must be relative and - may not contain the - '..' path or start - with '..'. items: - description: Maps - a string key to - a path within a - volume. properties: key: - description: key - is the key to - project. type: string mode: - description: 'mode - is Optional: - mode bits used - to set permissions - on this file. - Must be an octal - value between - 0000 and 0777 - or a decimal - value between - 0 and 511. YAML - accepts both - octal and decimal - values, JSON - requires decimal - values for mode - bits. If not - specified, the - volume defaultMode - will be used. - This might be - in conflict - with other options - that affect - the file mode, - like fsGroup, - and the result - can be other - mode bits set.' format: int32 type: integer path: - description: path - is the relative - path of the - file to map - the key to. - May not be an - absolute path. - May not contain - the path element - '..'. May not - start with the - string '..'. type: string required: - key @@ -36436,162 +11810,42 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of - the referent. This - field is effectively - required, but due - to backwards compatibility - is allowed to be empty. - Instances of this - type with an empty - value here are almost - certainly wrong. TODO: - Add other useful fields. - apiVersion, kind, - uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional - specify whether the - ConfigMap or its keys - must be defined type: boolean type: object x-kubernetes-map-type: atomic downwardAPI: - description: downwardAPI - information about the - downwardAPI data to project properties: items: - description: Items is - a list of DownwardAPIVolume - file items: - description: DownwardAPIVolumeFile - represents information - to create the file - containing the pod - field properties: fieldRef: - description: 'Required: - Selects a field - of the pod: - only annotations, - labels, name, - namespace and - uid are supported.' properties: apiVersion: - description: Version - of the schema - the FieldPath - is written - in terms - of, defaults - to "v1". type: string fieldPath: - description: Path - of the field - to select - in the specified - API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: - mode bits used - to set permissions - on this file, - must be an octal - value between - 0000 and 0777 - or a decimal - value between - 0 and 511. YAML - accepts both - octal and decimal - values, JSON - requires decimal - values for mode - bits. If not - specified, the - volume defaultMode - will be used. - This might be - in conflict - with other options - that affect - the file mode, - like fsGroup, - and the result - can be other - mode bits set.' format: int32 type: integer path: - description: 'Required: - Path is the - relative path - name of the - file to be created. - Must not be - absolute or - contain the - ''..'' path. - Must be utf-8 - encoded. The - first item of - the relative - path must not - start with ''..''' type: string resourceFieldRef: - description: 'Selects - a resource of - the container: - only resources - limits and requests - (limits.cpu, - limits.memory, - requests.cpu - and requests.memory) - are currently - supported.' properties: containerName: - description: 'Container - name: required - for volumes, - optional - for env - vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies - the output - format of - the exposed - resources, - defaults - to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: - resource - to select' type: string required: - resource @@ -36604,92 +11858,16 @@ spec: x-kubernetes-list-type: atomic type: object secret: - description: secret information - about the secret data - to project properties: items: - description: items if - unspecified, each - key-value pair in - the Data field of - the referenced Secret - will be projected - into the volume as - a file whose name - is the key and content - is the value. If specified, - the listed keys will - be projected into - the specified paths, - and unlisted keys - will not be present. - If a key is specified - which is not present - in the Secret, the - volume setup will - error unless it is - marked optional. Paths - must be relative and - may not contain the - '..' path or start - with '..'. items: - description: Maps - a string key to - a path within a - volume. properties: key: - description: key - is the key to - project. type: string mode: - description: 'mode - is Optional: - mode bits used - to set permissions - on this file. - Must be an octal - value between - 0000 and 0777 - or a decimal - value between - 0 and 511. YAML - accepts both - octal and decimal - values, JSON - requires decimal - values for mode - bits. If not - specified, the - volume defaultMode - will be used. - This might be - in conflict - with other options - that affect - the file mode, - like fsGroup, - and the result - can be other - mode bits set.' format: int32 type: integer path: - description: path - is the relative - path of the - file to map - the key to. - May not be an - absolute path. - May not contain - the path element - '..'. May not - start with the - string '..'. type: string required: - key @@ -36699,78 +11877,19 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of - the referent. This - field is effectively - required, but due - to backwards compatibility - is allowed to be empty. - Instances of this - type with an empty - value here are almost - certainly wrong. TODO: - Add other useful fields. - apiVersion, kind, - uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional - field specify whether - the Secret or its - key must be defined type: boolean type: object x-kubernetes-map-type: atomic serviceAccountToken: - description: serviceAccountToken - is information about the - serviceAccountToken data - to project properties: audience: - description: audience - is the intended audience - of the token. A recipient - of a token must identify - itself with an identifier - specified in the audience - of the token, and - otherwise should reject - the token. The audience - defaults to the identifier - of the apiserver. type: string expirationSeconds: - description: expirationSeconds - is the requested duration - of validity of the - service account token. - As the token approaches - expiration, the kubelet - volume plugin will - proactively rotate - the service account - token. The kubelet - will start trying - to rotate the token - if the token is older - than 80 percent of - its time to live or - if the token is older - than 24 hours.Defaults - to 1 hour and must - be at least 10 minutes. format: int64 type: integer path: - description: path is - the path relative - to the mount point - of the file to project - the token into. type: string required: - path @@ -36780,214 +11899,79 @@ spec: x-kubernetes-list-type: atomic type: object quobyte: - description: quobyte represents a - Quobyte mount on the host that shares - a pod's lifetime properties: group: - description: group to map volume - access to Default is no group type: string readOnly: - description: readOnly here will - force the Quobyte volume to - be mounted with read-only permissions. - Defaults to false. type: boolean registry: - description: registry represents - a single or multiple Quobyte - Registry services specified - as a string as host:port pair - (multiple entries are separated - with commas) which acts as the - central registry for volumes type: string tenant: - description: tenant owning the - given Quobyte volume in the - Backend Used with dynamically - provisioned Quobyte volumes, - value is set by the plugin type: string user: - description: user to map volume - access to Defaults to serivceaccount - user type: string volume: - description: volume is a string - that references an already created - Quobyte volume by name. type: string required: - registry - volume type: object rbd: - description: 'rbd represents a Rados - Block Device mount on the host that - shares a pod''s lifetime. More info: - https://examples.k8s.io/volumes/rbd/README.md' properties: fsType: - description: 'fsType is the filesystem - type of the volume that you - want to mount. Tip: Ensure that - the filesystem type is supported - by the host operating system. - Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors - in the filesystem from compromising - the machine' type: string image: - description: 'image is the rados - image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string keyring: - description: 'keyring is the path - to key ring for RBDUser. Default - is /etc/ceph/keyring. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string monitors: - description: 'monitors is a collection - of Ceph monitors. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' items: type: string type: array x-kubernetes-list-type: atomic pool: - description: 'pool is the rados - pool name. Default is rbd. More - info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string readOnly: - description: 'readOnly here will - force the ReadOnly setting in - VolumeMounts. Defaults to false. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: boolean secretRef: - description: 'secretRef is name - of the authentication secret - for RBDUser. If provided overrides - keyring. Default is nil. More - info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' properties: name: default: "" - description: 'Name of the - referent. This field is - effectively required, but - due to backwards compatibility - is allowed to be empty. - Instances of this type with - an empty value here are - almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is the rados - user name. Default is admin. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string required: - image - monitors type: object scaleIO: - description: scaleIO represents a - ScaleIO persistent volume attached - and mounted on Kubernetes nodes. properties: fsType: - description: fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Default is "xfs". type: string gateway: - description: gateway is the host - address of the ScaleIO API Gateway. type: string protectionDomain: - description: protectionDomain - is the name of the ScaleIO Protection - Domain for the configured storage. type: string readOnly: - description: readOnly Defaults - to false (read/write). ReadOnly - here will force the ReadOnly - setting in VolumeMounts. type: boolean secretRef: - description: secretRef references - to the secret for ScaleIO user - and other sensitive information. - If this is not provided, Login - operation will fail. properties: name: default: "" - description: 'Name of the - referent. This field is - effectively required, but - due to backwards compatibility - is allowed to be empty. - Instances of this type with - an empty value here are - almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic sslEnabled: - description: sslEnabled Flag enable/disable - SSL communication with Gateway, - default false type: boolean storageMode: - description: storageMode indicates - whether the storage for a volume - should be ThickProvisioned or - ThinProvisioned. Default is - ThinProvisioned. type: string storagePool: - description: storagePool is the - ScaleIO Storage Pool associated - with the protection domain. type: string system: - description: system is the name - of the storage system as configured - in ScaleIO. type: string volumeName: - description: volumeName is the - name of a volume already created - in the ScaleIO system that is - associated with this volume - source. type: string required: - gateway @@ -36995,84 +11979,19 @@ spec: - system type: object secret: - description: 'secret represents a - secret that should populate this - volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' properties: defaultMode: - description: 'defaultMode is Optional: - mode bits used to set permissions - on created files by default. - Must be an octal value between - 0000 and 0777 or a decimal value - between 0 and 511. YAML accepts - both octal and decimal values, - JSON requires decimal values - for mode bits. Defaults to 0644. - Directories within the path - are not affected by this setting. - This might be in conflict with - other options that affect the - file mode, like fsGroup, and - the result can be other mode - bits set.' format: int32 type: integer items: - description: items If unspecified, - each key-value pair in the Data - field of the referenced Secret - will be projected into the volume - as a file whose name is the - key and content is the value. - If specified, the listed keys - will be projected into the specified - paths, and unlisted keys will - not be present. If a key is - specified which is not present - in the Secret, the volume setup - will error unless it is marked - optional. Paths must be relative - and may not contain the '..' - path or start with '..'. items: - description: Maps a string key - to a path within a volume. properties: key: - description: key is the - key to project. type: string mode: - description: 'mode is Optional: - mode bits used to set - permissions on this file. - Must be an octal value - between 0000 and 0777 - or a decimal value between - 0 and 511. YAML accepts - both octal and decimal - values, JSON requires - decimal values for mode - bits. If not specified, - the volume defaultMode - will be used. This might - be in conflict with other - options that affect the - file mode, like fsGroup, - and the result can be - other mode bits set.' format: int32 type: integer path: - description: path is the - relative path of the file - to map the key to. May - not be an absolute path. - May not contain the path - element '..'. May not - start with the string - '..'. type: string required: - key @@ -37081,113 +12000,37 @@ spec: type: array x-kubernetes-list-type: atomic optional: - description: optional field specify - whether the Secret or its keys - must be defined type: boolean secretName: - description: 'secretName is the - name of the secret in the pod''s - namespace to use. More info: - https://kubernetes.io/docs/concepts/storage/volumes#secret' type: string type: object storageos: - description: storageOS represents - a StorageOS volume attached and - mounted on Kubernetes nodes. properties: fsType: - description: fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. type: string readOnly: - description: readOnly defaults - to false (read/write). ReadOnly - here will force the ReadOnly - setting in VolumeMounts. type: boolean secretRef: - description: secretRef specifies - the secret to use for obtaining - the StorageOS API credentials. If - not specified, default values - will be attempted. properties: name: default: "" - description: 'Name of the - referent. This field is - effectively required, but - due to backwards compatibility - is allowed to be empty. - Instances of this type with - an empty value here are - almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic volumeName: - description: volumeName is the - human-readable name of the StorageOS - volume. Volume names are only - unique within a namespace. type: string volumeNamespace: - description: volumeNamespace specifies - the scope of the volume within - StorageOS. If no namespace - is specified then the Pod's - namespace will be used. This - allows the Kubernetes name scoping - to be mirrored within StorageOS - for tighter integration. Set - VolumeName to any name to override - the default behaviour. Set to - "default" if you are not using - namespaces within StorageOS. - Namespaces that do not pre-exist - within StorageOS will be created. type: string type: object vsphereVolume: - description: vsphereVolume represents - a vSphere volume attached and mounted - on kubelets host machine properties: fsType: - description: fsType is filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. type: string storagePolicyID: - description: storagePolicyID is - the storage Policy Based Management - (SPBM) profile ID associated - with the StoragePolicyName. type: string storagePolicyName: - description: storagePolicyName - is the storage Policy Based - Management (SPBM) profile name. type: string volumePath: - description: volumePath is the - path that identifies vSphere - volume vmdk type: string required: - volumePath @@ -37199,40 +12042,18 @@ spec: type: object type: object ttlSecondsAfterFinished: - description: ttlSecondsAfterFinished limits the - lifetime of a Job that has finished execution - (either Complete or Failed). If this field is - set, ttlSecondsAfterFinished after the Job finishes, - it is eligible to be automatically deleted. When - the Job is being deleted, its lifecycle guarantees - (e.g. finalizers) will be honored. If this field - is unset, the Job won't be automatically deleted. - If this field is set to zero, the Job becomes - eligible to be deleted immediately after it finishes. - This field is alpha-level and is only honored - by servers that enable the TTLAfterFinished feature. format: int32 type: integer type: object schedule: - description: The schedule in Cron format, see https://en.wikipedia.org/wiki/Cron. type: string startingDeadlineSeconds: - description: Optional deadline in seconds for starting - the job if it misses scheduled time for any reason. Missed - jobs executions will be counted as failed ones. format: int64 type: integer successfulJobsHistoryLimit: - description: The number of successful finished jobs - to retain. Value must be non-negative integer. Defaults - to 3. format: int32 type: integer suspend: - description: This flag tells the controller to suspend - subsequent executions, it does not apply to already - started executions. Defaults to false. type: boolean required: - jobTemplate @@ -37240,92 +12061,41 @@ spec: type: object sessionHistoryLimit: default: 1 - description: SessionHistoryLimit specifies how many backup - Jobs and associate resources KubeStash should keep for - debugging purpose. The default value is 1. format: int32 type: integer type: object type: array type: object subjects: - description: Subjects specify a list of subject to which this BackupBlueprint - is applicable. KubeStash will start watcher for these resources. - Multiple BackupBlueprints can have common subject. The watcher will - find the appropriate blueprint from its annotations. items: - description: TypeMeta describes an individual object in an API response - or request with strings representing the type of the object and - its API schema version. Structures that are versioned or persisted - should inline TypeMeta. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this - representation of an object. Servers should convert recognized - schemas to the latest internal value, and may reject unrecognized - values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource - this object represents. Servers may infer this from the endpoint - the client submits requests to. Cannot be updated. In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string type: object type: array usagePolicy: - description: UsagePolicy specifies a policy of how this BackupBlueprint - will be used. For example, you can use `allowedNamespaces` policy - to restrict the usage of this BackupBlueprint to particular namespaces. - This field is optional. If you don't provide the usagePolicy, then - it can be used only from the current namespace. properties: allowedNamespaces: - description: AllowedNamespaces specifies which namespaces are - allowed to use the resource properties: from: default: Same - description: 'From indicates how to select the namespaces - that are allowed to use this resource. Possible values are: - * All: All namespaces can use this resource. * Selector: - Namespaces that matches the selector can use this resource. - * Same: Only current namespace can use the resource.' enum: - All - Selector - Same type: string selector: - description: Selector must be specified when From is set to - "Selector". In that case, only the selected namespaces are - allowed to use this resource. This field is ignored for - other values of "From". properties: matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. properties: key: - description: key is the label key that the selector - applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. items: type: string type: array @@ -37339,11 +12109,6 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic diff --git a/vendor/kubestash.dev/apimachinery/crds/core.kubestash.com_backupconfigurations.yaml b/vendor/kubestash.dev/apimachinery/crds/core.kubestash.com_backupconfigurations.yaml index bd2a3165..f6d8d3a5 100644 --- a/vendor/kubestash.dev/apimachinery/crds/core.kubestash.com_backupconfigurations.yaml +++ b/vendor/kubestash.dev/apimachinery/crds/core.kubestash.com_backupconfigurations.yaml @@ -33,73 +33,34 @@ spec: name: v1alpha1 schema: openAPIV3Schema: - description: BackupConfiguration specifies the configuration for taking backup - of a target application. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: BackupConfigurationSpec defines the target of backup, the - backends where the data will be stored, and the sessions that specifies - when and how to take backup. properties: backends: - description: "Backends specifies a list of storage references where - the backed up data will be stored. The respective BackupStorages - can be in a different namespace than the BackupConfiguration. However, - it must be allowed by the `usagePolicy` of the BackupStorage to - refer from this namespace. \n This field is optional, if you don't - provide any backend here, KubeStash will use the default BackupStorage - for the namespace. If a default BackupStorage does not exist in - the same namespace, then KubeStash will look for a default BackupStorage - in other namespaces that allows using it from the BackupConfiguration - namespace." items: - description: BackendReference specifies reference to a storage where - the backed up data will be stored. properties: name: - description: Name provides an identifier for this storage. type: string retentionPolicy: - description: RetentionPolicy refers to a RetentionPolicy CRs - which defines how to cleanup the old Snapshots. This field - is optional. If you don't provide this field, KubeStash will - use the default RetentionPolicy for the namespace. If there - is no default RetentionPolicy for the namespace, then KubeStash - will find a RetentionPolicy from other namespaces that is - allowed to use from the current namespace. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string required: - name type: object storageRef: - description: StorageRef refers to the CR that holds the information - of a storage. You can refer to the BackupStorage CR of a different - namespace as long as it is allowed by the `usagePolicy` of - the BackupStorage.` properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string required: - name @@ -107,154 +68,70 @@ spec: type: object type: array paused: - description: Paused indicates that the BackupConfiguration has been - paused from taking backup. Default value is 'false'. If you set - `paused` field to `true`, KubeStash will suspend the respective - backup triggering CronJob and skip processing any further events - for this BackupConfiguration. type: boolean sessions: - description: Sessions defines a list of session configuration that - specifies when and how to take backup. items: - description: Session specifies a backup session configuration for - the target properties: addon: - description: Addon specifies addon configuration that will be - used to backup the target. properties: containerRuntimeSettings: - description: ContainerRuntimeSettings specifies runtime - settings for the backup/restore executor container properties: env: - description: List of environment variables to set in - the container. Cannot be updated. items: - description: EnvVar represents an environment variable - present in a Container. properties: name: - description: Name of the environment variable. - Must be a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) - are expanded using the previously defined environment - variables in the container and any service environment - variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. - Double $$ are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" - will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless - of whether the variable exists or not. Defaults - to "".' type: string valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. properties: configMapKeyRef: - description: Selects a key of a ConfigMap. properties: key: - description: The key to select. type: string name: default: "" - description: 'Name of the referent. This - field is effectively required, but due - to backwards compatibility is allowed - to be empty. Instances of this type - with an empty value here are almost - certainly wrong. TODO: Add other useful - fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the ConfigMap - or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of the pod: - supports metadata.name, metadata.namespace, - `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, status.podIPs.' properties: apiVersion: - description: Version of the schema the - FieldPath is written in terms of, defaults - to "v1". type: string fieldPath: - description: Path of the field to select - in the specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, - requests.cpu, requests.memory and requests.ephemeral-storage) - are currently supported.' properties: containerName: - description: 'Container name: required - for volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output format - of the exposed resources, defaults to - "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to select' type: string required: - resource type: object x-kubernetes-map-type: atomic secretKeyRef: - description: Selects a key of a secret in - the pod's namespace properties: key: - description: The key of the secret to - select from. Must be a valid secret - key. type: string name: default: "" - description: 'Name of the referent. This - field is effectively required, but due - to backwards compatibility is allowed - to be empty. Instances of this type - with an empty value here are almost - certainly wrong. TODO: Add other useful - fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the Secret - or its key must be defined type: boolean required: - key @@ -266,70 +143,31 @@ spec: type: object type: array envFrom: - description: List of sources to populate environment - variables in the container. The keys defined within - a source must be a C_IDENTIFIER. All invalid keys - will be reported as an event when the container is - starting. When a key exists in multiple sources, the - value associated with the last source will take precedence. - Values defined by an Env with a duplicate key will - take precedence. Cannot be updated. items: - description: EnvFromSource represents the source of - a set of ConfigMaps properties: configMapRef: - description: The ConfigMap to select from properties: name: default: "" - description: 'Name of the referent. This field - is effectively required, but due to backwards - compatibility is allowed to be empty. Instances - of this type with an empty value here are - almost certainly wrong. TODO: Add other - useful fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the ConfigMap - must be defined type: boolean type: object x-kubernetes-map-type: atomic prefix: - description: An optional identifier to prepend - to each key in the ConfigMap. Must be a C_IDENTIFIER. type: string secretRef: - description: The Secret to select from properties: name: default: "" - description: 'Name of the referent. This field - is effectively required, but due to backwards - compatibility is allowed to be empty. Instances - of this type with an empty value here are - almost certainly wrong. TODO: Add other - useful fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the Secret must - be defined type: boolean type: object x-kubernetes-map-type: atomic type: object type: array ionice: - description: 'Settings to configure `ionice` to throttle - the load on disk. More info: http://kennystechtalk.blogspot.com/2015/04/throttling-cpu-usage-with-linux-cgroups.html - More info: https://oakbytes.wordpress.com/2012/06/06/linux-scheduler-cfs-and-nice/' properties: class: format: int32 @@ -339,61 +177,27 @@ spec: type: integer type: object lifecycle: - description: Actions that the management system should - take in response to container lifecycle events. Cannot - be updated. properties: postStart: - description: 'PostStart is called immediately after - a container is created. If the handler fails, - the container is terminated and restarted according - to its restart policy. Other management of the - container blocks until the hook completes. More - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line - to execute inside the container, the working - directory for the command is root ('/') - in the container's filesystem. The command - is simply exec'd, it is not run inside - a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, - you need to explicitly call out to that - shell. Exit status of 0 is treated as - live/healthy and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the http request - to perform. properties: host: - description: Host name to connect to, defaults - to the pod IP. You probably want to set - "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the - request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom - header to be used in HTTP probes properties: name: - description: The header field name. - This will be canonicalized upon - output, so case-variant names will - be understood as the same header. type: string value: - description: The header field value type: string required: - name @@ -402,119 +206,58 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the HTTP - server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. type: string required: - port type: object sleep: - description: Sleep represents the duration that - the container should sleep before being terminated. properties: seconds: - description: Seconds is the number of seconds - to sleep. format: int64 type: integer required: - seconds type: object tcpSocket: - description: Deprecated. TCPSocket is NOT supported - as a LifecycleHandler and kept for the backward - compatibility. There are no validation of - this field and lifecycle hooks will fail in - runtime when tcp handler is specified. properties: host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: - description: 'PreStop is called immediately before - a container is terminated due to an API request - or management event such as liveness/startup probe - failure, preemption, resource contention, etc. - The handler is not called if the container crashes - or exits. The Pod''s termination grace period - countdown begins before the PreStop hook is executed. - Regardless of the outcome of the handler, the - container will eventually terminate within the - Pod''s termination grace period (unless delayed - by finalizers). Other management of the container - blocks until the hook completes or until the termination - grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line - to execute inside the container, the working - directory for the command is root ('/') - in the container's filesystem. The command - is simply exec'd, it is not run inside - a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, - you need to explicitly call out to that - shell. Exit status of 0 is treated as - live/healthy and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the http request - to perform. properties: host: - description: Host name to connect to, defaults - to the pod IP. You probably want to set - "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the - request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom - header to be used in HTTP probes properties: name: - description: The header field name. - This will be canonicalized upon - output, so case-variant names will - be understood as the same header. type: string value: - description: The header field value type: string required: - name @@ -523,56 +266,33 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the HTTP - server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. type: string required: - port type: object sleep: - description: Sleep represents the duration that - the container should sleep before being terminated. properties: seconds: - description: Seconds is the number of seconds - to sleep. format: int64 type: integer required: - seconds type: object tcpSocket: - description: Deprecated. TCPSocket is NOT supported - as a LifecycleHandler and kept for the backward - compatibility. There are no validation of - this field and lifecycle hooks will fail in - runtime when tcp handler is specified. properties: host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -580,77 +300,38 @@ spec: type: object type: object livenessProbe: - description: 'Periodic probe of container liveness. - Container will be restarted if the probe fails. Cannot - be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line to - execute inside the container, the working - directory for the command is root ('/') in - the container's filesystem. The command is - simply exec'd, it is not run inside a shell, - so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is - treated as live/healthy and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive failures for the - probe to be considered failed after having succeeded. - Defaults to 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action involving - a GRPC port. properties: port: - description: Port number of the gRPC service. - Number must be in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name of the service - to place in the gRPC HealthCheckRequest (see - https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request - to perform. properties: host: - description: Host name to connect to, defaults - to the pod IP. You probably want to set "Host" - in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. items: - description: HTTPHeader describes a custom - header to be used in HTTP probes properties: name: - description: The header field name. This - will be canonicalized upon output, so - case-variant names will be understood - as the same header. type: string value: - description: The header field value type: string required: - name @@ -659,168 +340,84 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to - the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container - has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the - probe. Default to 10 seconds. Minimum value is - 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the - probe to be considered successful after having - failed. Defaults to 1. Must be 1 for liveness - and startup. Minimum value is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving - a TCP port. properties: host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds the pod - needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after - the processes running in the pod are sent a termination - signal and the time when the processes are forcibly - halted with a kill signal. Set this value longer - than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this value overrides - the value provided by the pod spec. Value must - be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity - to shut down). This is a beta field and requires - enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which the - probe times out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object nice: - description: 'Settings to configure `nice` to throttle - the load on cpu. More info: http://kennystechtalk.blogspot.com/2015/04/throttling-cpu-usage-with-linux-cgroups.html - More info: https://oakbytes.wordpress.com/2012/06/06/linux-scheduler-cfs-and-nice/' properties: adjustment: format: int32 type: integer type: object readinessProbe: - description: 'Periodic probe of container service readiness. - Container will be removed from service endpoints if - the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line to - execute inside the container, the working - directory for the command is root ('/') in - the container's filesystem. The command is - simply exec'd, it is not run inside a shell, - so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is - treated as live/healthy and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive failures for the - probe to be considered failed after having succeeded. - Defaults to 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action involving - a GRPC port. properties: port: - description: Port number of the gRPC service. - Number must be in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name of the service - to place in the gRPC HealthCheckRequest (see - https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request - to perform. properties: host: - description: Host name to connect to, defaults - to the pod IP. You probably want to set "Host" - in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. items: - description: HTTPHeader describes a custom - header to be used in HTTP probes properties: name: - description: The header field name. This - will be canonicalized upon output, so - case-variant names will be understood - as the same header. type: string value: - description: The header field value type: string required: - name @@ -829,107 +426,51 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to - the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container - has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the - probe. Default to 10 seconds. Minimum value is - 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the - probe to be considered successful after having - failed. Defaults to 1. Must be 1 for liveness - and startup. Minimum value is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving - a TCP port. properties: host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds the pod - needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after - the processes running in the pod are sent a termination - signal and the time when the processes are forcibly - halted with a kill signal. Set this value longer - than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this value overrides - the value provided by the pod spec. Value must - be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity - to shut down). This is a beta field and requires - enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which the - probe times out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object resources: - description: 'Compute Resources required by container. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' properties: claims: - description: "Claims lists the names of resources, - defined in spec.resourceClaims, that are used - by this container. \n This is an alpha field and - requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It can - only be set for containers." items: - description: ResourceClaim references one entry - in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of one - entry in pod.spec.resourceClaims of the - Pod where this field is used. It makes that - resource available inside a container. type: string required: - name @@ -945,8 +486,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount - of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -955,353 +494,124 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount - of compute resources required. If Requests is - omitted for a container, it defaults to Limits - if that is explicitly specified, otherwise to - an implementation-defined value. Requests cannot - exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: - description: 'Security options the pod should run with. - More info: https://kubernetes.io/docs/concepts/policy/security-context/ - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls - whether a process can gain more privileges than - its parent process. This bool directly controls - if the no_new_privs flag will be set on the container - process. AllowPrivilegeEscalation is true always - when the container is: 1) run as Privileged 2) - has CAP_SYS_ADMIN Note that this field cannot - be set when spec.os.name is windows.' type: boolean appArmorProfile: - description: appArmorProfile is the AppArmor options - to use by this container. If set, this profile - overrides the pod's appArmorProfile. Note that - this field cannot be set when spec.os.name is - windows. properties: localhostProfile: - description: localhostProfile indicates a profile - loaded on the node that should be used. The - profile must be preconfigured on the node - to work. Must match the loaded name of the - profile. Must be set if and only if type is - "Localhost". type: string type: - description: 'type indicates which kind of AppArmor - profile will be applied. Valid options are: - Localhost - a profile pre-loaded on the node. - RuntimeDefault - the container runtime''s - default profile. Unconfined - no AppArmor - enforcement.' type: string required: - type type: object capabilities: - description: The capabilities to add/drop when running - containers. Defaults to the default set of capabilities - granted by the container runtime. Note that this - field cannot be set when spec.os.name is windows. properties: add: - description: Added capabilities items: - description: Capability represent POSIX capabilities - type type: string type: array x-kubernetes-list-type: atomic drop: - description: Removed capabilities items: - description: Capability represent POSIX capabilities - type type: string type: array x-kubernetes-list-type: atomic type: object privileged: - description: Run container in privileged mode. Processes - in privileged containers are essentially equivalent - to root on the host. Defaults to false. Note that - this field cannot be set when spec.os.name is - windows. type: boolean procMount: - description: procMount denotes the type of proc - mount to use for the containers. The default is - DefaultProcMount which uses the container runtime - defaults for readonly paths and masked paths. - This requires the ProcMountType feature flag to - be enabled. Note that this field cannot be set - when spec.os.name is windows. type: string readOnlyRootFilesystem: - description: Whether this container has a read-only - root filesystem. Default is false. Note that this - field cannot be set when spec.os.name is windows. type: boolean runAsGroup: - description: The GID to run the entrypoint of the - container process. Uses runtime default if unset. - May also be set in PodSecurityContext. If set - in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name - is windows. format: int64 type: integer runAsNonRoot: - description: Indicates that the container must run - as a non-root user. If true, the Kubelet will - validate the image at runtime to ensure that it - does not run as UID 0 (root) and fail to start - the container if it does. If unset or false, no - such validation will be performed. May also be - set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in - SecurityContext takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint of the - container process. Defaults to user specified - in image metadata if unspecified. May also be - set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in - SecurityContext takes precedence. Note that this - field cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be applied to - the container. If unspecified, the container runtime - will allocate a random SELinux context for each - container. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name - is windows. properties: level: - description: Level is SELinux level label that - applies to the container. type: string role: - description: Role is a SELinux role label that - applies to the container. type: string type: - description: Type is a SELinux type label that - applies to the container. type: string user: - description: User is a SELinux user label that - applies to the container. type: string type: object seccompProfile: - description: The seccomp options to use by this - container. If seccomp options are provided at - both the pod & container level, the container - options override the pod options. Note that this - field cannot be set when spec.os.name is windows. properties: localhostProfile: - description: localhostProfile indicates a profile - defined in a file on the node should be used. - The profile must be preconfigured on the node - to work. Must be a descending path, relative - to the kubelet's configured seccomp profile - location. Must be set if type is "Localhost". - Must NOT be set for any other type. type: string type: - description: "type indicates which kind of seccomp - profile will be applied. Valid options are: - \n Localhost - a profile defined in a file - on the node should be used. RuntimeDefault - - the container runtime default profile should - be used. Unconfined - no profile should be - applied." type: string required: - type type: object windowsOptions: - description: The Windows specific settings applied - to all containers. If unspecified, the options - from the PodSecurityContext will be used. If set - in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name - is linux. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is where the - GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential - spec named by the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name - of the GMSA credential spec to use. type: string hostProcess: - description: HostProcess determines if a container - should be run as a 'Host Process' container. - All of a Pod's containers must have the same - effective HostProcess value (it is not allowed - to have a mix of HostProcess containers and - non-HostProcess containers). In addition, - if HostProcess is true then HostNetwork must - also be set to true. type: boolean runAsUserName: - description: The UserName in Windows to run - the entrypoint of the container process. Defaults - to the user specified in image metadata if - unspecified. May also be set in PodSecurityContext. - If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes - precedence. type: string type: object type: object type: object jobTemplate: - description: JobTemplate specifies runtime configurations - for the backup/restore Job properties: controller: - description: 'Workload controller''s metadata. More - info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' properties: annotations: additionalProperties: type: string - description: 'Annotations is an unstructured key - value map stored with a resource that may be set - by external tools to store and retrieve arbitrary - metadata. They are not queryable and should be - preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' type: object labels: additionalProperties: type: string - description: 'Map of string keys and values that - can be used to organize and categorize (scope - and select) objects. May match selectors of replication - controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' type: object type: object metadata: - description: 'Standard object''s metadata. More info: - https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' properties: annotations: additionalProperties: type: string - description: 'Annotations is an unstructured key - value map stored with a resource that may be set - by external tools to store and retrieve arbitrary - metadata. They are not queryable and should be - preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' type: object labels: additionalProperties: type: string - description: 'Map of string keys and values that - can be used to organize and categorize (scope - and select) objects. May match selectors of replication - controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' type: object type: object spec: - description: 'Specification of the desired behavior - of the pod. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status' properties: affinity: - description: If specified, the pod's scheduling - constraints properties: nodeAffinity: - description: Describes node affinity scheduling - rules for the pod. properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to - schedule pods to nodes that satisfy the - affinity expressions specified by this - field, but it may choose a node that violates - one or more of the expressions. The node - that is most preferred is the one with - the greatest sum of weights, i.e. for - each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a - sum by iterating through the elements - of this field and adding "weight" to the - sum if the node matches the corresponding - matchExpressions; the node(s) with the - highest sum are the most preferred. items: - description: An empty preferred scheduling - term matches all objects with implicit - weight 0 (i.e. it's a no-op). A null - preferred scheduling term matches no - objects (i.e. is also a no-op). properties: preference: - description: A node selector term, - associated with the corresponding - weight. properties: matchExpressions: - description: A list of node selector - requirements by node's labels. items: - description: A node selector - requirement is a selector - that contains values, a key, - and an operator that relates - the key and values. properties: key: - description: The label key - that the selector applies - to. type: string operator: - description: Represents - a key's relationship to - a set of values. Valid - operators are In, NotIn, - Exists, DoesNotExist. - Gt, and Lt. type: string values: - description: An array of - string values. If the - operator is In or NotIn, - the values array must - be non-empty. If the operator - is Exists or DoesNotExist, - the values array must - be empty. If the operator - is Gt or Lt, the values - array must have a single - element, which will be - interpreted as an integer. - This array is replaced - during a strategic merge - patch. items: type: string type: array @@ -1313,44 +623,13 @@ spec: type: array x-kubernetes-list-type: atomic matchFields: - description: A list of node selector - requirements by node's fields. items: - description: A node selector - requirement is a selector - that contains values, a key, - and an operator that relates - the key and values. properties: key: - description: The label key - that the selector applies - to. type: string operator: - description: Represents - a key's relationship to - a set of values. Valid - operators are In, NotIn, - Exists, DoesNotExist. - Gt, and Lt. type: string values: - description: An array of - string values. If the - operator is In or NotIn, - the values array must - be non-empty. If the operator - is Exists or DoesNotExist, - the values array must - be empty. If the operator - is Gt or Lt, the values - array must have a single - element, which will be - interpreted as an integer. - This array is replaced - during a strategic merge - patch. items: type: string type: array @@ -1364,9 +643,6 @@ spec: type: object x-kubernetes-map-type: atomic weight: - description: Weight associated with - matching the corresponding nodeSelectorTerm, - in the range 1-100. format: int32 type: integer required: @@ -1376,65 +652,18 @@ spec: type: array x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements - specified by this field are not met at - scheduling time, the pod will not be scheduled - onto the node. If the affinity requirements - specified by this field cease to be met - at some point during pod execution (e.g. - due to an update), the system may or may - not try to eventually evict the pod from - its node. properties: nodeSelectorTerms: - description: Required. A list of node - selector terms. The terms are ORed. items: - description: A null or empty node - selector term matches no objects. - The requirements of them are ANDed. - The TopologySelectorTerm type implements - a subset of the NodeSelectorTerm. properties: matchExpressions: - description: A list of node selector - requirements by node's labels. items: - description: A node selector - requirement is a selector - that contains values, a key, - and an operator that relates - the key and values. properties: key: - description: The label key - that the selector applies - to. type: string operator: - description: Represents - a key's relationship to - a set of values. Valid - operators are In, NotIn, - Exists, DoesNotExist. - Gt, and Lt. type: string values: - description: An array of - string values. If the - operator is In or NotIn, - the values array must - be non-empty. If the operator - is Exists or DoesNotExist, - the values array must - be empty. If the operator - is Gt or Lt, the values - array must have a single - element, which will be - interpreted as an integer. - This array is replaced - during a strategic merge - patch. items: type: string type: array @@ -1446,44 +675,13 @@ spec: type: array x-kubernetes-list-type: atomic matchFields: - description: A list of node selector - requirements by node's fields. items: - description: A node selector - requirement is a selector - that contains values, a key, - and an operator that relates - the key and values. properties: key: - description: The label key - that the selector applies - to. type: string operator: - description: Represents - a key's relationship to - a set of values. Valid - operators are In, NotIn, - Exists, DoesNotExist. - Gt, and Lt. type: string values: - description: An array of - string values. If the - operator is In or NotIn, - the values array must - be non-empty. If the operator - is Exists or DoesNotExist, - the values array must - be empty. If the operator - is Gt or Lt, the values - array must have a single - element, which will be - interpreted as an integer. - This array is replaced - during a strategic merge - patch. items: type: string type: array @@ -1504,87 +702,22 @@ spec: x-kubernetes-map-type: atomic type: object podAffinity: - description: Describes pod affinity scheduling - rules (e.g. co-locate this pod in the same - node, zone, etc. as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to - schedule pods to nodes that satisfy the - affinity expressions specified by this - field, but it may choose a node that violates - one or more of the expressions. The node - that is most preferred is the one with - the greatest sum of weights, i.e. for - each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a - sum by iterating through the elements - of this field and adding "weight" to the - sum if the node has pods which matches - the corresponding podAffinityTerm; the - node(s) with the highest sum are the most - preferred. items: - description: The weights of all of the - matched WeightedPodAffinityTerm fields - are added per-node to find the most - preferred node(s) properties: podAffinityTerm: - description: Required. A pod affinity - term, associated with the corresponding - weight. properties: labelSelector: - description: A label query over - a set of resources, in this - case pods. If it's null, this - PodAffinityTerm matches with - no Pods. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key and - values. properties: key: - description: key is - the label key that - the selector applies - to. type: string operator: - description: operator - represents a key's - relationship to a - set of values. Valid - operators are In, - NotIn, Exists and - DoesNotExist. type: string values: - description: values - is an array of string - values. If the operator - is In or NotIn, the - values array must - be non-empty. If the - operator is Exists - or DoesNotExist, the - values array must - be empty. This array - is replaced during - a strategic merge - patch. items: type: string type: array @@ -1598,129 +731,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in - the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is - a set of pod label keys to select - which pods will be taken into - consideration. The keys are - used to lookup values from the - incoming pod labels, those key-value - labels are merged with `labelSelector` - as `key in (value)` to select - the group of existing pods which - pods will be taken into consideration - for the incoming pod's pod (anti) - affinity. Keys that don't exist - in the incoming pod labels will - be ignored. The default value - is empty. The same key is forbidden - to exist in both matchLabelKeys - and labelSelector. Also, matchLabelKeys - cannot be set when labelSelector - isn't set. This is an alpha - field and requires enabling - MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys - is a set of pod label keys to - select which pods will be taken - into consideration. The keys - are used to lookup values from - the incoming pod labels, those - key-value labels are merged - with `labelSelector` as `key - notin (value)` to select the - group of existing pods which - pods will be taken into consideration - for the incoming pod's pod (anti) - affinity. Keys that don't exist - in the incoming pod labels will - be ignored. The default value - is empty. The same key is forbidden - to exist in both mismatchLabelKeys - and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector - isn't set. This is an alpha - field and requires enabling - MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over - the set of namespaces that the - term applies to. The term is - applied to the union of the - namespaces selected by this - field and the ones listed in - the namespaces field. null selector - and null or empty namespaces - list means "this pod's namespace". - An empty selector ({}) matches - all namespaces. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key and - values. properties: key: - description: key is - the label key that - the selector applies - to. type: string operator: - description: operator - represents a key's - relationship to a - set of values. Valid - operators are In, - NotIn, Exists and - DoesNotExist. type: string values: - description: values - is an array of string - values. If the operator - is In or NotIn, the - values array must - be non-empty. If the - operator is Exists - or DoesNotExist, the - values array must - be empty. This array - is replaced during - a strategic merge - patch. items: type: string type: array @@ -1734,55 +767,20 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in - the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies - a static list of namespace names - that the term applies to. The - term is applied to the union - of the namespaces listed in - this field and the ones selected - by namespaceSelector. null or - empty namespaces list and null - namespaceSelector means "this - pod's namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: - description: This pod should be - co-located (affinity) or not - co-located (anti-affinity) with - the pods matching the labelSelector - in the specified namespaces, - where co-located is defined - as running on a node whose value - of the label with key topologyKey - matches that of any node on - which any of the selected pods - is running. Empty topologyKey - is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with - matching the corresponding podAffinityTerm, - in the range 1-100. format: int32 type: integer required: @@ -1792,72 +790,18 @@ spec: type: array x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements - specified by this field are not met at - scheduling time, the pod will not be scheduled - onto the node. If the affinity requirements - specified by this field cease to be met - at some point during pod execution (e.g. - due to a pod label update), the system - may or may not try to eventually evict - the pod from its node. When there are - multiple elements, the lists of nodes - corresponding to each podAffinityTerm - are intersected, i.e. all terms must be - satisfied. items: - description: Defines a set of pods (namely - those matching the labelSelector relative - to the given namespace(s)) that this - pod should be co-located (affinity) - or not co-located (anti-affinity) with, - where co-located is defined as running - on a node whose value of the label with - key matches that of any - node on which a pod of the set of pods - is running properties: labelSelector: - description: A label query over a - set of resources, in this case pods. - If it's null, this PodAffinityTerm - matches with no Pods. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, a key, - and an operator that relates - the key and values. properties: key: - description: key is the - label key that the selector - applies to. type: string operator: - description: operator represents - a key's relationship to - a set of values. Valid - operators are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values is an - array of string values. - If the operator is In - or NotIn, the values array - must be non-empty. If - the operator is Exists - or DoesNotExist, the values - array must be empty. This - array is replaced during - a strategic merge patch. items: type: string type: array @@ -1871,115 +815,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a - map of {key,value} pairs. A - single {key,value} in the matchLabels - map is equivalent to an element - of matchExpressions, whose key - field is "key", the operator - is "In", and the values array - contains only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set - of pod label keys to select which - pods will be taken into consideration. - The keys are used to lookup values - from the incoming pod labels, those - key-value labels are merged with - `labelSelector` as `key in (value)` - to select the group of existing - pods which pods will be taken into - consideration for the incoming pod's - pod (anti) affinity. Keys that don't - exist in the incoming pod labels - will be ignored. The default value - is empty. The same key is forbidden - to exist in both matchLabelKeys - and labelSelector. Also, matchLabelKeys - cannot be set when labelSelector - isn't set. This is an alpha field - and requires enabling MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys is - a set of pod label keys to select - which pods will be taken into consideration. - The keys are used to lookup values - from the incoming pod labels, those - key-value labels are merged with - `labelSelector` as `key notin (value)` - to select the group of existing - pods which pods will be taken into - consideration for the incoming pod's - pod (anti) affinity. Keys that don't - exist in the incoming pod labels - will be ignored. The default value - is empty. The same key is forbidden - to exist in both mismatchLabelKeys - and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector - isn't set. This is an alpha field - and requires enabling MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the - set of namespaces that the term - applies to. The term is applied - to the union of the namespaces selected - by this field and the ones listed - in the namespaces field. null selector - and null or empty namespaces list - means "this pod's namespace". An - empty selector ({}) matches all - namespaces. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, a key, - and an operator that relates - the key and values. properties: key: - description: key is the - label key that the selector - applies to. type: string operator: - description: operator represents - a key's relationship to - a set of values. Valid - operators are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values is an - array of string values. - If the operator is In - or NotIn, the values array - must be non-empty. If - the operator is Exists - or DoesNotExist, the values - array must be empty. This - array is replaced during - a strategic merge patch. items: type: string type: array @@ -1993,43 +851,15 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a - map of {key,value} pairs. A - single {key,value} in the matchLabels - map is equivalent to an element - of matchExpressions, whose key - field is "key", the operator - is "In", and the values array - contains only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies - a static list of namespace names - that the term applies to. The term - is applied to the union of the namespaces - listed in this field and the ones - selected by namespaceSelector. null - or empty namespaces list and null - namespaceSelector means "this pod's - namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: - description: This pod should be co-located - (affinity) or not co-located (anti-affinity) - with the pods matching the labelSelector - in the specified namespaces, where - co-located is defined as running - on a node whose value of the label - with key topologyKey matches that - of any node on which any of the - selected pods is running. Empty - topologyKey is not allowed. type: string required: - topologyKey @@ -2038,87 +868,22 @@ spec: x-kubernetes-list-type: atomic type: object podAntiAffinity: - description: Describes pod anti-affinity scheduling - rules (e.g. avoid putting this pod in the - same node, zone, etc. as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to - schedule pods to nodes that satisfy the - anti-affinity expressions specified by - this field, but it may choose a node that - violates one or more of the expressions. - The node that is most preferred is the - one with the greatest sum of weights, - i.e. for each node that meets all of the - scheduling requirements (resource request, - requiredDuringScheduling anti-affinity - expressions, etc.), compute a sum by iterating - through the elements of this field and - adding "weight" to the sum if the node - has pods which matches the corresponding - podAffinityTerm; the node(s) with the - highest sum are the most preferred. items: - description: The weights of all of the - matched WeightedPodAffinityTerm fields - are added per-node to find the most - preferred node(s) properties: podAffinityTerm: - description: Required. A pod affinity - term, associated with the corresponding - weight. properties: labelSelector: - description: A label query over - a set of resources, in this - case pods. If it's null, this - PodAffinityTerm matches with - no Pods. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key and - values. properties: key: - description: key is - the label key that - the selector applies - to. type: string operator: - description: operator - represents a key's - relationship to a - set of values. Valid - operators are In, - NotIn, Exists and - DoesNotExist. type: string values: - description: values - is an array of string - values. If the operator - is In or NotIn, the - values array must - be non-empty. If the - operator is Exists - or DoesNotExist, the - values array must - be empty. This array - is replaced during - a strategic merge - patch. items: type: string type: array @@ -2132,129 +897,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in - the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is - a set of pod label keys to select - which pods will be taken into - consideration. The keys are - used to lookup values from the - incoming pod labels, those key-value - labels are merged with `labelSelector` - as `key in (value)` to select - the group of existing pods which - pods will be taken into consideration - for the incoming pod's pod (anti) - affinity. Keys that don't exist - in the incoming pod labels will - be ignored. The default value - is empty. The same key is forbidden - to exist in both matchLabelKeys - and labelSelector. Also, matchLabelKeys - cannot be set when labelSelector - isn't set. This is an alpha - field and requires enabling - MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys - is a set of pod label keys to - select which pods will be taken - into consideration. The keys - are used to lookup values from - the incoming pod labels, those - key-value labels are merged - with `labelSelector` as `key - notin (value)` to select the - group of existing pods which - pods will be taken into consideration - for the incoming pod's pod (anti) - affinity. Keys that don't exist - in the incoming pod labels will - be ignored. The default value - is empty. The same key is forbidden - to exist in both mismatchLabelKeys - and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector - isn't set. This is an alpha - field and requires enabling - MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over - the set of namespaces that the - term applies to. The term is - applied to the union of the - namespaces selected by this - field and the ones listed in - the namespaces field. null selector - and null or empty namespaces - list means "this pod's namespace". - An empty selector ({}) matches - all namespaces. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key and - values. properties: key: - description: key is - the label key that - the selector applies - to. type: string operator: - description: operator - represents a key's - relationship to a - set of values. Valid - operators are In, - NotIn, Exists and - DoesNotExist. type: string values: - description: values - is an array of string - values. If the operator - is In or NotIn, the - values array must - be non-empty. If the - operator is Exists - or DoesNotExist, the - values array must - be empty. This array - is replaced during - a strategic merge - patch. items: type: string type: array @@ -2268,55 +933,20 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in - the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies - a static list of namespace names - that the term applies to. The - term is applied to the union - of the namespaces listed in - this field and the ones selected - by namespaceSelector. null or - empty namespaces list and null - namespaceSelector means "this - pod's namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: - description: This pod should be - co-located (affinity) or not - co-located (anti-affinity) with - the pods matching the labelSelector - in the specified namespaces, - where co-located is defined - as running on a node whose value - of the label with key topologyKey - matches that of any node on - which any of the selected pods - is running. Empty topologyKey - is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with - matching the corresponding podAffinityTerm, - in the range 1-100. format: int32 type: integer required: @@ -2326,72 +956,18 @@ spec: type: array x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements - specified by this field are not met at - scheduling time, the pod will not be scheduled - onto the node. If the anti-affinity requirements - specified by this field cease to be met - at some point during pod execution (e.g. - due to a pod label update), the system - may or may not try to eventually evict - the pod from its node. When there are - multiple elements, the lists of nodes - corresponding to each podAffinityTerm - are intersected, i.e. all terms must be - satisfied. items: - description: Defines a set of pods (namely - those matching the labelSelector relative - to the given namespace(s)) that this - pod should be co-located (affinity) - or not co-located (anti-affinity) with, - where co-located is defined as running - on a node whose value of the label with - key matches that of any - node on which a pod of the set of pods - is running properties: labelSelector: - description: A label query over a - set of resources, in this case pods. - If it's null, this PodAffinityTerm - matches with no Pods. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, a key, - and an operator that relates - the key and values. properties: key: - description: key is the - label key that the selector - applies to. type: string operator: - description: operator represents - a key's relationship to - a set of values. Valid - operators are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values is an - array of string values. - If the operator is In - or NotIn, the values array - must be non-empty. If - the operator is Exists - or DoesNotExist, the values - array must be empty. This - array is replaced during - a strategic merge patch. items: type: string type: array @@ -2405,115 +981,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a - map of {key,value} pairs. A - single {key,value} in the matchLabels - map is equivalent to an element - of matchExpressions, whose key - field is "key", the operator - is "In", and the values array - contains only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set - of pod label keys to select which - pods will be taken into consideration. - The keys are used to lookup values - from the incoming pod labels, those - key-value labels are merged with - `labelSelector` as `key in (value)` - to select the group of existing - pods which pods will be taken into - consideration for the incoming pod's - pod (anti) affinity. Keys that don't - exist in the incoming pod labels - will be ignored. The default value - is empty. The same key is forbidden - to exist in both matchLabelKeys - and labelSelector. Also, matchLabelKeys - cannot be set when labelSelector - isn't set. This is an alpha field - and requires enabling MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys is - a set of pod label keys to select - which pods will be taken into consideration. - The keys are used to lookup values - from the incoming pod labels, those - key-value labels are merged with - `labelSelector` as `key notin (value)` - to select the group of existing - pods which pods will be taken into - consideration for the incoming pod's - pod (anti) affinity. Keys that don't - exist in the incoming pod labels - will be ignored. The default value - is empty. The same key is forbidden - to exist in both mismatchLabelKeys - and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector - isn't set. This is an alpha field - and requires enabling MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the - set of namespaces that the term - applies to. The term is applied - to the union of the namespaces selected - by this field and the ones listed - in the namespaces field. null selector - and null or empty namespaces list - means "this pod's namespace". An - empty selector ({}) matches all - namespaces. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, a key, - and an operator that relates - the key and values. properties: key: - description: key is the - label key that the selector - applies to. type: string operator: - description: operator represents - a key's relationship to - a set of values. Valid - operators are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values is an - array of string values. - If the operator is In - or NotIn, the values array - must be non-empty. If - the operator is Exists - or DoesNotExist, the values - array must be empty. This - array is replaced during - a strategic merge patch. items: type: string type: array @@ -2527,43 +1017,15 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a - map of {key,value} pairs. A - single {key,value} in the matchLabels - map is equivalent to an element - of matchExpressions, whose key - field is "key", the operator - is "In", and the values array - contains only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies - a static list of namespace names - that the term applies to. The term - is applied to the union of the namespaces - listed in this field and the ones - selected by namespaceSelector. null - or empty namespaces list and null - namespaceSelector means "this pod's - namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: - description: This pod should be co-located - (affinity) or not co-located (anti-affinity) - with the pods matching the labelSelector - in the specified namespaces, where - co-located is defined as running - on a node whose value of the label - with key topologyKey matches that - of any node on which any of the - selected pods is running. Empty - topologyKey is not allowed. type: string required: - topologyKey @@ -2573,266 +1035,92 @@ spec: type: object type: object args: - description: 'Arguments to the entrypoint. The docker - image''s CMD is used if this is not provided. - Variable references $(VAR_NAME) are expanded using - the container''s environment. If a variable cannot - be resolved, the reference in the input string - will be unchanged. The $(VAR_NAME) syntax can - be escaped with a double $$, ie: $$(VAR_NAME). - Escaped references will never be expanded, regardless - of whether the variable exists or not. Cannot - be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array containerSecurityContext: - description: 'Security options the pod should run - with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls - whether a process can gain more privileges - than its parent process. This bool directly - controls if the no_new_privs flag will be - set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run - as Privileged 2) has CAP_SYS_ADMIN Note that - this field cannot be set when spec.os.name - is windows.' type: boolean appArmorProfile: - description: appArmorProfile is the AppArmor - options to use by this container. If set, - this profile overrides the pod's appArmorProfile. - Note that this field cannot be set when spec.os.name - is windows. properties: localhostProfile: - description: localhostProfile indicates - a profile loaded on the node that should - be used. The profile must be preconfigured - on the node to work. Must match the loaded - name of the profile. Must be set if and - only if type is "Localhost". type: string type: - description: 'type indicates which kind - of AppArmor profile will be applied. Valid - options are: Localhost - a profile pre-loaded - on the node. RuntimeDefault - the container - runtime''s default profile. Unconfined - - no AppArmor enforcement.' type: string required: - type type: object capabilities: - description: The capabilities to add/drop when - running containers. Defaults to the default - set of capabilities granted by the container - runtime. Note that this field cannot be set - when spec.os.name is windows. properties: add: - description: Added capabilities items: - description: Capability represent POSIX - capabilities type type: string type: array x-kubernetes-list-type: atomic drop: - description: Removed capabilities items: - description: Capability represent POSIX - capabilities type type: string type: array x-kubernetes-list-type: atomic type: object privileged: - description: Run container in privileged mode. - Processes in privileged containers are essentially - equivalent to root on the host. Defaults to - false. Note that this field cannot be set - when spec.os.name is windows. type: boolean procMount: - description: procMount denotes the type of proc - mount to use for the containers. The default - is DefaultProcMount which uses the container - runtime defaults for readonly paths and masked - paths. This requires the ProcMountType feature - flag to be enabled. Note that this field cannot - be set when spec.os.name is windows. type: string readOnlyRootFilesystem: - description: Whether this container has a read-only - root filesystem. Default is false. Note that - this field cannot be set when spec.os.name - is windows. type: boolean runAsGroup: - description: The GID to run the entrypoint of - the container process. Uses runtime default - if unset. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes - precedence. Note that this field cannot be - set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: - description: Indicates that the container must - run as a non-root user. If true, the Kubelet - will validate the image at runtime to ensure - that it does not run as UID 0 (root) and fail - to start the container if it does. If unset - or false, no such validation will be performed. - May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes - precedence. type: boolean runAsUser: - description: The UID to run the entrypoint of - the container process. Defaults to user specified - in image metadata if unspecified. May also - be set in PodSecurityContext. If set in both - SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name - is windows. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be applied - to the container. If unspecified, the container - runtime will allocate a random SELinux context - for each container. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes - precedence. Note that this field cannot be - set when spec.os.name is windows. properties: level: - description: Level is SELinux level label - that applies to the container. type: string role: - description: Role is a SELinux role label - that applies to the container. type: string type: - description: Type is a SELinux type label - that applies to the container. type: string user: - description: User is a SELinux user label - that applies to the container. type: string type: object seccompProfile: - description: The seccomp options to use by this - container. If seccomp options are provided - at both the pod & container level, the container - options override the pod options. Note that - this field cannot be set when spec.os.name - is windows. properties: localhostProfile: - description: localhostProfile indicates - a profile defined in a file on the node - should be used. The profile must be preconfigured - on the node to work. Must be a descending - path, relative to the kubelet's configured - seccomp profile location. Must be set - if type is "Localhost". Must NOT be set - for any other type. type: string type: - description: "type indicates which kind - of seccomp profile will be applied. Valid - options are: \n Localhost - a profile - defined in a file on the node should be - used. RuntimeDefault - the container runtime - default profile should be used. Unconfined - - no profile should be applied." type: string required: - type type: object windowsOptions: - description: The Windows specific settings applied - to all containers. If unspecified, the options - from the PodSecurityContext will be used. - If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes - precedence. Note that this field cannot be - set when spec.os.name is linux. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is where - the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential - spec named by the GMSACredentialSpecName - field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName is the - name of the GMSA credential spec to use. type: string hostProcess: - description: HostProcess determines if a - container should be run as a 'Host Process' - container. All of a Pod's containers must - have the same effective HostProcess value - (it is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). - In addition, if HostProcess is true then - HostNetwork must also be set to true. type: boolean runAsUserName: - description: The UserName in Windows to - run the entrypoint of the container process. - Defaults to the user specified in image - metadata if unspecified. May also be set - in PodSecurityContext. If set in both - SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. type: string type: object type: object dnsConfig: - description: Specifies the DNS parameters of a pod. - Parameters specified here will be merged to the - generated DNS configuration based on DNSPolicy. properties: nameservers: - description: A list of DNS name server IP addresses. - This will be appended to the base nameservers - generated from DNSPolicy. Duplicated nameservers - will be removed. items: type: string type: array x-kubernetes-list-type: atomic options: - description: A list of DNS resolver options. - This will be merged with the base options - generated from DNSPolicy. Duplicated entries - will be removed. Resolution options given - in Options will override those that appear - in the base DNSPolicy. items: - description: PodDNSConfigOption defines DNS - resolver options of a pod. properties: name: - description: Required. type: string value: type: string @@ -2840,163 +1128,71 @@ spec: type: array x-kubernetes-list-type: atomic searches: - description: A list of DNS search domains for - host-name lookup. This will be appended to - the base search paths generated from DNSPolicy. - Duplicated search paths will be removed. items: type: string type: array x-kubernetes-list-type: atomic type: object dnsPolicy: - description: Set DNS policy for the pod. Defaults - to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', - 'ClusterFirst', 'Default' or 'None'. DNS parameters - given in DNSConfig will be merged with the policy - selected with DNSPolicy. To have DNS options set - along with hostNetwork, you have to specify DNS - policy explicitly to 'ClusterFirstWithHostNet'. type: string enableServiceLinks: - description: 'EnableServiceLinks indicates whether - information about services should be injected - into pod''s environment variables, matching the - syntax of Docker links. Optional: Defaults to - true.' type: boolean env: - description: List of environment variables to set - in the container. Cannot be updated. items: - description: EnvVar represents an environment - variable present in a Container. properties: name: - description: Name of the environment variable. - Must be a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) - are expanded using the previously defined - environment variables in the container and - any service environment variables. If a - variable cannot be resolved, the reference - in the input string will be unchanged. Double - $$ are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal - "$(VAR_NAME)". Escaped references will never - be expanded, regardless of whether the variable - exists or not. Defaults to "".' type: string valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. properties: configMapKeyRef: - description: Selects a key of a ConfigMap. properties: key: - description: The key to select. type: string name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the ConfigMap - or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of the pod: - supports metadata.name, metadata.namespace, - `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, status.podIPs.' properties: apiVersion: - description: Version of the schema - the FieldPath is written in terms - of, defaults to "v1". type: string fieldPath: - description: Path of the field to - select in the specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource of the - container: only resources limits and - requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' properties: containerName: - description: 'Container name: required - for volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output - format of the exposed resources, - defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to - select' type: string required: - resource type: object x-kubernetes-map-type: atomic secretKeyRef: - description: Selects a key of a secret - in the pod's namespace properties: key: - description: The key of the secret - to select from. Must be a valid - secret key. type: string name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the Secret - or its key must be defined type: boolean required: - key @@ -3008,250 +1204,89 @@ spec: type: object type: array hostIPC: - description: 'Use the host''s ipc namespace. Optional: - Default to false.' type: boolean hostNetwork: - description: Host networking requested for this - pod. Use the host's network namespace. If this - option is set, the ports that will be used must - be specified. Default to false. type: boolean hostPID: - description: 'Use the host''s pid namespace. Optional: - Default to false.' type: boolean imagePullSecrets: - description: 'ImagePullSecrets is an optional list - of references to secrets in the same namespace - to use for pulling any of the images used by this - PodSpec. If specified, these secrets will be passed - to individual puller implementations for them - to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' items: - description: LocalObjectReference contains enough - information to let you locate the referenced - object inside the same namespace. properties: name: default: "" - description: 'Name of the referent. This field - is effectively required, but due to backwards - compatibility is allowed to be empty. Instances - of this type with an empty value here are - almost certainly wrong. TODO: Add other - useful fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic type: array initContainers: - description: 'List of initialization containers - belonging to the pod. Init containers are executed - in order prior to containers being started. If - any init container fails, the pod is considered - to have failed and is handled according to its - restartPolicy. The name for an init container - or normal container must be unique among all containers. - Init containers may not have Lifecycle actions, - Readiness probes, or Liveness probes. The resourceRequirements - of an init container are taken into account during - scheduling by finding the highest request/limit - for each resource type, and then using the max - of of that value or the sum of the normal containers. - Limits are applied to init containers in a similar - fashion. Init containers cannot currently be added - or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' items: - description: A single application container that - you want to run within a pod. properties: args: - description: 'Arguments to the entrypoint. - The container image''s CMD is used if this - is not provided. Variable references $(VAR_NAME) - are expanded using the container''s environment. - If a variable cannot be resolved, the reference - in the input string will be unchanged. Double - $$ are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal - "$(VAR_NAME)". Escaped references will never - be expanded, regardless of whether the variable - exists or not. Cannot be updated. More info: - https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array x-kubernetes-list-type: atomic command: - description: 'Entrypoint array. Not executed - within a shell. The container image''s ENTRYPOINT - is used if this is not provided. Variable - references $(VAR_NAME) are expanded using - the container''s environment. If a variable - cannot be resolved, the reference in the - input string will be unchanged. Double $$ - are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal - "$(VAR_NAME)". Escaped references will never - be expanded, regardless of whether the variable - exists or not. Cannot be updated. More info: - https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array x-kubernetes-list-type: atomic env: - description: List of environment variables - to set in the container. Cannot be updated. items: - description: EnvVar represents an environment - variable present in a Container. properties: name: - description: Name of the environment - variable. Must be a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) - are expanded using the previously - defined environment variables in the - container and any service environment - variables. If a variable cannot be - resolved, the reference in the input - string will be unchanged. Double $$ - are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: - i.e. "$$(VAR_NAME)" will produce the - string literal "$(VAR_NAME)". Escaped - references will never be expanded, - regardless of whether the variable - exists or not. Defaults to "".' type: string valueFrom: - description: Source for the environment - variable's value. Cannot be used if - value is not empty. properties: configMapKeyRef: - description: Selects a key of a - ConfigMap. properties: key: - description: The key to select. type: string name: default: "" - description: 'Name of the referent. - This field is effectively - required, but due to backwards - compatibility is allowed to - be empty. Instances of this - type with an empty value here - are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether - the ConfigMap or its key must - be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of - the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, status.podIPs.' properties: apiVersion: - description: Version of the - schema the FieldPath is written - in terms of, defaults to "v1". type: string fieldPath: - description: Path of the field - to select in the specified - API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource - of the container: only resources - limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, - requests.cpu, requests.memory - and requests.ephemeral-storage) - are currently supported.' properties: containerName: - description: 'Container name: - required for volumes, optional - for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output - format of the exposed resources, - defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource - to select' type: string required: - resource type: object x-kubernetes-map-type: atomic secretKeyRef: - description: Selects a key of a - secret in the pod's namespace properties: key: - description: The key of the - secret to select from. Must - be a valid secret key. type: string name: default: "" - description: 'Name of the referent. - This field is effectively - required, but due to backwards - compatibility is allowed to - be empty. Instances of this - type with an empty value here - are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether - the Secret or its key must - be defined type: boolean required: - key @@ -3266,71 +1301,25 @@ spec: - name x-kubernetes-list-type: map envFrom: - description: List of sources to populate environment - variables in the container. The keys defined - within a source must be a C_IDENTIFIER. - All invalid keys will be reported as an - event when the container is starting. When - a key exists in multiple sources, the value - associated with the last source will take - precedence. Values defined by an Env with - a duplicate key will take precedence. Cannot - be updated. items: - description: EnvFromSource represents the - source of a set of ConfigMaps properties: configMapRef: - description: The ConfigMap to select - from properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the - ConfigMap must be defined type: boolean type: object x-kubernetes-map-type: atomic prefix: - description: An optional identifier - to prepend to each key in the ConfigMap. - Must be a C_IDENTIFIER. type: string secretRef: - description: The Secret to select from properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the - Secret must be defined type: boolean type: object x-kubernetes-map-type: atomic @@ -3338,87 +1327,31 @@ spec: type: array x-kubernetes-list-type: atomic image: - description: 'Container image name. More info: - https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level - config management to default or override - container images in workload controllers - like Deployments and StatefulSets.' type: string imagePullPolicy: - description: 'Image pull policy. One of Always, - Never, IfNotPresent. Defaults to Always - if :latest tag is specified, or IfNotPresent - otherwise. Cannot be updated. More info: - https://kubernetes.io/docs/concepts/containers/images#updating-images' type: string lifecycle: - description: Actions that the management system - should take in response to container lifecycle - events. Cannot be updated. properties: postStart: - description: 'PostStart is called immediately - after a container is created. If the - handler fails, the container is terminated - and restarted according to its restart - policy. Other management of the container - blocks until the hook completes. More - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: Exec specifies the action - to take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the - command is root ('/') in the - container's filesystem. The - command is simply exec'd, it - is not run inside a shell, so - traditional shell instructions - ('|', etc) won't work. To use - a shell, you need to explicitly - call out to that shell. Exit - status of 0 is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the - http request to perform. properties: host: - description: Host name to connect - to, defaults to the pod IP. - You probably want to set "Host" - in httpHeaders instead. type: string httpHeaders: - description: Custom headers to - set in the request. HTTP allows - repeated headers. items: - description: HTTPHeader describes - a custom header to be used - in HTTP probes properties: name: - description: The header - field name. This will - be canonicalized upon - output, so case-variant - names will be understood - as the same header. type: string value: - description: The header - field value type: string required: - name @@ -3427,138 +1360,58 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on - the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for - connecting to the host. Defaults - to HTTP. type: string required: - port type: object sleep: - description: Sleep represents the - duration that the container should - sleep before being terminated. properties: seconds: - description: Seconds is the number - of seconds to sleep. format: int64 type: integer required: - seconds type: object tcpSocket: - description: Deprecated. TCPSocket - is NOT supported as a LifecycleHandler - and kept for the backward compatibility. - There are no validation of this - field and lifecycle hooks will fail - in runtime when tcp handler is specified. properties: host: - description: 'Optional: Host name - to connect to, defaults to the - pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: - description: 'PreStop is called immediately - before a container is terminated due - to an API request or management event - such as liveness/startup probe failure, - preemption, resource contention, etc. - The handler is not called if the container - crashes or exits. The Pod''s termination - grace period countdown begins before - the PreStop hook is executed. Regardless - of the outcome of the handler, the container - will eventually terminate within the - Pod''s termination grace period (unless - delayed by finalizers). Other management - of the container blocks until the hook - completes or until the termination grace - period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: Exec specifies the action - to take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the - command is root ('/') in the - container's filesystem. The - command is simply exec'd, it - is not run inside a shell, so - traditional shell instructions - ('|', etc) won't work. To use - a shell, you need to explicitly - call out to that shell. Exit - status of 0 is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the - http request to perform. properties: host: - description: Host name to connect - to, defaults to the pod IP. - You probably want to set "Host" - in httpHeaders instead. type: string httpHeaders: - description: Custom headers to - set in the request. HTTP allows - repeated headers. items: - description: HTTPHeader describes - a custom header to be used - in HTTP probes properties: name: - description: The header - field name. This will - be canonicalized upon - output, so case-variant - names will be understood - as the same header. type: string value: - description: The header - field value type: string required: - name @@ -3567,62 +1420,33 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on - the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for - connecting to the host. Defaults - to HTTP. type: string required: - port type: object sleep: - description: Sleep represents the - duration that the container should - sleep before being terminated. properties: seconds: - description: Seconds is the number - of seconds to sleep. format: int64 type: integer required: - seconds type: object tcpSocket: - description: Deprecated. TCPSocket - is NOT supported as a LifecycleHandler - and kept for the backward compatibility. - There are no validation of this - field and lifecycle hooks will fail - in runtime when tcp handler is specified. properties: host: - description: 'Optional: Host name - to connect to, defaults to the - pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -3630,88 +1454,38 @@ spec: type: object type: object livenessProbe: - description: 'Periodic probe of container - liveness. Container will be restarted if - the probe fails. Cannot be updated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action - to take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it - is not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to - explicitly call out to that shell. - Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults to - 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action - involving a GRPC port. properties: port: - description: Port number of the gRPC - service. Number must be in the range - 1 to 65535. format: int32 type: integer service: - description: "Service is the name - of the service to place in the gRPC - HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the - default behavior is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http - request to perform. properties: host: - description: Host name to connect - to, defaults to the pod IP. You - probably want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers to set - in the request. HTTP allows repeated - headers. items: - description: HTTPHeader describes - a custom header to be used in - HTTP probes properties: name: - description: The header field - name. This will be canonicalized - upon output, so case-variant - names will be understood as - the same header. type: string value: - description: The header field - value type: string required: - name @@ -3720,150 +1494,62 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the - HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the - port to access on the container. - Number must be in the range 1 to - 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after - the container has started before liveness - probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to - perform the probe. Default to 10 seconds. - Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to 1. - Must be 1 for liveness and startup. - Minimum value is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action - involving a TCP port. properties: host: - description: 'Optional: Host name - to connect to, defaults to the pod - IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the - port to access on the container. - Number must be in the range 1 to - 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds - the pod needs to terminate gracefully - upon probe failure. The grace period - is the duration in seconds after the - processes running in the pod are sent - a termination signal and the time when - the processes are forcibly halted with - a kill signal. Set this value longer - than the expected cleanup time for your - process. If this value is nil, the pod's - terminationGracePeriodSeconds will be - used. Otherwise, this value overrides - the value provided by the pod spec. - Value must be non-negative integer. - The value zero indicates stop immediately - via the kill signal (no opportunity - to shut down). This is a beta field - and requires enabling ProbeTerminationGracePeriod - feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after - which the probe times out. Defaults - to 1 second. Minimum value is 1. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object name: - description: Name of the container specified - as a DNS_LABEL. Each container in a pod - must have a unique name (DNS_LABEL). Cannot - be updated. type: string ports: - description: List of ports to expose from - the container. Not specifying a port here - DOES NOT prevent that port from being exposed. - Any port which is listening on the default - "0.0.0.0" address inside a container will - be accessible from the network. Modifying - this array with strategic merge patch may - corrupt the data. For more information See - https://github.com/kubernetes/kubernetes/issues/108255. - Cannot be updated. items: - description: ContainerPort represents a - network port in a single container. properties: containerPort: - description: Number of port to expose - on the pod's IP address. This must - be a valid port number, 0 < x < 65536. format: int32 type: integer hostIP: - description: What host IP to bind the - external port to. type: string hostPort: - description: Number of port to expose - on the host. If specified, this must - be a valid port number, 0 < x < 65536. - If HostNetwork is specified, this - must match ContainerPort. Most containers - do not need this. format: int32 type: integer name: - description: If specified, this must - be an IANA_SVC_NAME and unique within - the pod. Each named port in a pod - must have a unique name. Name for - the port that can be referred to by - services. type: string protocol: default: TCP - description: Protocol for port. Must - be UDP, TCP, or SCTP. Defaults to - "TCP". type: string required: - containerPort @@ -3874,88 +1560,38 @@ spec: - protocol x-kubernetes-list-type: map readinessProbe: - description: 'Periodic probe of container - service readiness. Container will be removed - from service endpoints if the probe fails. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action - to take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it - is not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to - explicitly call out to that shell. - Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults to - 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action - involving a GRPC port. properties: port: - description: Port number of the gRPC - service. Number must be in the range - 1 to 65535. format: int32 type: integer service: - description: "Service is the name - of the service to place in the gRPC - HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the - default behavior is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http - request to perform. properties: host: - description: Host name to connect - to, defaults to the pod IP. You - probably want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers to set - in the request. HTTP allows repeated - headers. items: - description: HTTPHeader describes - a custom header to be used in - HTTP probes properties: name: - description: The header field - name. This will be canonicalized - upon output, so case-variant - names will be understood as - the same header. type: string value: - description: The header field - value type: string required: - name @@ -3964,113 +1600,51 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the - HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the - port to access on the container. - Number must be in the range 1 to - 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after - the container has started before liveness - probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to - perform the probe. Default to 10 seconds. - Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to 1. - Must be 1 for liveness and startup. - Minimum value is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action - involving a TCP port. properties: host: - description: 'Optional: Host name - to connect to, defaults to the pod - IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the - port to access on the container. - Number must be in the range 1 to - 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds - the pod needs to terminate gracefully - upon probe failure. The grace period - is the duration in seconds after the - processes running in the pod are sent - a termination signal and the time when - the processes are forcibly halted with - a kill signal. Set this value longer - than the expected cleanup time for your - process. If this value is nil, the pod's - terminationGracePeriodSeconds will be - used. Otherwise, this value overrides - the value provided by the pod spec. - Value must be non-negative integer. - The value zero indicates stop immediately - via the kill signal (no opportunity - to shut down). This is a beta field - and requires enabling ProbeTerminationGracePeriod - feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after - which the probe times out. Defaults - to 1 second. Minimum value is 1. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object resizePolicy: - description: Resources resize policy for the - container. items: - description: ContainerResizePolicy represents - resource resize policy for the container. properties: resourceName: - description: 'Name of the resource to - which this resource resize policy - applies. Supported values: cpu, memory.' type: string restartPolicy: - description: Restart policy to apply - when specified resource is resized. - If not specified, it defaults to NotRequired. type: string required: - resourceName @@ -4079,28 +1653,11 @@ spec: type: array x-kubernetes-list-type: atomic resources: - description: 'Compute Resources required by - this container. Cannot be updated. More - info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' properties: claims: - description: "Claims lists the names of - resources, defined in spec.resourceClaims, - that are used by this container. \n - This is an alpha field and requires - enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. - It can only be set for containers." items: - description: ResourceClaim references - one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the - name of one entry in pod.spec.resourceClaims - of the Pod where this field is - used. It makes that resource available - inside a container. type: string required: - name @@ -4116,9 +1673,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum - amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -4127,370 +1681,115 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum - amount of compute resources required. - If Requests is omitted for a container, - it defaults to Limits if that is explicitly - specified, otherwise to an implementation-defined - value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object restartPolicy: - description: 'RestartPolicy defines the restart - behavior of individual containers in a pod. - This field may only be set for init containers, - and the only allowed value is "Always". - For non-init containers or when this field - is not specified, the restart behavior is - defined by the Pod''s restart policy and - the container type. Setting the RestartPolicy - as "Always" for the init container will - have the following effect: this init container - will be continually restarted on exit until - all regular containers have terminated. - Once all regular containers have completed, - all init containers with restartPolicy "Always" - will be shut down. This lifecycle differs - from normal init containers and is often - referred to as a "sidecar" container. Although - this init container still starts in the - init container sequence, it does not wait - for the container to complete before proceeding - to the next init container. Instead, the - next init container starts immediately after - this init container is started, or after - any startupProbe has successfully completed.' type: string securityContext: - description: 'SecurityContext defines the - security options the container should be - run with. If set, the fields of SecurityContext - override the equivalent fields of PodSecurityContext. - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation - controls whether a process can gain - more privileges than its parent process. - This bool directly controls if the no_new_privs - flag will be set on the container process. - AllowPrivilegeEscalation is true always - when the container is: 1) run as Privileged - 2) has CAP_SYS_ADMIN Note that this - field cannot be set when spec.os.name - is windows.' type: boolean appArmorProfile: - description: appArmorProfile is the AppArmor - options to use by this container. If - set, this profile overrides the pod's - appArmorProfile. Note that this field - cannot be set when spec.os.name is windows. properties: localhostProfile: - description: localhostProfile indicates - a profile loaded on the node that - should be used. The profile must - be preconfigured on the node to - work. Must match the loaded name - of the profile. Must be set if and - only if type is "Localhost". type: string type: - description: 'type indicates which - kind of AppArmor profile will be - applied. Valid options are: Localhost - - a profile pre-loaded on the node. - RuntimeDefault - the container runtime''s - default profile. Unconfined - no - AppArmor enforcement.' type: string required: - type type: object capabilities: - description: The capabilities to add/drop - when running containers. Defaults to - the default set of capabilities granted - by the container runtime. Note that - this field cannot be set when spec.os.name - is windows. properties: add: - description: Added capabilities items: - description: Capability represent - POSIX capabilities type type: string type: array x-kubernetes-list-type: atomic drop: - description: Removed capabilities items: - description: Capability represent - POSIX capabilities type type: string type: array x-kubernetes-list-type: atomic type: object privileged: - description: Run container in privileged - mode. Processes in privileged containers - are essentially equivalent to root on - the host. Defaults to false. Note that - this field cannot be set when spec.os.name - is windows. type: boolean procMount: - description: procMount denotes the type - of proc mount to use for the containers. - The default is DefaultProcMount which - uses the container runtime defaults - for readonly paths and masked paths. - This requires the ProcMountType feature - flag to be enabled. Note that this field - cannot be set when spec.os.name is windows. type: string readOnlyRootFilesystem: - description: Whether this container has - a read-only root filesystem. Default - is false. Note that this field cannot - be set when spec.os.name is windows. type: boolean runAsGroup: - description: The GID to run the entrypoint - of the container process. Uses runtime - default if unset. May also be set in - PodSecurityContext. If set in both - SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this field - cannot be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: - description: Indicates that the container - must run as a non-root user. If true, - the Kubelet will validate the image - at runtime to ensure that it does not - run as UID 0 (root) and fail to start - the container if it does. If unset or - false, no such validation will be performed. - May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint - of the container process. Defaults to - user specified in image metadata if - unspecified. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this field - cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be - applied to the container. If unspecified, - the container runtime will allocate - a random SELinux context for each container. May - also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this field - cannot be set when spec.os.name is windows. properties: level: - description: Level is SELinux level - label that applies to the container. type: string role: - description: Role is a SELinux role - label that applies to the container. type: string type: - description: Type is a SELinux type - label that applies to the container. type: string user: - description: User is a SELinux user - label that applies to the container. type: string type: object seccompProfile: - description: The seccomp options to use - by this container. If seccomp options - are provided at both the pod & container - level, the container options override - the pod options. Note that this field - cannot be set when spec.os.name is windows. properties: localhostProfile: - description: localhostProfile indicates - a profile defined in a file on the - node should be used. The profile - must be preconfigured on the node - to work. Must be a descending path, - relative to the kubelet's configured - seccomp profile location. Must be - set if type is "Localhost". Must - NOT be set for any other type. type: string type: - description: "type indicates which - kind of seccomp profile will be - applied. Valid options are: \n Localhost - - a profile defined in a file on - the node should be used. RuntimeDefault - - the container runtime default - profile should be used. Unconfined - - no profile should be applied." type: string required: - type type: object windowsOptions: - description: The Windows specific settings - applied to all containers. If unspecified, - the options from the PodSecurityContext - will be used. If set in both SecurityContext - and PodSecurityContext, the value specified - in SecurityContext takes precedence. - Note that this field cannot be set when - spec.os.name is linux. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is - where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA - credential spec named by the GMSACredentialSpecName - field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName - is the name of the GMSA credential - spec to use. type: string hostProcess: - description: HostProcess determines - if a container should be run as - a 'Host Process' container. All - of a Pod's containers must have - the same effective HostProcess value - (it is not allowed to have a mix - of HostProcess containers and non-HostProcess - containers). In addition, if HostProcess - is true then HostNetwork must also - be set to true. type: boolean runAsUserName: - description: The UserName in Windows - to run the entrypoint of the container - process. Defaults to the user specified - in image metadata if unspecified. - May also be set in PodSecurityContext. - If set in both SecurityContext and - PodSecurityContext, the value specified - in SecurityContext takes precedence. type: string type: object type: object startupProbe: - description: 'StartupProbe indicates that - the Pod has successfully initialized. If - specified, no other probes are executed - until this completes successfully. If this - probe fails, the Pod will be restarted, - just as if the livenessProbe failed. This - can be used to provide different probe parameters - at the beginning of a Pod''s lifecycle, - when it might take a long time to load data - or warm a cache, than during steady-state - operation. This cannot be updated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action - to take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it - is not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to - explicitly call out to that shell. - Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults to - 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action - involving a GRPC port. properties: port: - description: Port number of the gRPC - service. Number must be in the range - 1 to 65535. format: int32 type: integer service: - description: "Service is the name - of the service to place in the gRPC - HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the - default behavior is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http - request to perform. properties: host: - description: Host name to connect - to, defaults to the pod IP. You - probably want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers to set - in the request. HTTP allows repeated - headers. items: - description: HTTPHeader describes - a custom header to be used in - HTTP probes properties: name: - description: The header field - name. This will be canonicalized - upon output, so case-variant - names will be understood as - the same header. type: string value: - description: The header field - value type: string required: - name @@ -4499,166 +1798,61 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the - HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the - port to access on the container. - Number must be in the range 1 to - 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after - the container has started before liveness - probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to - perform the probe. Default to 10 seconds. - Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to 1. - Must be 1 for liveness and startup. - Minimum value is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action - involving a TCP port. properties: host: - description: 'Optional: Host name - to connect to, defaults to the pod - IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the - port to access on the container. - Number must be in the range 1 to - 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds - the pod needs to terminate gracefully - upon probe failure. The grace period - is the duration in seconds after the - processes running in the pod are sent - a termination signal and the time when - the processes are forcibly halted with - a kill signal. Set this value longer - than the expected cleanup time for your - process. If this value is nil, the pod's - terminationGracePeriodSeconds will be - used. Otherwise, this value overrides - the value provided by the pod spec. - Value must be non-negative integer. - The value zero indicates stop immediately - via the kill signal (no opportunity - to shut down). This is a beta field - and requires enabling ProbeTerminationGracePeriod - feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after - which the probe times out. Defaults - to 1 second. Minimum value is 1. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object stdin: - description: Whether this container should - allocate a buffer for stdin in the container - runtime. If this is not set, reads from - stdin in the container will always result - in EOF. Default is false. type: boolean stdinOnce: - description: Whether the container runtime - should close the stdin channel after it - has been opened by a single attach. When - stdin is true the stdin stream will remain - open across multiple attach sessions. If - stdinOnce is set to true, stdin is opened - on container start, is empty until the first - client attaches to stdin, and then remains - open and accepts data until the client disconnects, - at which time stdin is closed and remains - closed until the container is restarted. - If this flag is false, a container processes - that reads from stdin will never receive - an EOF. Default is false type: boolean terminationMessagePath: - description: 'Optional: Path at which the - file to which the container''s termination - message will be written is mounted into - the container''s filesystem. Message written - is intended to be brief final status, such - as an assertion failure message. Will be - truncated by the node if greater than 4096 - bytes. The total message length across all - containers will be limited to 12kb. Defaults - to /dev/termination-log. Cannot be updated.' type: string terminationMessagePolicy: - description: Indicate how the termination - message should be populated. File will use - the contents of terminationMessagePath to - populate the container status message on - both success and failure. FallbackToLogsOnError - will use the last chunk of container log - output if the termination message file is - empty and the container exited with an error. - The log output is limited to 2048 bytes - or 80 lines, whichever is smaller. Defaults - to File. Cannot be updated. type: string tty: - description: Whether this container should - allocate a TTY for itself, also requires - 'stdin' to be true. Default is false. type: boolean volumeDevices: - description: volumeDevices is the list of - block devices to be used by the container. items: - description: volumeDevice describes a mapping - of a raw block device within a container. properties: devicePath: - description: devicePath is the path - inside of the container that the device - will be mapped to. type: string name: - description: name must match the name - of a persistentVolumeClaim in the - pod type: string required: - devicePath @@ -4669,76 +1863,21 @@ spec: - devicePath x-kubernetes-list-type: map volumeMounts: - description: Pod volumes to mount into the - container's filesystem. Cannot be updated. items: - description: VolumeMount describes a mounting - of a Volume within a container. properties: mountPath: - description: Path within the container - at which the volume should be mounted. Must - not contain ':'. type: string mountPropagation: - description: mountPropagation determines - how mounts are propagated from the - host to container and the other way - around. When not set, MountPropagationNone - is used. This field is beta in 1.10. - When RecursiveReadOnly is set to IfPossible - or to Enabled, MountPropagation must - be None or unspecified (which defaults - to None). type: string name: - description: This must match the Name - of a Volume. type: string readOnly: - description: Mounted read-only if true, - read-write otherwise (false or unspecified). - Defaults to false. type: boolean recursiveReadOnly: - description: "RecursiveReadOnly specifies - whether read-only mounts should be - handled recursively. \n If ReadOnly - is false, this field has no meaning - and must be unspecified. \n If ReadOnly - is true, and this field is set to - Disabled, the mount is not made recursively - read-only. If this field is set to - IfPossible, the mount is made recursively - read-only, if it is supported by the - container runtime. If this field - is set to Enabled, the mount is made - recursively read-only if it is supported - by the container runtime, otherwise - the pod will not be started and an - error will be generated to indicate - the reason. \n If this field is set - to IfPossible or Enabled, MountPropagation - must be set to None (or be unspecified, - which defaults to None). \n If this - field is not specified, it is treated - as an equivalent of Disabled." type: string subPath: - description: Path within the volume - from which the container's volume - should be mounted. Defaults to "" - (volume's root). type: string subPathExpr: - description: Expanded path within the - volume from which the container's - volume should be mounted. Behaves - similarly to SubPath but environment - variable references $(VAR_NAME) are - expanded using the container's environment. - Defaults to "" (volume's root). SubPathExpr - and SubPath are mutually exclusive. type: string required: - mountPath @@ -4749,78 +1888,33 @@ spec: - mountPath x-kubernetes-list-type: map workingDir: - description: Container's working directory. - If not specified, the container runtime's - default will be used, which might be configured - in the container image. Cannot be updated. type: string required: - name type: object type: array lifecycle: - description: Actions that the management system - should take in response to container lifecycle - events. Cannot be updated. properties: postStart: - description: 'PostStart is called immediately - after a container is created. If the handler - fails, the container is terminated and restarted - according to its restart policy. Other management - of the container blocks until the hook completes. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: Exec specifies the action to - take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it is - not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to - explicitly call out to that shell. - Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the http - request to perform. properties: host: - description: Host name to connect to, - defaults to the pod IP. You probably - want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers to set in - the request. HTTP allows repeated - headers. items: - description: HTTPHeader describes - a custom header to be used in HTTP - probes properties: name: - description: The header field - name. This will be canonicalized - upon output, so case-variant - names will be understood as - the same header. type: string value: - description: The header field - value type: string required: - name @@ -4829,129 +1923,58 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the HTTP - server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. type: string required: - port type: object sleep: - description: Sleep represents the duration - that the container should sleep before - being terminated. properties: seconds: - description: Seconds is the number of - seconds to sleep. format: int64 type: integer required: - seconds type: object tcpSocket: - description: Deprecated. TCPSocket is NOT - supported as a LifecycleHandler and kept - for the backward compatibility. There - are no validation of this field and lifecycle - hooks will fail in runtime when tcp handler - is specified. properties: host: - description: 'Optional: Host name to - connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: - description: 'PreStop is called immediately - before a container is terminated due to an - API request or management event such as liveness/startup - probe failure, preemption, resource contention, - etc. The handler is not called if the container - crashes or exits. The Pod''s termination grace - period countdown begins before the PreStop - hook is executed. Regardless of the outcome - of the handler, the container will eventually - terminate within the Pod''s termination grace - period (unless delayed by finalizers). Other - management of the container blocks until the - hook completes or until the termination grace - period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: Exec specifies the action to - take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it is - not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to - explicitly call out to that shell. - Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the http - request to perform. properties: host: - description: Host name to connect to, - defaults to the pod IP. You probably - want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers to set in - the request. HTTP allows repeated - headers. items: - description: HTTPHeader describes - a custom header to be used in HTTP - probes properties: name: - description: The header field - name. This will be canonicalized - upon output, so case-variant - names will be understood as - the same header. type: string value: - description: The header field - value type: string required: - name @@ -4960,58 +1983,33 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the HTTP - server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. type: string required: - port type: object sleep: - description: Sleep represents the duration - that the container should sleep before - being terminated. properties: seconds: - description: Seconds is the number of - seconds to sleep. format: int64 type: integer required: - seconds type: object tcpSocket: - description: Deprecated. TCPSocket is NOT - supported as a LifecycleHandler and kept - for the backward compatibility. There - are no validation of this field and lifecycle - hooks will fail in runtime when tcp handler - is specified. properties: host: - description: 'Optional: Host name to - connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -5019,82 +2017,38 @@ spec: type: object type: object livenessProbe: - description: 'Periodic probe of container liveness. - Container will be restarted if the probe fails. - Controllers may set default LivenessProbe if no - liveness probe is provided. To ignore defaulting, - set the value to empty LivenessProbe "{}". Cannot - be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line - to execute inside the container, the working - directory for the command is root ('/') - in the container's filesystem. The command - is simply exec'd, it is not run inside - a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, - you need to explicitly call out to that - shell. Exit status of 0 is treated as - live/healthy and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive failures for - the probe to be considered failed after having - succeeded. Defaults to 3. Minimum value is - 1. format: int32 type: integer grpc: - description: GRPC specifies an action involving - a GRPC port. properties: port: - description: Port number of the gRPC service. - Number must be in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name of the - service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default - behavior is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request - to perform. properties: host: - description: Host name to connect to, defaults - to the pod IP. You probably want to set - "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the - request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom - header to be used in HTTP probes properties: name: - description: The header field name. - This will be canonicalized upon - output, so case-variant names will - be understood as the same header. type: string value: - description: The header field value type: string required: - name @@ -5103,216 +2057,95 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the HTTP - server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container - has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform - the probe. Default to 10 seconds. Minimum - value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for - the probe to be considered successful after - having failed. Defaults to 1. Must be 1 for - liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving - a TCP port. properties: host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds the - pod needs to terminate gracefully upon probe - failure. The grace period is the duration - in seconds after the processes running in - the pod are sent a termination signal and - the time when the processes are forcibly halted - with a kill signal. Set this value longer - than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this value overrides - the value provided by the pod spec. Value - must be non-negative integer. The value zero - indicates stop immediately via the kill signal - (no opportunity to shut down). This is a beta - field and requires enabling ProbeTerminationGracePeriod - feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which - the probe times out. Defaults to 1 second. - Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object nodeSelector: additionalProperties: type: string - description: 'NodeSelector is a selector which must - be true for the pod to fit on a node. Selector - which must match a node''s labels for the pod - to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' type: object x-kubernetes-map-type: atomic podPlacementPolicy: - description: PodPlacementPolicy is the reference - of the podPlacementPolicy properties: name: default: "" - description: 'Name of the referent. This field - is effectively required, but due to backwards - compatibility is allowed to be empty. Instances - of this type with an empty value here are - almost certainly wrong. TODO: Add other useful - fields. apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic priority: - description: The priority value. Various system - components use this field to find the priority - of the pod. When Priority Admission Controller - is enabled, it prevents users from setting this - field. The admission controller populates this - field from PriorityClassName. The higher the value, - the higher the priority. format: int32 type: integer priorityClassName: - description: If specified, indicates the pod's priority. - "system-node-critical" and "system-cluster-critical" - are two special keywords which indicate the highest - priorities with the former being the highest priority. - Any other name must be defined by creating a PriorityClass - object with that name. If not specified, the pod - priority will be default or zero if there is no - default. type: string readinessProbe: - description: 'Periodic probe of container service - readiness. Container will be removed from service - endpoints if the probe fails. Cannot be updated. - Controllers may set default ReadinessProbe if - no readyness probe is provided. To ignore defaulting, - set the value to empty ReadynessProbe "{}". More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line - to execute inside the container, the working - directory for the command is root ('/') - in the container's filesystem. The command - is simply exec'd, it is not run inside - a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, - you need to explicitly call out to that - shell. Exit status of 0 is treated as - live/healthy and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive failures for - the probe to be considered failed after having - succeeded. Defaults to 3. Minimum value is - 1. format: int32 type: integer grpc: - description: GRPC specifies an action involving - a GRPC port. properties: port: - description: Port number of the gRPC service. - Number must be in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name of the - service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default - behavior is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request - to perform. properties: host: - description: Host name to connect to, defaults - to the pod IP. You probably want to set - "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the - request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom - header to be used in HTTP probes properties: name: - description: The header field name. - This will be canonicalized upon - output, so case-variant names will - be understood as the same header. type: string value: - description: The header field value type: string required: - name @@ -5321,112 +2154,51 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the HTTP - server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container - has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform - the probe. Default to 10 seconds. Minimum - value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for - the probe to be considered successful after - having failed. Defaults to 1. Must be 1 for - liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving - a TCP port. properties: host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds the - pod needs to terminate gracefully upon probe - failure. The grace period is the duration - in seconds after the processes running in - the pod are sent a termination signal and - the time when the processes are forcibly halted - with a kill signal. Set this value longer - than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this value overrides - the value provided by the pod spec. Value - must be non-negative integer. The value zero - indicates stop immediately via the kill signal - (no opportunity to shut down). This is a beta - field and requires enabling ProbeTerminationGracePeriod - feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which - the probe times out. Defaults to 1 second. - Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object resources: - description: Compute Resources required by the sidecar - container. properties: claims: - description: "Claims lists the names of resources, - defined in spec.resourceClaims, that are used - by this container. \n This is an alpha field - and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. - It can only be set for containers." items: - description: ResourceClaim references one - entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name - of one entry in pod.spec.resourceClaims - of the Pod where this field is used. - It makes that resource available inside - a container. type: string required: - name @@ -5442,8 +2214,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount - of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -5452,207 +2222,68 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum - amount of compute resources required. If Requests - is omitted for a container, it defaults to - Limits if that is explicitly specified, otherwise - to an implementation-defined value. Requests - cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object runtimeClassName: - description: 'RuntimeClassName refers to a RuntimeClass - object in the node.k8s.io group, which should - be used to run this pod. If no RuntimeClass resource - matches the named class, the pod will not be run. - If unset or empty, the "legacy" RuntimeClass will - be used, which is an implicit class with an empty - definition that uses the default runtime handler. - More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class' type: string schedulerName: - description: If specified, the pod will be dispatched - by specified scheduler. If not specified, the - pod will be dispatched by default scheduler. type: string securityContext: - description: 'SecurityContext holds pod-level security - attributes and common container settings. Optional: - Defaults to empty. See type description for default - values of each field.' properties: appArmorProfile: - description: appArmorProfile is the AppArmor - options to use by the containers in this pod. - Note that this field cannot be set when spec.os.name - is windows. properties: localhostProfile: - description: localhostProfile indicates - a profile loaded on the node that should - be used. The profile must be preconfigured - on the node to work. Must match the loaded - name of the profile. Must be set if and - only if type is "Localhost". type: string type: - description: 'type indicates which kind - of AppArmor profile will be applied. Valid - options are: Localhost - a profile pre-loaded - on the node. RuntimeDefault - the container - runtime''s default profile. Unconfined - - no AppArmor enforcement.' type: string required: - type type: object fsGroup: - description: "A special supplemental group that - applies to all containers in a pod. Some volume - types allow the Kubelet to change the ownership - of that volume to be owned by the pod: \n - 1. The owning GID will be the FSGroup 2. The - setgid bit is set (new files created in the - volume will be owned by FSGroup) 3. The permission - bits are OR'd with rw-rw---- \n If unset, - the Kubelet will not modify the ownership - and permissions of any volume. Note that this - field cannot be set when spec.os.name is windows." format: int64 type: integer fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines behavior - of changing ownership and permission of the - volume before being exposed inside Pod. This - field will only apply to volume types which - support fsGroup based ownership(and permissions). - It will have no effect on ephemeral volume - types such as: secret, configmaps and emptydir. - Valid values are "OnRootMismatch" and "Always". - If not specified, "Always" is used. Note that - this field cannot be set when spec.os.name - is windows.' type: string runAsGroup: - description: The GID to run the entrypoint of - the container process. Uses runtime default - if unset. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes - precedence for that container. Note that this - field cannot be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: - description: Indicates that the container must - run as a non-root user. If true, the Kubelet - will validate the image at runtime to ensure - that it does not run as UID 0 (root) and fail - to start the container if it does. If unset - or false, no such validation will be performed. - May also be set in SecurityContext. If set - in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes - precedence. type: boolean runAsUser: - description: The UID to run the entrypoint of - the container process. Defaults to user specified - in image metadata if unspecified. May also - be set in SecurityContext. If set in both - SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence - for that container. Note that this field cannot - be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be applied - to all containers. If unspecified, the container - runtime will allocate a random SELinux context - for each container. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes - precedence for that container. Note that this - field cannot be set when spec.os.name is windows. properties: level: - description: Level is SELinux level label - that applies to the container. type: string role: - description: Role is a SELinux role label - that applies to the container. type: string type: - description: Type is a SELinux type label - that applies to the container. type: string user: - description: User is a SELinux user label - that applies to the container. type: string type: object seccompProfile: - description: The seccomp options to use by the - containers in this pod. Note that this field - cannot be set when spec.os.name is windows. properties: localhostProfile: - description: localhostProfile indicates - a profile defined in a file on the node - should be used. The profile must be preconfigured - on the node to work. Must be a descending - path, relative to the kubelet's configured - seccomp profile location. Must be set - if type is "Localhost". Must NOT be set - for any other type. type: string type: - description: "type indicates which kind - of seccomp profile will be applied. Valid - options are: \n Localhost - a profile - defined in a file on the node should be - used. RuntimeDefault - the container runtime - default profile should be used. Unconfined - - no profile should be applied." type: string required: - type type: object supplementalGroups: - description: A list of groups applied to the - first process run in each container, in addition - to the container's primary GID, the fsGroup - (if specified), and group memberships defined - in the container image for the uid of the - container process. If unspecified, no additional - groups are added to any container. Note that - group memberships defined in the container - image for the uid of the container process - are still effective, even if they are not - included in this list. Note that this field - cannot be set when spec.os.name is windows. items: format: int64 type: integer type: array x-kubernetes-list-type: atomic sysctls: - description: Sysctls hold a list of namespaced - sysctls used for the pod. Pods with unsupported - sysctls (by the container runtime) might fail - to launch. Note that this field cannot be - set when spec.os.name is windows. items: - description: Sysctl defines a kernel parameter - to be set properties: name: - description: Name of a property to set type: string value: - description: Value of a property to set type: string required: - name @@ -5661,173 +2292,53 @@ spec: type: array x-kubernetes-list-type: atomic windowsOptions: - description: The Windows specific settings applied - to all containers. If unspecified, the options - within a container's SecurityContext will - be used. If set in both SecurityContext and - PodSecurityContext, the value specified in - SecurityContext takes precedence. Note that - this field cannot be set when spec.os.name - is linux. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is where - the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential - spec named by the GMSACredentialSpecName - field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName is the - name of the GMSA credential spec to use. type: string hostProcess: - description: HostProcess determines if a - container should be run as a 'Host Process' - container. All of a Pod's containers must - have the same effective HostProcess value - (it is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). - In addition, if HostProcess is true then - HostNetwork must also be set to true. type: boolean runAsUserName: - description: The UserName in Windows to - run the entrypoint of the container process. - Defaults to the user specified in image - metadata if unspecified. May also be set - in PodSecurityContext. If set in both - SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. type: string type: object type: object serviceAccountName: - description: 'ServiceAccountName is the name of - the ServiceAccount to use to run this pod. More - info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' type: string shareProcessNamespace: - description: 'Share a single process namespace between - all of the containers in a pod. When this is set - containers will be able to view and signal processes - from other containers in the same pod, and the - first process in each container will not be assigned - PID 1. HostPID and ShareProcessNamespace cannot - both be set. Optional: Default to false.' type: boolean terminationGracePeriodSeconds: - description: Optional duration in seconds the pod - needs to terminate gracefully. May be decreased - in delete request. Value must be non-negative - integer. The value zero indicates stop immediately - via the kill signal (no opportunity to shut down). - If this value is nil, the default grace period - will be used instead. The grace period is the - duration in seconds after the processes running - in the pod are sent a termination signal and the - time when the processes are forcibly halted with - a kill signal. Set this value longer than the - expected cleanup time for your process. Defaults - to 30 seconds. format: int64 type: integer tolerations: - description: If specified, the pod's tolerations. items: - description: The pod this Toleration is attached - to tolerates any taint that matches the triple - using the matching operator - . properties: effect: - description: Effect indicates the taint effect - to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, - PreferNoSchedule and NoExecute. type: string key: - description: Key is the taint key that the - toleration applies to. Empty means match - all taint keys. If the key is empty, operator - must be Exists; this combination means to - match all values and all keys. type: string operator: - description: Operator represents a key's relationship - to the value. Valid operators are Exists - and Equal. Defaults to Equal. Exists is - equivalent to wildcard for value, so that - a pod can tolerate all taints of a particular - category. type: string tolerationSeconds: - description: TolerationSeconds represents - the period of time the toleration (which - must be of effect NoExecute, otherwise this - field is ignored) tolerates the taint. By - default, it is not set, which means tolerate - the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict - immediately) by the system. format: int64 type: integer value: - description: Value is the taint value the - toleration matches to. If the operator is - Exists, the value should be empty, otherwise - just a regular string. type: string type: object type: array topologySpreadConstraints: - description: TopologySpreadConstraints describes - how a group of pods ought to spread across topology - domains. Scheduler will schedule pods in a way - which abides by the constraints. All topologySpreadConstraints - are ANDed. items: - description: TopologySpreadConstraint specifies - how to spread matching pods among the given - topology. properties: labelSelector: - description: LabelSelector is used to find - matching pods. Pods that match this label - selector are counted to determine the number - of pods in their corresponding topology - domain. properties: matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. properties: key: - description: key is the label key - that the selector applies to. type: string operator: - description: operator represents - a key's relationship to a set - of values. Valid operators are - In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array - of string values. If the operator - is In or NotIn, the values array - must be non-empty. If the operator - is Exists or DoesNotExist, the - values array must be empty. This - array is replaced during a strategic - merge patch. items: type: string type: array @@ -5841,161 +2352,27 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: "MatchLabelKeys is a set of pod - label keys to select the pods over which - spreading will be calculated. The keys are - used to lookup values from the incoming - pod labels, those key-value labels are ANDed - with labelSelector to select the group of - existing pods over which spreading will - be calculated for the incoming pod. The - same key is forbidden to exist in both MatchLabelKeys - and LabelSelector. MatchLabelKeys cannot - be set when LabelSelector isn't set. Keys - that don't exist in the incoming pod labels - will be ignored. A null or empty list means - only match against labelSelector. \n This - is a beta field and requires the MatchLabelKeysInPodTopologySpread - feature gate to be enabled (enabled by default)." items: type: string type: array x-kubernetes-list-type: atomic maxSkew: - description: 'MaxSkew describes the degree - to which pods may be unevenly distributed. - When `whenUnsatisfiable=DoNotSchedule`, - it is the maximum permitted difference between - the number of matching pods in the target - topology and the global minimum. The global - minimum is the minimum number of matching - pods in an eligible domain or zero if the - number of eligible domains is less than - MinDomains. For example, in a 3-zone cluster, - MaxSkew is set to 1, and pods with the same - labelSelector spread as 2/2/1: In this case, - the global minimum is 1. | zone1 | zone2 - | zone3 | | P P | P P | P | - if - MaxSkew is 1, incoming pod can only be scheduled - to zone3 to become 2/2/2; scheduling it - onto zone1(zone2) would make the ActualSkew(3-1) - on zone1(zone2) violate MaxSkew(1). - if - MaxSkew is 2, incoming pod can be scheduled - onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, - it is used to give higher precedence to - topologies that satisfy it. It''s a required - field. Default value is 1 and 0 is not allowed.' format: int32 type: integer minDomains: - description: "MinDomains indicates a minimum - number of eligible domains. When the number - of eligible domains with matching topology - keys is less than minDomains, Pod Topology - Spread treats \"global minimum\" as 0, and - then the calculation of Skew is performed. - And when the number of eligible domains - with matching topology keys equals or greater - than minDomains, this value has no effect - on scheduling. As a result, when the number - of eligible domains is less than minDomains, - scheduler won't schedule more than maxSkew - Pods to those domains. If value is nil, - the constraint behaves as if MinDomains - is equal to 1. Valid values are integers - greater than 0. When value is not nil, WhenUnsatisfiable - must be DoNotSchedule. \n For example, in - a 3-zone cluster, MaxSkew is set to 2, MinDomains - is set to 5 and pods with the same labelSelector - spread as 2/2/2: | zone1 | zone2 | zone3 - | | P P | P P | P P | The number of - domains is less than 5(MinDomains), so \"global - minimum\" is treated as 0. In this situation, - new pod with the same labelSelector cannot - be scheduled, because computed skew will - be 3(3 - 0) if new Pod is scheduled to any - of the three zones, it will violate MaxSkew." format: int32 type: integer nodeAffinityPolicy: - description: "NodeAffinityPolicy indicates - how we will treat Pod's nodeAffinity/nodeSelector - when calculating pod topology spread skew. - Options are: - Honor: only nodes matching - nodeAffinity/nodeSelector are included in - the calculations. - Ignore: nodeAffinity/nodeSelector - are ignored. All nodes are included in the - calculations. \n If this value is nil, the - behavior is equivalent to the Honor policy. - This is a beta-level feature default enabled - by the NodeInclusionPolicyInPodTopologySpread - feature flag." type: string nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates how - we will treat node taints when calculating - pod topology spread skew. Options are: - - Honor: nodes without taints, along with - tainted nodes for which the incoming pod - has a toleration, are included. - Ignore: - node taints are ignored. All nodes are included. - \n If this value is nil, the behavior is - equivalent to the Ignore policy. This is - a beta-level feature default enabled by - the NodeInclusionPolicyInPodTopologySpread - feature flag." type: string topologyKey: - description: TopologyKey is the key of node - labels. Nodes that have a label with this - key and identical values are considered - to be in the same topology. We consider - each as a "bucket", and try - to put balanced number of pods into each - bucket. We define a domain as a particular - instance of a topology. Also, we define - an eligible domain as a domain whose nodes - meet the requirements of nodeAffinityPolicy - and nodeTaintsPolicy. e.g. If TopologyKey - is "kubernetes.io/hostname", each Node is - a domain of that topology. And, if TopologyKey - is "topology.kubernetes.io/zone", each zone - is a domain of that topology. It's a required - field. type: string whenUnsatisfiable: - description: 'WhenUnsatisfiable indicates - how to deal with a pod if it doesn''t satisfy - the spread constraint. - DoNotSchedule (default) - tells the scheduler not to schedule it. - - ScheduleAnyway tells the scheduler to - schedule the pod in any location, but giving - higher precedence to topologies that would - help reduce the skew. A constraint is considered - "Unsatisfiable" for an incoming pod if and - only if every possible node assignment for - that pod would violate "MaxSkew" on some - topology. For example, in a 3-zone cluster, - MaxSkew is set to 1, and pods with the same - labelSelector spread as 3/1/1: | zone1 | - zone2 | zone3 | | P P P | P | P | - If WhenUnsatisfiable is set to DoNotSchedule, - incoming pod can only be scheduled to zone2(zone3) - to become 3/2/1(3/1/2) as ActualSkew(2-1) - on zone2(zone3) satisfies MaxSkew(1). In - other words, the cluster can still be imbalanced, - but scheduler won''t make it *more* imbalanced. - It''s a required field.' type: string required: - maxSkew @@ -6008,70 +2385,21 @@ spec: - whenUnsatisfiable x-kubernetes-list-type: map volumeMounts: - description: Pod volumes to mount into the container's - filesystem. Cannot be updated. items: - description: VolumeMount describes a mounting - of a Volume within a container. properties: mountPath: - description: Path within the container at - which the volume should be mounted. Must - not contain ':'. type: string mountPropagation: - description: mountPropagation determines how - mounts are propagated from the host to container - and the other way around. When not set, - MountPropagationNone is used. This field - is beta in 1.10. When RecursiveReadOnly - is set to IfPossible or to Enabled, MountPropagation - must be None or unspecified (which defaults - to None). type: string name: - description: This must match the Name of a - Volume. type: string readOnly: - description: Mounted read-only if true, read-write - otherwise (false or unspecified). Defaults - to false. type: boolean recursiveReadOnly: - description: "RecursiveReadOnly specifies - whether read-only mounts should be handled - recursively. \n If ReadOnly is false, this - field has no meaning and must be unspecified. - \n If ReadOnly is true, and this field is - set to Disabled, the mount is not made recursively - read-only. If this field is set to IfPossible, - the mount is made recursively read-only, - if it is supported by the container runtime. - \ If this field is set to Enabled, the mount - is made recursively read-only if it is supported - by the container runtime, otherwise the - pod will not be started and an error will - be generated to indicate the reason. \n - If this field is set to IfPossible or Enabled, - MountPropagation must be set to None (or - be unspecified, which defaults to None). - \n If this field is not specified, it is - treated as an equivalent of Disabled." type: string subPath: - description: Path within the volume from which - the container's volume should be mounted. - Defaults to "" (volume's root). type: string subPathExpr: - description: Expanded path within the volume - from which the container's volume should - be mounted. Behaves similarly to SubPath - but environment variable references $(VAR_NAME) - are expanded using the container's environment. - Defaults to "" (volume's root). SubPathExpr - and SubPath are mutually exclusive. type: string required: - mountPath @@ -6079,291 +2407,109 @@ spec: type: object type: array volumes: - description: 'List of volumes that can be mounted - by containers belonging to the pod. More info: - https://kubernetes.io/docs/concepts/storage/volumes' items: - description: Volume represents a named volume - in a pod that may be accessed by any container - in the pod. properties: awsElasticBlockStore: - description: 'awsElasticBlockStore represents - an AWS Disk resource that is attached to - a kubelet''s host machine and then exposed - to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' properties: fsType: - description: 'fsType is the filesystem - type of the volume that you want to - mount. Tip: Ensure that the filesystem - type is supported by the host operating - system. Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if - unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the - filesystem from compromising the machine' type: string partition: - description: 'partition is the partition - in the volume that you want to mount. - If omitted, the default is to mount - by volume name. Examples: For volume - /dev/sda1, you specify the partition - as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can leave - the property empty).' format: int32 type: integer readOnly: - description: 'readOnly value true will - force the readOnly setting in VolumeMounts. - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: boolean volumeID: - description: 'volumeID is unique ID of - the persistent disk resource in AWS - (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: string required: - volumeID type: object azureDisk: - description: azureDisk represents an Azure - Data Disk mount on the host and bind mount - to the pod. properties: cachingMode: - description: 'cachingMode is the Host - Caching mode: None, Read Only, Read - Write.' type: string diskName: - description: diskName is the Name of the - data disk in the blob storage type: string diskURI: - description: diskURI is the URI of data - disk in the blob storage type: string fsType: - description: fsType is Filesystem type - to mount. Must be a filesystem type - supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. type: string kind: - description: 'kind expected values are - Shared: multiple blob disks per storage - account Dedicated: single blob disk - per storage account Managed: azure - managed data disk (only in managed availability - set). defaults to shared' type: string readOnly: - description: readOnly Defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. type: boolean required: - diskName - diskURI type: object azureFile: - description: azureFile represents an Azure - File Service mount on the host and bind - mount to the pod. properties: readOnly: - description: readOnly defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. type: boolean secretName: - description: secretName is the name of - secret that contains Azure Storage Account - Name and Key type: string shareName: - description: shareName is the azure share - Name type: string required: - secretName - shareName type: object cephfs: - description: cephFS represents a Ceph FS mount - on the host that shares a pod's lifetime properties: monitors: - description: 'monitors is Required: Monitors - is a collection of Ceph monitors More - info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' items: type: string type: array x-kubernetes-list-type: atomic path: - description: 'path is Optional: Used as - the mounted root, rather than the full - Ceph tree, default is /' type: string readOnly: - description: 'readOnly is Optional: Defaults - to false (read/write). ReadOnly here - will force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: boolean secretFile: - description: 'secretFile is Optional: - SecretFile is the path to key ring for - User, default is /etc/ceph/user.secret - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string secretRef: - description: 'secretRef is Optional: SecretRef - is reference to the authentication secret - for User, default is empty. More info: - https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is optional: User is - the rados user name, default is admin - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string required: - monitors type: object cinder: - description: 'cinder represents a cinder volume - attached and mounted on kubelets host machine. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' properties: fsType: - description: 'fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if - unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string readOnly: - description: 'readOnly defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: boolean secretRef: - description: 'secretRef is optional: points - to a secret object containing parameters - used to connect to OpenStack.' properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic volumeID: - description: 'volumeID used to identify - the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string required: - volumeID type: object configMap: - description: configMap represents a configMap - that should populate this volume properties: defaultMode: - description: 'defaultMode is optional: - mode bits used to set permissions on - created files by default. Must be an - octal value between 0000 and 0777 or - a decimal value between 0 and 511. YAML - accepts both octal and decimal values, - JSON requires decimal values for mode - bits. Defaults to 0644. Directories - within the path are not affected by - this setting. This might be in conflict - with other options that affect the file - mode, like fsGroup, and the result can - be other mode bits set.' format: int32 type: integer items: - description: items if unspecified, each - key-value pair in the Data field of - the referenced ConfigMap will be projected - into the volume as a file whose name - is the key and content is the value. - If specified, the listed keys will be - projected into the specified paths, - and unlisted keys will not be present. - If a key is specified which is not present - in the ConfigMap, the volume setup will - error unless it is marked optional. - Paths must be relative and may not contain - the '..' path or start with '..'. items: - description: Maps a string key to a - path within a volume. properties: key: - description: key is the key to project. type: string mode: - description: 'mode is Optional: - mode bits used to set permissions - on this file. Must be an octal - value between 0000 and 0777 or - a decimal value between 0 and - 511. YAML accepts both octal and - decimal values, JSON requires - decimal values for mode bits. - If not specified, the volume defaultMode - will be used. This might be in - conflict with other options that - affect the file mode, like fsGroup, - and the result can be other mode - bits set.' format: int32 type: integer path: - description: path is the relative - path of the file to map the key - to. May not be an absolute path. - May not contain the path element - '..'. May not start with the string - '..'. type: string required: - key @@ -6373,185 +2519,67 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of the referent. This - field is effectively required, but due - to backwards compatibility is allowed - to be empty. Instances of this type - with an empty value here are almost - certainly wrong. TODO: Add other useful - fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional specify whether - the ConfigMap or its keys must be defined type: boolean type: object x-kubernetes-map-type: atomic csi: - description: csi (Container Storage Interface) - represents ephemeral storage that is handled - by certain external CSI drivers (Beta feature). properties: driver: - description: driver is the name of the - CSI driver that handles this volume. - Consult with your admin for the correct - name as registered in the cluster. type: string fsType: - description: fsType to mount. Ex. "ext4", - "xfs", "ntfs". If not provided, the - empty value is passed to the associated - CSI driver which will determine the - default filesystem to apply. type: string nodePublishSecretRef: - description: nodePublishSecretRef is a - reference to the secret object containing - sensitive information to pass to the - CSI driver to complete the CSI NodePublishVolume - and NodeUnpublishVolume calls. This - field is optional, and may be empty - if no secret is required. If the secret - object contains more than one secret, - all secret references are passed. properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic readOnly: - description: readOnly specifies a read-only - configuration for the volume. Defaults - to false (read/write). type: boolean volumeAttributes: additionalProperties: type: string - description: volumeAttributes stores driver-specific - properties that are passed to the CSI - driver. Consult your driver's documentation - for supported values. type: object required: - driver type: object downwardAPI: - description: downwardAPI represents downward - API about the pod that should populate this - volume properties: defaultMode: - description: 'Optional: mode bits to use - on created files by default. Must be - a Optional: mode bits used to set permissions - on created files by default. Must be - an octal value between 0000 and 0777 - or a decimal value between 0 and 511. - YAML accepts both octal and decimal - values, JSON requires decimal values - for mode bits. Defaults to 0644. Directories - within the path are not affected by - this setting. This might be in conflict - with other options that affect the file - mode, like fsGroup, and the result can - be other mode bits set.' format: int32 type: integer items: - description: Items is a list of downward - API volume file items: - description: DownwardAPIVolumeFile represents - information to create the file containing - the pod field properties: fieldRef: - description: 'Required: Selects - a field of the pod: only annotations, - labels, name, namespace and uid - are supported.' properties: apiVersion: - description: Version of the - schema the FieldPath is written - in terms of, defaults to "v1". type: string fieldPath: - description: Path of the field - to select in the specified - API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: mode bits - used to set permissions on this - file, must be an octal value between - 0000 and 0777 or a decimal value - between 0 and 511. YAML accepts - both octal and decimal values, - JSON requires decimal values for - mode bits. If not specified, the - volume defaultMode will be used. - This might be in conflict with - other options that affect the - file mode, like fsGroup, and the - result can be other mode bits - set.' format: int32 type: integer path: - description: 'Required: Path is the - relative path name of the file - to be created. Must not be absolute - or contain the ''..'' path. Must - be utf-8 encoded. The first item - of the relative path must not - start with ''..''' type: string resourceFieldRef: - description: 'Selects a resource - of the container: only resources - limits and requests (limits.cpu, - limits.memory, requests.cpu and - requests.memory) are currently - supported.' properties: containerName: - description: 'Container name: - required for volumes, optional - for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output - format of the exposed resources, - defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource - to select' type: string required: - resource @@ -6564,232 +2592,50 @@ spec: x-kubernetes-list-type: atomic type: object emptyDir: - description: 'emptyDir represents a temporary - directory that shares a pod''s lifetime. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' properties: medium: - description: 'medium represents what type - of storage medium should back this directory. - The default is "" which means to use - the node''s default medium. Must be - an empty string (default) or Memory. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: anyOf: - type: integer - type: string - description: 'sizeLimit is the total amount - of local storage required for this EmptyDir - volume. The size limit is also applicable - for memory medium. The maximum usage - on memory medium EmptyDir would be the - minimum value between the SizeLimit - specified here and the sum of memory - limits of all containers in a pod. The - default is nil which means that the - limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object ephemeral: - description: "ephemeral represents a volume - that is handled by a cluster storage driver. - The volume's lifecycle is tied to the pod - that defines it - it will be created before - the pod starts, and deleted when the pod - is removed. \n Use this if: a) the volume - is only needed while the pod runs, b) features - of normal volumes like restoring from snapshot - or capacity tracking are needed, c) the - storage driver is specified through a storage - class, and d) the storage driver supports - dynamic volume provisioning through a PersistentVolumeClaim - (see EphemeralVolumeSource for more information - on the connection between this volume type - and PersistentVolumeClaim). \n Use PersistentVolumeClaim - or one of the vendor-specific APIs for volumes - that persist for longer than the lifecycle - of an individual pod. \n Use CSI for light-weight - local ephemeral volumes if the CSI driver - is meant to be used that way - see the documentation - of the driver for more information. \n A - pod can use both types of ephemeral volumes - and persistent volumes at the same time." properties: volumeClaimTemplate: - description: "Will be used to create a - stand-alone PVC to provision the volume. - The pod in which this EphemeralVolumeSource - is embedded will be the owner of the - PVC, i.e. the PVC will be deleted together - with the pod. The name of the PVC will - be `-` where - `` is the name from the - `PodSpec.Volumes` array entry. Pod validation - will reject the pod if the concatenated - name is not valid for a PVC (for example, - too long). \n An existing PVC with that - name that is not owned by the pod will - *not* be used for the pod to avoid using - an unrelated volume by mistake. Starting - the pod is then blocked until the unrelated - PVC is removed. If such a pre-created - PVC is meant to be used by the pod, - the PVC has to updated with an owner - reference to the pod once the pod exists. - Normally this should not be necessary, - but it may be useful when manually reconstructing - a broken cluster. \n This field is read-only - and no changes will be made by Kubernetes - to the PVC after it has been created. - \n Required, must not be nil." properties: metadata: - description: May contain labels and - annotations that will be copied - into the PVC when creating it. No - other fields are allowed and will - be rejected during validation. properties: annotations: additionalProperties: type: string - description: 'Annotations is an - unstructured key value map stored - with a resource that may be - set by external tools to store - and retrieve arbitrary metadata. - They are not queryable and should - be preserved when modifying - objects. More info: http://kubernetes.io/docs/user-guide/annotations' type: object generateName: - description: "GenerateName is - an optional prefix, used by - the server, to generate a unique - name ONLY IF the Name field - has not been provided. If this - field is used, the name returned - to the client will be different - than the name passed. This value - will also be combined with a - unique suffix. The provided - value has the same validation - rules as the Name field, and - may be truncated by the length - of the suffix required to make - the value unique on the server. - \n If this field is specified - and the generated name exists, - the server will NOT return a - 409 - instead, it will either - return 201 Created or 500 with - Reason ServerTimeout indicating - a unique name could not be found - in the time allotted, and the - client should retry (optionally - after the time indicated in - the Retry-After header). \n - Applied only if Name is not - specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" type: string labels: additionalProperties: type: string - description: 'Map of string keys - and values that can be used - to organize and categorize (scope - and select) objects. May match - selectors of replication controllers - and services. More info: http://kubernetes.io/docs/user-guide/labels' type: object name: - description: 'Name must be unique - within a namespace. Is required - when creating resources, although - some resources may allow a client - to request the generation of - an appropriate name automatically. - Name is primarily intended for - creation idempotence and configuration - definition. Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' type: string namespace: - description: "Namespace defines - the space within each name must - be unique. An empty namespace - is equivalent to the \"default\" - namespace, but \"default\" is - the canonical representation. - Not all objects are required - to be scoped to a namespace - - the value of this field for - those objects will be empty. - \n Must be a DNS_LABEL. Cannot - be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" type: string ownerReferences: - description: List of objects depended - by this object. If ALL objects - in the list have been deleted, - this object will be garbage - collected. If this object is - managed by a controller, then - an entry in this list will point - to this controller, with the - controller field set to true. - There cannot be more than one - managing controller. items: - description: OwnerReference - contains enough information - to let you identify an owning - object. An owning object must - be in the same namespace as - the dependent, or be cluster-scoped, - so there is no namespace field. properties: apiVersion: - description: API version - of the referent. type: string blockOwnerDeletion: - description: If true, AND - if the owner has the "foregroundDeletion" - finalizer, then the owner - cannot be deleted from - the key-value store until - this reference is removed. - See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion - for how the garbage collector - interacts with this field - and enforces the foreground - deletion. Defaults to - false. To set this field, - a user needs "delete" - permission of the owner, - otherwise 422 (Unprocessable - Entity) will be returned. type: boolean controller: - description: If true, this - reference points to the - managing controller. type: boolean kind: - description: 'Kind of the - referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: - description: 'UID of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -6801,61 +2647,19 @@ spec: type: array type: object spec: - description: The specification for - the PersistentVolumeClaim. The entire - content is copied unchanged into - the PVC that gets created from this - template. The same fields as in - a PersistentVolumeClaim are also - valid here. properties: accessModes: - description: 'accessModes contains - the desired access modes the - volume should have. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array x-kubernetes-list-type: atomic dataSource: - description: 'dataSource field - can be used to specify either: - * An existing VolumeSnapshot - object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an external - controller can support the specified - data source, it will create - a new volume based on the contents - of the specified data source. - When the AnyVolumeDataSource - feature gate is enabled, dataSource - contents will be copied to dataSourceRef, - and dataSourceRef contents will - be copied to dataSource when - dataSourceRef.namespace is not - specified. If the namespace - is specified, then dataSourceRef - will not be copied to dataSource.' properties: apiGroup: - description: APIGroup is the - group for the resource being - referenced. If APIGroup - is not specified, the specified - Kind must be in the core - API group. For any other - third-party types, APIGroup - is required. type: string kind: - description: Kind is the type - of resource being referenced type: string name: - description: Name is the name - of resource being referenced type: string required: - kind @@ -6863,103 +2667,20 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef specifies - the object from which to populate - the volume with data, if a non-empty - volume is desired. This may - be any object from a non-empty - API group (non core object) - or a PersistentVolumeClaim object. - When this field is specified, - volume binding will only succeed - if the type of the specified - object matches some installed - volume populator or dynamic - provisioner. This field will - replace the functionality of - the dataSource field and as - such if both fields are non-empty, - they must have the same value. - For backwards compatibility, - when namespace isn''t specified - in dataSourceRef, both fields - (dataSource and dataSourceRef) - will be set to the same value - automatically if one of them - is empty and the other is non-empty. - When namespace is specified - in dataSourceRef, dataSource - isn''t set to the same value - and must be empty. There are - three important differences - between dataSource and dataSourceRef: - * While dataSource only allows - two specific types of objects, - dataSourceRef allows any non-core - object, as well as PersistentVolumeClaim - objects. * While dataSource - ignores disallowed values (dropping - them), dataSourceRef preserves - all values, and generates an - error if a disallowed value - is specified. * While dataSource - only allows local objects, dataSourceRef - allows objects in any namespaces. - (Beta) Using this field requires - the AnyVolumeDataSource feature - gate to be enabled. (Alpha) - Using the namespace field of - dataSourceRef requires the CrossNamespaceVolumeDataSource - feature gate to be enabled.' properties: apiGroup: - description: APIGroup is the - group for the resource being - referenced. If APIGroup - is not specified, the specified - Kind must be in the core - API group. For any other - third-party types, APIGroup - is required. type: string kind: - description: Kind is the type - of resource being referenced type: string name: - description: Name is the name - of resource being referenced type: string namespace: - description: Namespace is - the namespace of resource - being referenced Note that - when a namespace is specified, - a gateway.networking.k8s.io/ReferenceGrant - object is required in the - referent namespace to allow - that namespace's owner to - accept the reference. See - the ReferenceGrant documentation - for details. (Alpha) This - field requires the CrossNamespaceVolumeDataSource - feature gate to be enabled. type: string required: - kind - name type: object resources: - description: 'resources represents - the minimum resources the volume - should have. If RecoverVolumeExpansionFailure - feature is enabled users are - allowed to specify resource - requirements that are lower - than previous value but must - still be higher than capacity - recorded in the status field - of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: @@ -6968,10 +2689,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes - the maximum amount of compute - resources allowed. More - info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -6980,64 +2697,18 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes - the minimum amount of compute - resources required. If Requests - is omitted for a container, - it defaults to Limits if - that is explicitly specified, - otherwise to an implementation-defined - value. Requests cannot exceed - Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: - description: selector is a label - query over volumes to consider - for binding. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key and - values. properties: key: - description: key is - the label key that - the selector applies - to. type: string operator: - description: operator - represents a key's - relationship to a - set of values. Valid - operators are In, - NotIn, Exists and - DoesNotExist. type: string values: - description: values - is an array of string - values. If the operator - is In or NotIn, the - values array must - be non-empty. If the - operator is Exists - or DoesNotExist, the - values array must - be empty. This array - is replaced during - a strategic merge - patch. items: type: string type: array @@ -7051,68 +2722,16 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in - the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName - is the name of the StorageClass - required by the claim. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeAttributesClassName: - description: 'volumeAttributesClassName - may be used to set the VolumeAttributesClass - used by this claim. If specified, - the CSI driver will create or - update the volume with the attributes - defined in the corresponding - VolumeAttributesClass. This - has a different purpose than - storageClassName, it can be - changed after the claim is created. - An empty string value means - that no VolumeAttributesClass - will be applied to the claim - but it''s not allowed to reset - this field to empty string once - it is set. If unspecified and - the PersistentVolumeClaim is - unbound, the default VolumeAttributesClass - will be set by the persistentvolume - controller if it exists. If - the resource referred to by - volumeAttributesClass does not - exist, this PersistentVolumeClaim - will be set to a Pending state, - as reflected by the modifyVolumeStatus - field, until such as a resource - exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires - the VolumeAttributesClass feature - gate to be enabled.' type: string volumeMode: - description: volumeMode defines - what type of volume is required - by the claim. Value of Filesystem - is implied when not included - in claim spec. type: string volumeName: - description: volumeName is the - binding reference to the PersistentVolume - backing this claim. type: string type: object required: @@ -7120,98 +2739,41 @@ spec: type: object type: object fc: - description: fc represents a Fibre Channel - resource that is attached to a kubelet's - host machine and then exposed to the pod. properties: fsType: - description: 'fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. - TODO: how do we prevent errors in the - filesystem from compromising the machine' type: string lun: - description: 'lun is Optional: FC target - lun number' format: int32 type: integer readOnly: - description: 'readOnly is Optional: Defaults - to false (read/write). ReadOnly here - will force the ReadOnly setting in VolumeMounts.' type: boolean targetWWNs: - description: 'targetWWNs is Optional: - FC target worldwide names (WWNs)' items: type: string type: array x-kubernetes-list-type: atomic wwids: - description: 'wwids Optional: FC volume - world wide identifiers (wwids) Either - wwids or combination of targetWWNs and - lun must be set, but not both simultaneously.' items: type: string type: array x-kubernetes-list-type: atomic type: object flexVolume: - description: flexVolume represents a generic - volume resource that is provisioned/attached - using an exec based plugin. properties: driver: - description: driver is the name of the - driver to use for this volume. type: string fsType: - description: fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". The - default filesystem depends on FlexVolume - script. type: string options: additionalProperties: type: string - description: 'options is Optional: this - field holds extra command options if - any.' type: object readOnly: - description: 'readOnly is Optional: defaults - to false (read/write). ReadOnly here - will force the ReadOnly setting in VolumeMounts.' type: boolean secretRef: - description: 'secretRef is Optional: secretRef - is reference to the secret object containing - sensitive information to pass to the - plugin scripts. This may be empty if - no secret object is specified. If the - secret object contains more than one - secret, all secrets are passed to the - plugin scripts.' properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic @@ -7219,201 +2781,79 @@ spec: - driver type: object flocker: - description: flocker represents a Flocker - volume attached to a kubelet's host machine. - This depends on the Flocker control service - being running properties: datasetName: - description: datasetName is Name of the - dataset stored as metadata -> name on - the dataset for Flocker should be considered - as deprecated type: string datasetUUID: - description: datasetUUID is the UUID of - the dataset. This is unique identifier - of a Flocker dataset type: string type: object gcePersistentDisk: - description: 'gcePersistentDisk represents - a GCE Disk resource that is attached to - a kubelet''s host machine and then exposed - to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' properties: fsType: - description: 'fsType is filesystem type - of the volume that you want to mount. - Tip: Ensure that the filesystem type - is supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the - filesystem from compromising the machine' type: string partition: - description: 'partition is the partition - in the volume that you want to mount. - If omitted, the default is to mount - by volume name. Examples: For volume - /dev/sda1, you specify the partition - as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can leave - the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' format: int32 type: integer pdName: - description: 'pdName is unique name of - the PD resource in GCE. Used to identify - the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: string readOnly: - description: 'readOnly here will force - the ReadOnly setting in VolumeMounts. - Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: boolean required: - pdName type: object glusterfs: - description: 'glusterfs represents a Glusterfs - mount on the host that shares a pod''s lifetime. - More info: https://examples.k8s.io/volumes/glusterfs/README.md' properties: endpoints: - description: 'endpoints is the endpoint - name that details Glusterfs topology. - More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string path: - description: 'path is the Glusterfs volume - path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string readOnly: - description: 'readOnly here will force - the Glusterfs volume to be mounted with - read-only permissions. Defaults to false. - More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: boolean required: - endpoints - path type: object hostPath: - description: 'hostPath represents a pre-existing - file or directory on the host machine that - is directly exposed to the container. This - is generally used for system agents or other - privileged things that are allowed to see - the host machine. Most containers will NOT - need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict who - can use host directory mounts and who can/can - not mount host directories as read/write.' properties: path: - description: 'path of the directory on - the host. If the path is a symlink, - it will follow the link to the real - path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string type: - description: 'type for HostPath Volume - Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string required: - path type: object iscsi: - description: 'iscsi represents an ISCSI Disk - resource that is attached to a kubelet''s - host machine and then exposed to the pod. - More info: https://examples.k8s.io/volumes/iscsi/README.md' properties: chapAuthDiscovery: - description: chapAuthDiscovery defines - whether support iSCSI Discovery CHAP - authentication type: boolean chapAuthSession: - description: chapAuthSession defines whether - support iSCSI Session CHAP authentication type: boolean fsType: - description: 'fsType is the filesystem - type of the volume that you want to - mount. Tip: Ensure that the filesystem - type is supported by the host operating - system. Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if - unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the - filesystem from compromising the machine' type: string initiatorName: - description: initiatorName is the custom - iSCSI Initiator Name. If initiatorName - is specified with iscsiInterface simultaneously, - new iSCSI interface : will be created for the connection. type: string iqn: - description: iqn is the target iSCSI Qualified - Name. type: string iscsiInterface: - description: iscsiInterface is the interface - Name that uses an iSCSI transport. Defaults - to 'default' (tcp). type: string lun: - description: lun represents iSCSI Target - Lun number. format: int32 type: integer portals: - description: portals is the iSCSI Target - Portal List. The portal is either an - IP or ip_addr:port if the port is other - than default (typically TCP ports 860 - and 3260). items: type: string type: array x-kubernetes-list-type: atomic readOnly: - description: readOnly here will force - the ReadOnly setting in VolumeMounts. - Defaults to false. type: boolean secretRef: - description: secretRef is the CHAP Secret - for iSCSI target and initiator authentication properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic targetPortal: - description: targetPortal is iSCSI Target - Portal. The Portal is either an IP or - ip_addr:port if the port is other than - default (typically TCP ports 860 and - 3260). type: string required: - iqn @@ -7421,196 +2861,68 @@ spec: - targetPortal type: object name: - description: 'name of the volume. Must be - a DNS_LABEL and unique within the pod. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string nfs: - description: 'nfs represents an NFS mount - on the host that shares a pod''s lifetime - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' properties: path: - description: 'path that is exported by - the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string readOnly: - description: 'readOnly here will force - the NFS export to be mounted with read-only - permissions. Defaults to false. More - info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: boolean server: - description: 'server is the hostname or - IP address of the NFS server. More info: - https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string required: - path - server type: object persistentVolumeClaim: - description: 'persistentVolumeClaimVolumeSource - represents a reference to a PersistentVolumeClaim - in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: claimName: - description: 'claimName is the name of - a PersistentVolumeClaim in the same - namespace as the pod using this volume. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' type: string readOnly: - description: readOnly Will force the ReadOnly - setting in VolumeMounts. Default false. type: boolean required: - claimName type: object photonPersistentDisk: - description: photonPersistentDisk represents - a PhotonController persistent disk attached - and mounted on kubelets host machine properties: fsType: - description: fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. type: string pdID: - description: pdID is the ID that identifies - Photon Controller persistent disk type: string required: - pdID type: object portworxVolume: - description: portworxVolume represents a portworx - volume attached and mounted on kubelets - host machine properties: fsType: - description: fSType represents the filesystem - type to mount Must be a filesystem type - supported by the host operating system. - Ex. "ext4", "xfs". Implicitly inferred - to be "ext4" if unspecified. type: string readOnly: - description: readOnly defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. type: boolean volumeID: - description: volumeID uniquely identifies - a Portworx volume type: string required: - volumeID type: object projected: - description: projected items for all in one - resources secrets, configmaps, and downward - API properties: defaultMode: - description: defaultMode are the mode - bits used to set permissions on created - files by default. Must be an octal value - between 0000 and 0777 or a decimal value - between 0 and 511. YAML accepts both - octal and decimal values, JSON requires - decimal values for mode bits. Directories - within the path are not affected by - this setting. This might be in conflict - with other options that affect the file - mode, like fsGroup, and the result can - be other mode bits set. format: int32 type: integer sources: - description: sources is the list of volume - projections items: - description: Projection that may be - projected along with other supported - volume types properties: clusterTrustBundle: - description: "ClusterTrustBundle - allows a pod to access the `.spec.trustBundle` - field of ClusterTrustBundle objects - in an auto-updating file. \n Alpha, - gated by the ClusterTrustBundleProjection - feature gate. \n ClusterTrustBundle - objects can either be selected - by name, or by the combination - of signer name and a label selector. - \n Kubelet performs aggressive - normalization of the PEM contents - written into the pod filesystem. - \ Esoteric PEM features such as - inter-block comments and block - headers are stripped. Certificates - are deduplicated. The ordering - of certificates within the file - is arbitrary, and Kubelet may - change the order over time." properties: labelSelector: - description: Select all ClusterTrustBundles - that match this label selector. Only - has effect if signerName is - set. Mutually-exclusive with - name. If unset, interpreted - as "match nothing". If set - but empty, interpreted as - "match everything". properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key - and values. properties: key: - description: key is - the label key that - the selector applies - to. type: string operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values - is an array of string - values. If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. This - array is replaced - during a strategic - merge patch. items: type: string type: array @@ -7624,115 +2936,31 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an element - of matchExpressions, whose - key field is "key", the - operator is "In", and - the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic name: - description: Select a single - ClusterTrustBundle by object - name. Mutually-exclusive - with signerName and labelSelector. type: string optional: - description: If true, don't - block pod startup if the referenced - ClusterTrustBundle(s) aren't - available. If using name, - then the named ClusterTrustBundle - is allowed not to exist. If - using signerName, then the - combination of signerName - and labelSelector is allowed - to match zero ClusterTrustBundles. type: boolean path: - description: Relative path from - the volume root to write the - bundle. type: string signerName: - description: Select all ClusterTrustBundles - that match this signer name. - Mutually-exclusive with name. The - contents of all selected ClusterTrustBundles - will be unified and deduplicated. type: string required: - path type: object configMap: - description: configMap information - about the configMap data to project properties: items: - description: items if unspecified, - each key-value pair in the - Data field of the referenced - ConfigMap will be projected - into the volume as a file - whose name is the key and - content is the value. If specified, - the listed keys will be projected - into the specified paths, - and unlisted keys will not - be present. If a key is specified - which is not present in the - ConfigMap, the volume setup - will error unless it is marked - optional. Paths must be relative - and may not contain the '..' - path or start with '..'. items: - description: Maps a string - key to a path within a volume. properties: key: - description: key is the - key to project. type: string mode: - description: 'mode is - Optional: mode bits - used to set permissions - on this file. Must be - an octal value between - 0000 and 0777 or a decimal - value between 0 and - 511. YAML accepts both - octal and decimal values, - JSON requires decimal - values for mode bits. - If not specified, the - volume defaultMode will - be used. This might - be in conflict with - other options that affect - the file mode, like - fsGroup, and the result - can be other mode bits - set.' format: int32 type: integer path: - description: path is the - relative path of the - file to map the key - to. May not be an absolute - path. May not contain - the path element '..'. - May not start with the - string '..'. type: string required: - key @@ -7742,128 +2970,42 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of the referent. - This field is effectively - required, but due to backwards - compatibility is allowed to - be empty. Instances of this - type with an empty value here - are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional specify - whether the ConfigMap or its - keys must be defined type: boolean type: object x-kubernetes-map-type: atomic downwardAPI: - description: downwardAPI information - about the downwardAPI data to - project properties: items: - description: Items is a list - of DownwardAPIVolume file items: - description: DownwardAPIVolumeFile - represents information to - create the file containing - the pod field properties: fieldRef: - description: 'Required: - Selects a field of the - pod: only annotations, - labels, name, namespace - and uid are supported.' properties: apiVersion: - description: Version - of the schema the - FieldPath is written - in terms of, defaults - to "v1". type: string fieldPath: - description: Path - of the field to - select in the specified - API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: - mode bits used to set - permissions on this - file, must be an octal - value between 0000 and - 0777 or a decimal value - between 0 and 511. YAML - accepts both octal and - decimal values, JSON - requires decimal values - for mode bits. If not - specified, the volume - defaultMode will be - used. This might be - in conflict with other - options that affect - the file mode, like - fsGroup, and the result - can be other mode bits - set.' format: int32 type: integer path: - description: 'Required: - Path is the relative - path name of the file - to be created. Must - not be absolute or contain - the ''..'' path. Must - be utf-8 encoded. The - first item of the relative - path must not start - with ''..''' type: string resourceFieldRef: - description: 'Selects - a resource of the container: - only resources limits - and requests (limits.cpu, - limits.memory, requests.cpu - and requests.memory) - are currently supported.' properties: containerName: - description: 'Container - name: required for - volumes, optional - for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies - the output format - of the exposed resources, - defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: - resource to select' type: string required: - resource @@ -7876,67 +3018,16 @@ spec: x-kubernetes-list-type: atomic type: object secret: - description: secret information - about the secret data to project properties: items: - description: items if unspecified, - each key-value pair in the - Data field of the referenced - Secret will be projected into - the volume as a file whose - name is the key and content - is the value. If specified, - the listed keys will be projected - into the specified paths, - and unlisted keys will not - be present. If a key is specified - which is not present in the - Secret, the volume setup will - error unless it is marked - optional. Paths must be relative - and may not contain the '..' - path or start with '..'. items: - description: Maps a string - key to a path within a volume. properties: key: - description: key is the - key to project. type: string mode: - description: 'mode is - Optional: mode bits - used to set permissions - on this file. Must be - an octal value between - 0000 and 0777 or a decimal - value between 0 and - 511. YAML accepts both - octal and decimal values, - JSON requires decimal - values for mode bits. - If not specified, the - volume defaultMode will - be used. This might - be in conflict with - other options that affect - the file mode, like - fsGroup, and the result - can be other mode bits - set.' format: int32 type: integer path: - description: path is the - relative path of the - file to map the key - to. May not be an absolute - path. May not contain - the path element '..'. - May not start with the - string '..'. type: string required: - key @@ -7946,66 +3037,19 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of the referent. - This field is effectively - required, but due to backwards - compatibility is allowed to - be empty. Instances of this - type with an empty value here - are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional field - specify whether the Secret - or its key must be defined type: boolean type: object x-kubernetes-map-type: atomic serviceAccountToken: - description: serviceAccountToken - is information about the serviceAccountToken - data to project properties: audience: - description: audience is the - intended audience of the token. - A recipient of a token must - identify itself with an identifier - specified in the audience - of the token, and otherwise - should reject the token. The - audience defaults to the identifier - of the apiserver. type: string expirationSeconds: - description: expirationSeconds - is the requested duration - of validity of the service - account token. As the token - approaches expiration, the - kubelet volume plugin will - proactively rotate the service - account token. The kubelet - will start trying to rotate - the token if the token is - older than 80 percent of its - time to live or if the token - is older than 24 hours.Defaults - to 1 hour and must be at least - 10 minutes. format: int64 type: integer path: - description: path is the path - relative to the mount point - of the file to project the - token into. type: string required: - path @@ -8015,188 +3059,79 @@ spec: x-kubernetes-list-type: atomic type: object quobyte: - description: quobyte represents a Quobyte - mount on the host that shares a pod's lifetime properties: group: - description: group to map volume access - to Default is no group type: string readOnly: - description: readOnly here will force - the Quobyte volume to be mounted with - read-only permissions. Defaults to false. type: boolean registry: - description: registry represents a single - or multiple Quobyte Registry services - specified as a string as host:port pair - (multiple entries are separated with - commas) which acts as the central registry - for volumes type: string tenant: - description: tenant owning the given Quobyte - volume in the Backend Used with dynamically - provisioned Quobyte volumes, value is - set by the plugin type: string user: - description: user to map volume access - to Defaults to serivceaccount user type: string volume: - description: volume is a string that references - an already created Quobyte volume by - name. type: string required: - registry - volume type: object rbd: - description: 'rbd represents a Rados Block - Device mount on the host that shares a pod''s - lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' properties: fsType: - description: 'fsType is the filesystem - type of the volume that you want to - mount. Tip: Ensure that the filesystem - type is supported by the host operating - system. Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if - unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the - filesystem from compromising the machine' type: string image: - description: 'image is the rados image - name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string keyring: - description: 'keyring is the path to key - ring for RBDUser. Default is /etc/ceph/keyring. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string monitors: - description: 'monitors is a collection - of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' items: type: string type: array x-kubernetes-list-type: atomic pool: - description: 'pool is the rados pool name. - Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string readOnly: - description: 'readOnly here will force - the ReadOnly setting in VolumeMounts. - Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: boolean secretRef: - description: 'secretRef is name of the - authentication secret for RBDUser. If - provided overrides keyring. Default - is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is the rados user name. - Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string required: - image - monitors type: object scaleIO: - description: scaleIO represents a ScaleIO - persistent volume attached and mounted on - Kubernetes nodes. properties: fsType: - description: fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". Default - is "xfs". type: string gateway: - description: gateway is the host address - of the ScaleIO API Gateway. type: string protectionDomain: - description: protectionDomain is the name - of the ScaleIO Protection Domain for - the configured storage. type: string readOnly: - description: readOnly Defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: secretRef references to the - secret for ScaleIO user and other sensitive - information. If this is not provided, - Login operation will fail. properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic sslEnabled: - description: sslEnabled Flag enable/disable - SSL communication with Gateway, default - false type: boolean storageMode: - description: storageMode indicates whether - the storage for a volume should be ThickProvisioned - or ThinProvisioned. Default is ThinProvisioned. type: string storagePool: - description: storagePool is the ScaleIO - Storage Pool associated with the protection - domain. type: string system: - description: system is the name of the - storage system as configured in ScaleIO. type: string volumeName: - description: volumeName is the name of - a volume already created in the ScaleIO - system that is associated with this - volume source. type: string required: - gateway @@ -8204,71 +3139,19 @@ spec: - system type: object secret: - description: 'secret represents a secret that - should populate this volume. More info: - https://kubernetes.io/docs/concepts/storage/volumes#secret' properties: defaultMode: - description: 'defaultMode is Optional: - mode bits used to set permissions on - created files by default. Must be an - octal value between 0000 and 0777 or - a decimal value between 0 and 511. YAML - accepts both octal and decimal values, - JSON requires decimal values for mode - bits. Defaults to 0644. Directories - within the path are not affected by - this setting. This might be in conflict - with other options that affect the file - mode, like fsGroup, and the result can - be other mode bits set.' format: int32 type: integer items: - description: items If unspecified, each - key-value pair in the Data field of - the referenced Secret will be projected - into the volume as a file whose name - is the key and content is the value. - If specified, the listed keys will be - projected into the specified paths, - and unlisted keys will not be present. - If a key is specified which is not present - in the Secret, the volume setup will - error unless it is marked optional. - Paths must be relative and may not contain - the '..' path or start with '..'. items: - description: Maps a string key to a - path within a volume. properties: key: - description: key is the key to project. type: string mode: - description: 'mode is Optional: - mode bits used to set permissions - on this file. Must be an octal - value between 0000 and 0777 or - a decimal value between 0 and - 511. YAML accepts both octal and - decimal values, JSON requires - decimal values for mode bits. - If not specified, the volume defaultMode - will be used. This might be in - conflict with other options that - affect the file mode, like fsGroup, - and the result can be other mode - bits set.' format: int32 type: integer path: - description: path is the relative - path of the file to map the key - to. May not be an absolute path. - May not contain the path element - '..'. May not start with the string - '..'. type: string required: - key @@ -8277,98 +3160,37 @@ spec: type: array x-kubernetes-list-type: atomic optional: - description: optional field specify whether - the Secret or its keys must be defined type: boolean secretName: - description: 'secretName is the name of - the secret in the pod''s namespace to - use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' type: string type: object storageos: - description: storageOS represents a StorageOS - volume attached and mounted on Kubernetes - nodes. properties: fsType: - description: fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. type: string readOnly: - description: readOnly defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: secretRef specifies the secret - to use for obtaining the StorageOS API - credentials. If not specified, default - values will be attempted. properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic volumeName: - description: volumeName is the human-readable - name of the StorageOS volume. Volume - names are only unique within a namespace. type: string volumeNamespace: - description: volumeNamespace specifies - the scope of the volume within StorageOS. If - no namespace is specified then the Pod's - namespace will be used. This allows - the Kubernetes name scoping to be mirrored - within StorageOS for tighter integration. - Set VolumeName to any name to override - the default behaviour. Set to "default" - if you are not using namespaces within - StorageOS. Namespaces that do not pre-exist - within StorageOS will be created. type: string type: object vsphereVolume: - description: vsphereVolume represents a vSphere - volume attached and mounted on kubelets - host machine properties: fsType: - description: fsType is filesystem type - to mount. Must be a filesystem type - supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. type: string storagePolicyID: - description: storagePolicyID is the storage - Policy Based Management (SPBM) profile - ID associated with the StoragePolicyName. type: string storagePolicyName: - description: storagePolicyName is the - storage Policy Based Management (SPBM) - profile name. type: string volumePath: - description: volumePath is the path that - identifies vSphere volume vmdk type: string required: - volumePath @@ -8380,319 +3202,118 @@ spec: type: object type: object name: - description: Name specifies the name of the addon that will - be used for the backup/restore purpose type: string tasks: - description: Tasks specifies a list of backup/restore tasks - and their configuration parameters items: - description: TaskReference specifies a task and its configuration - parameters properties: addonVolumes: - description: AddonVolumes lets you overwrite the volume - sources used in the VolumeTemplate section of Addon. - Make sure that name of your volume matches with - the name of the volume you want to overwrite. items: - description: AddonVolumeInfo specifies the name - and the source of volume properties: name: - description: Name specifies the name of the - volume type: string source: - description: Source specifies the source of - this volume. properties: awsElasticBlockStore: - description: 'awsElasticBlockStore represents - an AWS Disk resource that is attached - to a kubelet''s host machine and then - exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' properties: fsType: - description: 'fsType is the filesystem - type of the volume that you want to - mount. Tip: Ensure that the filesystem - type is supported by the host operating - system. Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if - unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in - the filesystem from compromising the - machine' type: string partition: - description: 'partition is the partition - in the volume that you want to mount. - If omitted, the default is to mount - by volume name. Examples: For volume - /dev/sda1, you specify the partition - as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can leave - the property empty).' format: int32 type: integer readOnly: - description: 'readOnly value true will - force the readOnly setting in VolumeMounts. - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: boolean volumeID: - description: 'volumeID is unique ID - of the persistent disk resource in - AWS (Amazon EBS volume). More info: - https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: string required: - volumeID type: object azureDisk: - description: azureDisk represents an Azure - Data Disk mount on the host and bind mount - to the pod. properties: cachingMode: - description: 'cachingMode is the Host - Caching mode: None, Read Only, Read - Write.' type: string diskName: - description: diskName is the Name of - the data disk in the blob storage type: string diskURI: - description: diskURI is the URI of data - disk in the blob storage type: string fsType: - description: fsType is Filesystem type - to mount. Must be a filesystem type - supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. type: string kind: - description: 'kind expected values are - Shared: multiple blob disks per storage - account Dedicated: single blob disk - per storage account Managed: azure - managed data disk (only in managed - availability set). defaults to shared' type: string readOnly: - description: readOnly Defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. type: boolean required: - diskName - diskURI type: object azureFile: - description: azureFile represents an Azure - File Service mount on the host and bind - mount to the pod. properties: readOnly: - description: readOnly defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. type: boolean secretName: - description: secretName is the name - of secret that contains Azure Storage - Account Name and Key type: string shareName: - description: shareName is the azure - share Name type: string required: - secretName - shareName type: object cephfs: - description: cephFS represents a Ceph FS - mount on the host that shares a pod's - lifetime properties: monitors: - description: 'monitors is Required: - Monitors is a collection of Ceph monitors - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' items: type: string type: array x-kubernetes-list-type: atomic path: - description: 'path is Optional: Used - as the mounted root, rather than the - full Ceph tree, default is /' type: string readOnly: - description: 'readOnly is Optional: - Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting - in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: boolean secretFile: - description: 'secretFile is Optional: - SecretFile is the path to key ring - for User, default is /etc/ceph/user.secret - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string secretRef: - description: 'secretRef is Optional: - SecretRef is reference to the authentication - secret for User, default is empty. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is optional: User - is the rados user name, default is - admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string required: - monitors type: object cinder: - description: 'cinder represents a cinder - volume attached and mounted on kubelets - host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' properties: fsType: - description: 'fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if - unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string readOnly: - description: 'readOnly defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: boolean secretRef: - description: 'secretRef is optional: - points to a secret object containing - parameters used to connect to OpenStack.' properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic volumeID: - description: 'volumeID used to identify - the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string required: - volumeID type: object configMap: - description: configMap represents a configMap - that should populate this volume properties: defaultMode: - description: 'defaultMode is optional: - mode bits used to set permissions - on created files by default. Must - be an octal value between 0000 and - 0777 or a decimal value between 0 - and 511. YAML accepts both octal and - decimal values, JSON requires decimal - values for mode bits. Defaults to - 0644. Directories within the path - are not affected by this setting. - This might be in conflict with other - options that affect the file mode, - like fsGroup, and the result can be - other mode bits set.' format: int32 type: integer items: - description: items if unspecified, each - key-value pair in the Data field of - the referenced ConfigMap will be projected - into the volume as a file whose name - is the key and content is the value. - If specified, the listed keys will - be projected into the specified paths, - and unlisted keys will not be present. - If a key is specified which is not - present in the ConfigMap, the volume - setup will error unless it is marked - optional. Paths must be relative and - may not contain the '..' path or start - with '..'. items: - description: Maps a string key to - a path within a volume. properties: key: - description: key is the key to - project. type: string mode: - description: 'mode is Optional: - mode bits used to set permissions - on this file. Must be an octal - value between 0000 and 0777 - or a decimal value between 0 - and 511. YAML accepts both octal - and decimal values, JSON requires - decimal values for mode bits. - If not specified, the volume - defaultMode will be used. This - might be in conflict with other - options that affect the file - mode, like fsGroup, and the - result can be other mode bits - set.' format: int32 type: integer path: - description: path is the relative - path of the file to map the - key to. May not be an absolute - path. May not contain the path - element '..'. May not start - with the string '..'. type: string required: - key @@ -8702,191 +3323,67 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value here - are almost certainly wrong. TODO: - Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional specify whether - the ConfigMap or its keys must be - defined type: boolean type: object x-kubernetes-map-type: atomic csi: - description: csi (Container Storage Interface) - represents ephemeral storage that is handled - by certain external CSI drivers (Beta - feature). properties: driver: - description: driver is the name of the - CSI driver that handles this volume. - Consult with your admin for the correct - name as registered in the cluster. type: string fsType: - description: fsType to mount. Ex. "ext4", - "xfs", "ntfs". If not provided, the - empty value is passed to the associated - CSI driver which will determine the - default filesystem to apply. type: string nodePublishSecretRef: - description: nodePublishSecretRef is - a reference to the secret object containing - sensitive information to pass to the - CSI driver to complete the CSI NodePublishVolume - and NodeUnpublishVolume calls. This - field is optional, and may be empty - if no secret is required. If the secret - object contains more than one secret, - all secret references are passed. properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic readOnly: - description: readOnly specifies a read-only - configuration for the volume. Defaults - to false (read/write). type: boolean volumeAttributes: additionalProperties: type: string - description: volumeAttributes stores - driver-specific properties that are - passed to the CSI driver. Consult - your driver's documentation for supported - values. type: object required: - driver type: object downwardAPI: - description: downwardAPI represents downward - API about the pod that should populate - this volume properties: defaultMode: - description: 'Optional: mode bits to - use on created files by default. Must - be a Optional: mode bits used to set - permissions on created files by default. - Must be an octal value between 0000 - and 0777 or a decimal value between - 0 and 511. YAML accepts both octal - and decimal values, JSON requires - decimal values for mode bits. Defaults - to 0644. Directories within the path - are not affected by this setting. - This might be in conflict with other - options that affect the file mode, - like fsGroup, and the result can be - other mode bits set.' format: int32 type: integer items: - description: Items is a list of downward - API volume file items: - description: DownwardAPIVolumeFile - represents information to create - the file containing the pod field properties: fieldRef: - description: 'Required: Selects - a field of the pod: only annotations, - labels, name, namespace and - uid are supported.' properties: apiVersion: - description: Version of the - schema the FieldPath is - written in terms of, defaults - to "v1". type: string fieldPath: - description: Path of the field - to select in the specified - API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: mode bits - used to set permissions on this - file, must be an octal value - between 0000 and 0777 or a decimal - value between 0 and 511. YAML - accepts both octal and decimal - values, JSON requires decimal - values for mode bits. If not - specified, the volume defaultMode - will be used. This might be - in conflict with other options - that affect the file mode, like - fsGroup, and the result can - be other mode bits set.' format: int32 type: integer path: - description: 'Required: Path is the - relative path name of the file - to be created. Must not be absolute - or contain the ''..'' path. - Must be utf-8 encoded. The first - item of the relative path must - not start with ''..''' type: string resourceFieldRef: - description: 'Selects a resource - of the container: only resources - limits and requests (limits.cpu, - limits.memory, requests.cpu - and requests.memory) are currently - supported.' properties: containerName: - description: 'Container name: - required for volumes, optional - for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the - output format of the exposed - resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource - to select' type: string required: - resource @@ -8899,251 +3396,50 @@ spec: x-kubernetes-list-type: atomic type: object emptyDir: - description: 'emptyDir represents a temporary - directory that shares a pod''s lifetime. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' properties: medium: - description: 'medium represents what - type of storage medium should back - this directory. The default is "" - which means to use the node''s default - medium. Must be an empty string (default) - or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: anyOf: - type: integer - type: string - description: 'sizeLimit is the total - amount of local storage required for - this EmptyDir volume. The size limit - is also applicable for memory medium. - The maximum usage on memory medium - EmptyDir would be the minimum value - between the SizeLimit specified here - and the sum of memory limits of all - containers in a pod. The default is - nil which means that the limit is - undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object ephemeral: - description: "ephemeral represents a volume - that is handled by a cluster storage driver. - The volume's lifecycle is tied to the - pod that defines it - it will be created - before the pod starts, and deleted when - the pod is removed. \n Use this if: a) - the volume is only needed while the pod - runs, b) features of normal volumes like - restoring from snapshot or capacity tracking - are needed, c) the storage driver is specified - through a storage class, and d) the storage - driver supports dynamic volume provisioning - through a PersistentVolumeClaim (see EphemeralVolumeSource - for more information on the connection - between this volume type and PersistentVolumeClaim). - \n Use PersistentVolumeClaim or one of - the vendor-specific APIs for volumes that - persist for longer than the lifecycle - of an individual pod. \n Use CSI for light-weight - local ephemeral volumes if the CSI driver - is meant to be used that way - see the - documentation of the driver for more information. - \n A pod can use both types of ephemeral - volumes and persistent volumes at the - same time." properties: volumeClaimTemplate: - description: "Will be used to create - a stand-alone PVC to provision the - volume. The pod in which this EphemeralVolumeSource - is embedded will be the owner of the - PVC, i.e. the PVC will be deleted - together with the pod. The name of - the PVC will be `-` where `` is the - name from the `PodSpec.Volumes` array - entry. Pod validation will reject - the pod if the concatenated name is - not valid for a PVC (for example, - too long). \n An existing PVC with - that name that is not owned by the - pod will *not* be used for the pod - to avoid using an unrelated volume - by mistake. Starting the pod is then - blocked until the unrelated PVC is - removed. If such a pre-created PVC - is meant to be used by the pod, the - PVC has to updated with an owner reference - to the pod once the pod exists. Normally - this should not be necessary, but - it may be useful when manually reconstructing - a broken cluster. \n This field is - read-only and no changes will be made - by Kubernetes to the PVC after it - has been created. \n Required, must - not be nil." properties: metadata: - description: May contain labels - and annotations that will be copied - into the PVC when creating it. - No other fields are allowed and - will be rejected during validation. properties: annotations: additionalProperties: type: string - description: 'Annotations is - an unstructured key value - map stored with a resource - that may be set by external - tools to store and retrieve - arbitrary metadata. They are - not queryable and should be - preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations' type: object generateName: - description: "GenerateName is - an optional prefix, used by - the server, to generate a - unique name ONLY IF the Name - field has not been provided. - If this field is used, the - name returned to the client - will be different than the - name passed. This value will - also be combined with a unique - suffix. The provided value - has the same validation rules - as the Name field, and may - be truncated by the length - of the suffix required to - make the value unique on the - server. \n If this field is - specified and the generated - name exists, the server will - NOT return a 409 - instead, - it will either return 201 - Created or 500 with Reason - ServerTimeout indicating a - unique name could not be found - in the time allotted, and - the client should retry (optionally - after the time indicated in - the Retry-After header). \n - Applied only if Name is not - specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" type: string labels: additionalProperties: type: string - description: 'Map of string - keys and values that can be - used to organize and categorize - (scope and select) objects. - May match selectors of replication - controllers and services. - More info: http://kubernetes.io/docs/user-guide/labels' type: object name: - description: 'Name must be unique - within a namespace. Is required - when creating resources, although - some resources may allow a - client to request the generation - of an appropriate name automatically. - Name is primarily intended - for creation idempotence and - configuration definition. - Cannot be updated. More info: - http://kubernetes.io/docs/user-guide/identifiers#names' type: string namespace: - description: "Namespace defines - the space within each name - must be unique. An empty namespace - is equivalent to the \"default\" - namespace, but \"default\" - is the canonical representation. - Not all objects are required - to be scoped to a namespace - - the value of this field - for those objects will be - empty. \n Must be a DNS_LABEL. - Cannot be updated. More info: - http://kubernetes.io/docs/user-guide/namespaces" type: string ownerReferences: - description: List of objects - depended by this object. If - ALL objects in the list have - been deleted, this object - will be garbage collected. - If this object is managed - by a controller, then an entry - in this list will point to - this controller, with the - controller field set to true. - There cannot be more than - one managing controller. items: - description: OwnerReference - contains enough information - to let you identify an owning - object. An owning object - must be in the same namespace - as the dependent, or be - cluster-scoped, so there - is no namespace field. properties: apiVersion: - description: API version - of the referent. type: string blockOwnerDeletion: - description: If true, - AND if the owner has - the "foregroundDeletion" - finalizer, then the - owner cannot be deleted - from the key-value store - until this reference - is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion - for how the garbage - collector interacts - with this field and - enforces the foreground - deletion. Defaults to - false. To set this field, - a user needs "delete" - permission of the owner, - otherwise 422 (Unprocessable - Entity) will be returned. type: boolean controller: - description: If true, - this reference points - to the managing controller. type: boolean kind: - description: 'Kind of - the referent. More info: - https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string name: - description: 'Name of - the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: - description: 'UID of the - referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -9155,63 +3451,19 @@ spec: type: array type: object spec: - description: The specification for - the PersistentVolumeClaim. The - entire content is copied unchanged - into the PVC that gets created - from this template. The same fields - as in a PersistentVolumeClaim - are also valid here. properties: accessModes: - description: 'accessModes contains - the desired access modes the - volume should have. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array x-kubernetes-list-type: atomic dataSource: - description: 'dataSource field - can be used to specify either: - * An existing VolumeSnapshot - object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an external - controller can support the - specified data source, it - will create a new volume based - on the contents of the specified - data source. When the AnyVolumeDataSource - feature gate is enabled, dataSource - contents will be copied to - dataSourceRef, and dataSourceRef - contents will be copied to - dataSource when dataSourceRef.namespace - is not specified. If the namespace - is specified, then dataSourceRef - will not be copied to dataSource.' properties: apiGroup: - description: APIGroup is - the group for the resource - being referenced. If APIGroup - is not specified, the - specified Kind must be - in the core API group. - For any other third-party - types, APIGroup is required. type: string kind: - description: Kind is the - type of resource being - referenced type: string name: - description: Name is the - name of resource being - referenced type: string required: - kind @@ -9219,110 +3471,20 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef - specifies the object from - which to populate the volume - with data, if a non-empty - volume is desired. This may - be any object from a non-empty - API group (non core object) - or a PersistentVolumeClaim - object. When this field is - specified, volume binding - will only succeed if the type - of the specified object matches - some installed volume populator - or dynamic provisioner. This - field will replace the functionality - of the dataSource field and - as such if both fields are - non-empty, they must have - the same value. For backwards - compatibility, when namespace - isn''t specified in dataSourceRef, - both fields (dataSource and - dataSourceRef) will be set - to the same value automatically - if one of them is empty and - the other is non-empty. When - namespace is specified in - dataSourceRef, dataSource - isn''t set to the same value - and must be empty. There are - three important differences - between dataSource and dataSourceRef: - * While dataSource only allows - two specific types of objects, - dataSourceRef allows any non-core - object, as well as PersistentVolumeClaim - objects. * While dataSource - ignores disallowed values - (dropping them), dataSourceRef - preserves all values, and - generates an error if a disallowed - value is specified. * While - dataSource only allows local - objects, dataSourceRef allows - objects in any namespaces. - (Beta) Using this field requires - the AnyVolumeDataSource feature - gate to be enabled. (Alpha) - Using the namespace field - of dataSourceRef requires - the CrossNamespaceVolumeDataSource - feature gate to be enabled.' properties: apiGroup: - description: APIGroup is - the group for the resource - being referenced. If APIGroup - is not specified, the - specified Kind must be - in the core API group. - For any other third-party - types, APIGroup is required. type: string kind: - description: Kind is the - type of resource being - referenced type: string name: - description: Name is the - name of resource being - referenced type: string namespace: - description: Namespace is - the namespace of resource - being referenced Note - that when a namespace - is specified, a gateway.networking.k8s.io/ReferenceGrant - object is required in - the referent namespace - to allow that namespace's - owner to accept the reference. - See the ReferenceGrant - documentation for details. - (Alpha) This field requires - the CrossNamespaceVolumeDataSource - feature gate to be enabled. type: string required: - kind - name type: object resources: - description: 'resources represents - the minimum resources the - volume should have. If RecoverVolumeExpansionFailure - feature is enabled users are - allowed to specify resource - requirements that are lower - than previous value but must - still be higher than capacity - recorded in the status field - of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: @@ -9331,10 +3493,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes - the maximum amount of - compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -9343,66 +3501,18 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes - the minimum amount of - compute resources required. - If Requests is omitted - for a container, it defaults - to Limits if that is explicitly - specified, otherwise to - an implementation-defined - value. Requests cannot - exceed Limits. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: - description: selector is a label - query over volumes to consider - for binding. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key - and values. properties: key: - description: key is - the label key that - the selector applies - to. type: string operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values - is an array of string - values. If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. This - array is replaced - during a strategic - merge patch. items: type: string type: array @@ -9416,69 +3526,16 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an element - of matchExpressions, whose - key field is "key", the - operator is "In", and - the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName - is the name of the StorageClass - required by the claim. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeAttributesClassName: - description: 'volumeAttributesClassName - may be used to set the VolumeAttributesClass - used by this claim. If specified, - the CSI driver will create - or update the volume with - the attributes defined in - the corresponding VolumeAttributesClass. - This has a different purpose - than storageClassName, it - can be changed after the claim - is created. An empty string - value means that no VolumeAttributesClass - will be applied to the claim - but it''s not allowed to reset - this field to empty string - once it is set. If unspecified - and the PersistentVolumeClaim - is unbound, the default VolumeAttributesClass - will be set by the persistentvolume - controller if it exists. If - the resource referred to by - volumeAttributesClass does - not exist, this PersistentVolumeClaim - will be set to a Pending state, - as reflected by the modifyVolumeStatus - field, until such as a resource - exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires - the VolumeAttributesClass - feature gate to be enabled.' type: string volumeMode: - description: volumeMode defines - what type of volume is required - by the claim. Value of Filesystem - is implied when not included - in claim spec. type: string volumeName: - description: volumeName is the - binding reference to the PersistentVolume - backing this claim. type: string type: object required: @@ -9486,103 +3543,41 @@ spec: type: object type: object fc: - description: fc represents a Fibre Channel - resource that is attached to a kubelet's - host machine and then exposed to the pod. properties: fsType: - description: 'fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if - unspecified. TODO: how do we prevent - errors in the filesystem from compromising - the machine' type: string lun: - description: 'lun is Optional: FC target - lun number' format: int32 type: integer readOnly: - description: 'readOnly is Optional: - Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting - in VolumeMounts.' type: boolean targetWWNs: - description: 'targetWWNs is Optional: - FC target worldwide names (WWNs)' items: type: string type: array x-kubernetes-list-type: atomic wwids: - description: 'wwids Optional: FC volume - world wide identifiers (wwids) Either - wwids or combination of targetWWNs - and lun must be set, but not both - simultaneously.' items: type: string type: array x-kubernetes-list-type: atomic type: object flexVolume: - description: flexVolume represents a generic - volume resource that is provisioned/attached - using an exec based plugin. properties: driver: - description: driver is the name of the - driver to use for this volume. type: string fsType: - description: fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - The default filesystem depends on - FlexVolume script. type: string options: additionalProperties: type: string - description: 'options is Optional: this - field holds extra command options - if any.' type: object readOnly: - description: 'readOnly is Optional: - defaults to false (read/write). ReadOnly - here will force the ReadOnly setting - in VolumeMounts.' type: boolean secretRef: - description: 'secretRef is Optional: - secretRef is reference to the secret - object containing sensitive information - to pass to the plugin scripts. This - may be empty if no secret object is - specified. If the secret object contains - more than one secret, all secrets - are passed to the plugin scripts.' properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic @@ -9590,207 +3585,79 @@ spec: - driver type: object flocker: - description: flocker represents a Flocker - volume attached to a kubelet's host machine. - This depends on the Flocker control service - being running properties: datasetName: - description: datasetName is Name of - the dataset stored as metadata -> - name on the dataset for Flocker should - be considered as deprecated type: string datasetUUID: - description: datasetUUID is the UUID - of the dataset. This is unique identifier - of a Flocker dataset type: string type: object gcePersistentDisk: - description: 'gcePersistentDisk represents - a GCE Disk resource that is attached to - a kubelet''s host machine and then exposed - to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' properties: fsType: - description: 'fsType is filesystem type - of the volume that you want to mount. - Tip: Ensure that the filesystem type - is supported by the host operating - system. Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if - unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in - the filesystem from compromising the - machine' type: string partition: - description: 'partition is the partition - in the volume that you want to mount. - If omitted, the default is to mount - by volume name. Examples: For volume - /dev/sda1, you specify the partition - as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can leave - the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' format: int32 type: integer pdName: - description: 'pdName is unique name - of the PD resource in GCE. Used to - identify the disk in GCE. More info: - https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: string readOnly: - description: 'readOnly here will force - the ReadOnly setting in VolumeMounts. - Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: boolean required: - pdName type: object glusterfs: - description: 'glusterfs represents a Glusterfs - mount on the host that shares a pod''s - lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' properties: endpoints: - description: 'endpoints is the endpoint - name that details Glusterfs topology. - More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string path: - description: 'path is the Glusterfs - volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string readOnly: - description: 'readOnly here will force - the Glusterfs volume to be mounted - with read-only permissions. Defaults - to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: boolean required: - endpoints - path type: object hostPath: - description: 'hostPath represents a pre-existing - file or directory on the host machine - that is directly exposed to the container. - This is generally used for system agents - or other privileged things that are allowed - to see the host machine. Most containers - will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict - who can use host directory mounts and - who can/can not mount host directories - as read/write.' properties: path: - description: 'path of the directory - on the host. If the path is a symlink, - it will follow the link to the real - path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string type: - description: 'type for HostPath Volume - Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string required: - path type: object iscsi: - description: 'iscsi represents an ISCSI - Disk resource that is attached to a kubelet''s - host machine and then exposed to the pod. - More info: https://examples.k8s.io/volumes/iscsi/README.md' properties: chapAuthDiscovery: - description: chapAuthDiscovery defines - whether support iSCSI Discovery CHAP - authentication type: boolean chapAuthSession: - description: chapAuthSession defines - whether support iSCSI Session CHAP - authentication type: boolean fsType: - description: 'fsType is the filesystem - type of the volume that you want to - mount. Tip: Ensure that the filesystem - type is supported by the host operating - system. Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if - unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in - the filesystem from compromising the - machine' type: string initiatorName: - description: initiatorName is the custom - iSCSI Initiator Name. If initiatorName - is specified with iscsiInterface simultaneously, - new iSCSI interface : will be created for the connection. type: string iqn: - description: iqn is the target iSCSI - Qualified Name. type: string iscsiInterface: - description: iscsiInterface is the interface - Name that uses an iSCSI transport. - Defaults to 'default' (tcp). type: string lun: - description: lun represents iSCSI Target - Lun number. format: int32 type: integer portals: - description: portals is the iSCSI Target - Portal List. The portal is either - an IP or ip_addr:port if the port - is other than default (typically TCP - ports 860 and 3260). items: type: string type: array x-kubernetes-list-type: atomic readOnly: - description: readOnly here will force - the ReadOnly setting in VolumeMounts. - Defaults to false. type: boolean secretRef: - description: secretRef is the CHAP Secret - for iSCSI target and initiator authentication properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic targetPortal: - description: targetPortal is iSCSI Target - Portal. The Portal is either an IP - or ip_addr:port if the port is other - than default (typically TCP ports - 860 and 3260). type: string required: - iqn @@ -9798,199 +3665,66 @@ spec: - targetPortal type: object nfs: - description: 'nfs represents an NFS mount - on the host that shares a pod''s lifetime - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' properties: path: - description: 'path that is exported - by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string readOnly: - description: 'readOnly here will force - the NFS export to be mounted with - read-only permissions. Defaults to - false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: boolean server: - description: 'server is the hostname - or IP address of the NFS server. More - info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string required: - path - server type: object persistentVolumeClaim: - description: 'persistentVolumeClaimVolumeSource - represents a reference to a PersistentVolumeClaim - in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: claimName: - description: 'claimName is the name - of a PersistentVolumeClaim in the - same namespace as the pod using this - volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' type: string readOnly: - description: readOnly Will force the - ReadOnly setting in VolumeMounts. - Default false. type: boolean required: - claimName type: object photonPersistentDisk: - description: photonPersistentDisk represents - a PhotonController persistent disk attached - and mounted on kubelets host machine properties: fsType: - description: fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if - unspecified. type: string pdID: - description: pdID is the ID that identifies - Photon Controller persistent disk type: string required: - pdID type: object portworxVolume: - description: portworxVolume represents a - portworx volume attached and mounted on - kubelets host machine properties: fsType: - description: fSType represents the filesystem - type to mount Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs". Implicitly - inferred to be "ext4" if unspecified. type: string readOnly: - description: readOnly defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. type: boolean volumeID: - description: volumeID uniquely identifies - a Portworx volume type: string required: - volumeID type: object projected: - description: projected items for all in - one resources secrets, configmaps, and - downward API properties: defaultMode: - description: defaultMode are the mode - bits used to set permissions on created - files by default. Must be an octal - value between 0000 and 0777 or a decimal - value between 0 and 511. YAML accepts - both octal and decimal values, JSON - requires decimal values for mode bits. - Directories within the path are not - affected by this setting. This might - be in conflict with other options - that affect the file mode, like fsGroup, - and the result can be other mode bits - set. format: int32 type: integer sources: - description: sources is the list of - volume projections items: - description: Projection that may be - projected along with other supported - volume types properties: clusterTrustBundle: - description: "ClusterTrustBundle - allows a pod to access the `.spec.trustBundle` - field of ClusterTrustBundle - objects in an auto-updating - file. \n Alpha, gated by the - ClusterTrustBundleProjection - feature gate. \n ClusterTrustBundle - objects can either be selected - by name, or by the combination - of signer name and a label selector. - \n Kubelet performs aggressive - normalization of the PEM contents - written into the pod filesystem. - \ Esoteric PEM features such - as inter-block comments and - block headers are stripped. - \ Certificates are deduplicated. - The ordering of certificates - within the file is arbitrary, - and Kubelet may change the order - over time." properties: labelSelector: - description: Select all ClusterTrustBundles - that match this label selector. Only - has effect if signerName - is set. Mutually-exclusive - with name. If unset, interpreted - as "match nothing". If - set but empty, interpreted - as "match everything". properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. properties: key: - description: key - is the label key - that the selector - applies to. type: string operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. items: type: string type: array @@ -10004,123 +3738,31 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. type: object type: object x-kubernetes-map-type: atomic name: - description: Select a single - ClusterTrustBundle by object - name. Mutually-exclusive - with signerName and labelSelector. type: string optional: - description: If true, don't - block pod startup if the - referenced ClusterTrustBundle(s) - aren't available. If using - name, then the named ClusterTrustBundle - is allowed not to exist. If - using signerName, then the - combination of signerName - and labelSelector is allowed - to match zero ClusterTrustBundles. type: boolean path: - description: Relative path - from the volume root to - write the bundle. type: string signerName: - description: Select all ClusterTrustBundles - that match this signer name. - Mutually-exclusive with - name. The contents of all - selected ClusterTrustBundles - will be unified and deduplicated. type: string required: - path type: object configMap: - description: configMap information - about the configMap data to - project properties: items: - description: items if unspecified, - each key-value pair in the - Data field of the referenced - ConfigMap will be projected - into the volume as a file - whose name is the key and - content is the value. If - specified, the listed keys - will be projected into the - specified paths, and unlisted - keys will not be present. - If a key is specified which - is not present in the ConfigMap, - the volume setup will error - unless it is marked optional. - Paths must be relative and - may not contain the '..' - path or start with '..'. items: - description: Maps a string - key to a path within a - volume. properties: key: - description: key is - the key to project. type: string mode: - description: 'mode is - Optional: mode bits - used to set permissions - on this file. Must - be an octal value - between 0000 and 0777 - or a decimal value - between 0 and 511. - YAML accepts both - octal and decimal - values, JSON requires - decimal values for - mode bits. If not - specified, the volume - defaultMode will be - used. This might be - in conflict with other - options that affect - the file mode, like - fsGroup, and the result - can be other mode - bits set.' format: int32 type: integer path: - description: path is - the relative path - of the file to map - the key to. May not - be an absolute path. - May not contain the - path element '..'. - May not start with - the string '..'. type: string required: - key @@ -10130,134 +3772,42 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of the - referent. This field is - effectively required, but - due to backwards compatibility - is allowed to be empty. - Instances of this type with - an empty value here are - almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional specify - whether the ConfigMap or - its keys must be defined type: boolean type: object x-kubernetes-map-type: atomic downwardAPI: - description: downwardAPI information - about the downwardAPI data to - project properties: items: - description: Items is a list - of DownwardAPIVolume file items: - description: DownwardAPIVolumeFile - represents information - to create the file containing - the pod field properties: fieldRef: - description: 'Required: - Selects a field of - the pod: only annotations, - labels, name, namespace - and uid are supported.' properties: apiVersion: - description: Version - of the schema - the FieldPath - is written in - terms of, defaults - to "v1". type: string fieldPath: - description: Path - of the field to - select in the - specified API - version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: - mode bits used to - set permissions on - this file, must be - an octal value between - 0000 and 0777 or a - decimal value between - 0 and 511. YAML accepts - both octal and decimal - values, JSON requires - decimal values for - mode bits. If not - specified, the volume - defaultMode will be - used. This might be - in conflict with other - options that affect - the file mode, like - fsGroup, and the result - can be other mode - bits set.' format: int32 type: integer path: - description: 'Required: - Path is the relative - path name of the file - to be created. Must - not be absolute or - contain the ''..'' - path. Must be utf-8 - encoded. The first - item of the relative - path must not start - with ''..''' type: string resourceFieldRef: - description: 'Selects - a resource of the - container: only resources - limits and requests - (limits.cpu, limits.memory, - requests.cpu and requests.memory) - are currently supported.' properties: containerName: - description: 'Container - name: required - for volumes, optional - for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies - the output format - of the exposed - resources, defaults - to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: - resource to select' type: string required: - resource @@ -10270,72 +3820,16 @@ spec: x-kubernetes-list-type: atomic type: object secret: - description: secret information - about the secret data to project properties: items: - description: items if unspecified, - each key-value pair in the - Data field of the referenced - Secret will be projected - into the volume as a file - whose name is the key and - content is the value. If - specified, the listed keys - will be projected into the - specified paths, and unlisted - keys will not be present. - If a key is specified which - is not present in the Secret, - the volume setup will error - unless it is marked optional. - Paths must be relative and - may not contain the '..' - path or start with '..'. items: - description: Maps a string - key to a path within a - volume. properties: key: - description: key is - the key to project. type: string mode: - description: 'mode is - Optional: mode bits - used to set permissions - on this file. Must - be an octal value - between 0000 and 0777 - or a decimal value - between 0 and 511. - YAML accepts both - octal and decimal - values, JSON requires - decimal values for - mode bits. If not - specified, the volume - defaultMode will be - used. This might be - in conflict with other - options that affect - the file mode, like - fsGroup, and the result - can be other mode - bits set.' format: int32 type: integer path: - description: path is - the relative path - of the file to map - the key to. May not - be an absolute path. - May not contain the - path element '..'. - May not start with - the string '..'. type: string required: - key @@ -10345,68 +3839,19 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of the - referent. This field is - effectively required, but - due to backwards compatibility - is allowed to be empty. - Instances of this type with - an empty value here are - almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional field - specify whether the Secret - or its key must be defined type: boolean type: object x-kubernetes-map-type: atomic serviceAccountToken: - description: serviceAccountToken - is information about the serviceAccountToken - data to project properties: audience: - description: audience is the - intended audience of the - token. A recipient of a - token must identify itself - with an identifier specified - in the audience of the token, - and otherwise should reject - the token. The audience - defaults to the identifier - of the apiserver. type: string expirationSeconds: - description: expirationSeconds - is the requested duration - of validity of the service - account token. As the token - approaches expiration, the - kubelet volume plugin will - proactively rotate the service - account token. The kubelet - will start trying to rotate - the token if the token is - older than 80 percent of - its time to live or if the - token is older than 24 hours.Defaults - to 1 hour and must be at - least 10 minutes. format: int64 type: integer path: - description: path is the path - relative to the mount point - of the file to project the - token into. type: string required: - path @@ -10416,196 +3861,79 @@ spec: x-kubernetes-list-type: atomic type: object quobyte: - description: quobyte represents a Quobyte - mount on the host that shares a pod's - lifetime properties: group: - description: group to map volume access - to Default is no group type: string readOnly: - description: readOnly here will force - the Quobyte volume to be mounted with - read-only permissions. Defaults to - false. type: boolean registry: - description: registry represents a single - or multiple Quobyte Registry services - specified as a string as host:port - pair (multiple entries are separated - with commas) which acts as the central - registry for volumes type: string tenant: - description: tenant owning the given - Quobyte volume in the Backend Used - with dynamically provisioned Quobyte - volumes, value is set by the plugin type: string user: - description: user to map volume access - to Defaults to serivceaccount user type: string volume: - description: volume is a string that - references an already created Quobyte - volume by name. type: string required: - registry - volume type: object rbd: - description: 'rbd represents a Rados Block - Device mount on the host that shares a - pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' properties: fsType: - description: 'fsType is the filesystem - type of the volume that you want to - mount. Tip: Ensure that the filesystem - type is supported by the host operating - system. Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if - unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in - the filesystem from compromising the - machine' type: string image: - description: 'image is the rados image - name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string keyring: - description: 'keyring is the path to - key ring for RBDUser. Default is /etc/ceph/keyring. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string monitors: - description: 'monitors is a collection - of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' items: type: string type: array x-kubernetes-list-type: atomic pool: - description: 'pool is the rados pool - name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string readOnly: - description: 'readOnly here will force - the ReadOnly setting in VolumeMounts. - Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: boolean secretRef: - description: 'secretRef is name of the - authentication secret for RBDUser. - If provided overrides keyring. Default - is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is the rados user - name. Default is admin. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string required: - image - monitors type: object scaleIO: - description: scaleIO represents a ScaleIO - persistent volume attached and mounted - on Kubernetes nodes. properties: fsType: - description: fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Default is "xfs". type: string gateway: - description: gateway is the host address - of the ScaleIO API Gateway. type: string protectionDomain: - description: protectionDomain is the - name of the ScaleIO Protection Domain - for the configured storage. type: string readOnly: - description: readOnly Defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: secretRef references to - the secret for ScaleIO user and other - sensitive information. If this is - not provided, Login operation will - fail. properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic sslEnabled: - description: sslEnabled Flag enable/disable - SSL communication with Gateway, default - false type: boolean storageMode: - description: storageMode indicates whether - the storage for a volume should be - ThickProvisioned or ThinProvisioned. - Default is ThinProvisioned. type: string storagePool: - description: storagePool is the ScaleIO - Storage Pool associated with the protection - domain. type: string system: - description: system is the name of the - storage system as configured in ScaleIO. type: string volumeName: - description: volumeName is the name - of a volume already created in the - ScaleIO system that is associated - with this volume source. type: string required: - gateway @@ -10613,75 +3941,19 @@ spec: - system type: object secret: - description: 'secret represents a secret - that should populate this volume. More - info: https://kubernetes.io/docs/concepts/storage/volumes#secret' properties: defaultMode: - description: 'defaultMode is Optional: - mode bits used to set permissions - on created files by default. Must - be an octal value between 0000 and - 0777 or a decimal value between 0 - and 511. YAML accepts both octal and - decimal values, JSON requires decimal - values for mode bits. Defaults to - 0644. Directories within the path - are not affected by this setting. - This might be in conflict with other - options that affect the file mode, - like fsGroup, and the result can be - other mode bits set.' format: int32 type: integer items: - description: items If unspecified, each - key-value pair in the Data field of - the referenced Secret will be projected - into the volume as a file whose name - is the key and content is the value. - If specified, the listed keys will - be projected into the specified paths, - and unlisted keys will not be present. - If a key is specified which is not - present in the Secret, the volume - setup will error unless it is marked - optional. Paths must be relative and - may not contain the '..' path or start - with '..'. items: - description: Maps a string key to - a path within a volume. properties: key: - description: key is the key to - project. type: string mode: - description: 'mode is Optional: - mode bits used to set permissions - on this file. Must be an octal - value between 0000 and 0777 - or a decimal value between 0 - and 511. YAML accepts both octal - and decimal values, JSON requires - decimal values for mode bits. - If not specified, the volume - defaultMode will be used. This - might be in conflict with other - options that affect the file - mode, like fsGroup, and the - result can be other mode bits - set.' format: int32 type: integer path: - description: path is the relative - path of the file to map the - key to. May not be an absolute - path. May not contain the path - element '..'. May not start - with the string '..'. type: string required: - key @@ -10690,223 +3962,60 @@ spec: type: array x-kubernetes-list-type: atomic optional: - description: optional field specify - whether the Secret or its keys must - be defined type: boolean secretName: - description: 'secretName is the name - of the secret in the pod''s namespace - to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' type: string type: object storageos: - description: storageOS represents a StorageOS - volume attached and mounted on Kubernetes - nodes. properties: fsType: - description: fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if - unspecified. type: string readOnly: - description: readOnly defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: secretRef specifies the - secret to use for obtaining the StorageOS - API credentials. If not specified, - default values will be attempted. properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic volumeName: - description: volumeName is the human-readable - name of the StorageOS volume. Volume - names are only unique within a namespace. type: string volumeNamespace: - description: volumeNamespace specifies - the scope of the volume within StorageOS. If - no namespace is specified then the - Pod's namespace will be used. This - allows the Kubernetes name scoping - to be mirrored within StorageOS for - tighter integration. Set VolumeName - to any name to override the default - behaviour. Set to "default" if you - are not using namespaces within StorageOS. - Namespaces that do not pre-exist within - StorageOS will be created. type: string type: object volumeClaimTemplate: - description: VolumeClaimTemplate specifies - a template for volume to use by the backup/restore - executor properties: metadata: - description: May contain labels and - annotations that will be copied into - the PVC when creating it. No other - fields are allowed and will be rejected - during validation. properties: annotations: additionalProperties: type: string - description: 'Annotations is an - unstructured key value map stored - with a resource that may be set - by external tools to store and - retrieve arbitrary metadata. They - are not queryable and should be - preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations' type: object generateName: - description: "GenerateName is an - optional prefix, used by the server, - to generate a unique name ONLY - IF the Name field has not been - provided. If this field is used, - the name returned to the client - will be different than the name - passed. This value will also be - combined with a unique suffix. - The provided value has the same - validation rules as the Name field, - and may be truncated by the length - of the suffix required to make - the value unique on the server. - \n If this field is specified - and the generated name exists, - the server will NOT return a 409 - - instead, it will either return - 201 Created or 500 with Reason - ServerTimeout indicating a unique - name could not be found in the - time allotted, and the client - should retry (optionally after - the time indicated in the Retry-After - header). \n Applied only if Name - is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" type: string labels: additionalProperties: type: string - description: 'Map of string keys - and values that can be used to - organize and categorize (scope - and select) objects. May match - selectors of replication controllers - and services. More info: http://kubernetes.io/docs/user-guide/labels' type: object name: - description: 'Name must be unique - within a namespace. Is required - when creating resources, although - some resources may allow a client - to request the generation of an - appropriate name automatically. - Name is primarily intended for - creation idempotence and configuration - definition. Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' type: string namespace: - description: "Namespace defines - the space within each name must - be unique. An empty namespace - is equivalent to the \"default\" - namespace, but \"default\" is - the canonical representation. - Not all objects are required to - be scoped to a namespace - the - value of this field for those - objects will be empty. \n Must - be a DNS_LABEL. Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/namespaces" type: string ownerReferences: - description: List of objects depended - by this object. If ALL objects - in the list have been deleted, - this object will be garbage collected. - If this object is managed by a - controller, then an entry in this - list will point to this controller, - with the controller field set - to true. There cannot be more - than one managing controller. items: - description: OwnerReference contains - enough information to let you - identify an owning object. An - owning object must be in the - same namespace as the dependent, - or be cluster-scoped, so there - is no namespace field. properties: apiVersion: - description: API version of - the referent. type: string blockOwnerDeletion: - description: If true, AND - if the owner has the "foregroundDeletion" - finalizer, then the owner - cannot be deleted from the - key-value store until this - reference is removed. See - https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion - for how the garbage collector - interacts with this field - and enforces the foreground - deletion. Defaults to false. - To set this field, a user - needs "delete" permission - of the owner, otherwise - 422 (Unprocessable Entity) - will be returned. type: boolean controller: - description: If true, this - reference points to the - managing controller. type: boolean kind: - description: 'Kind of the - referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: - description: 'UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -10918,57 +4027,19 @@ spec: type: array type: object spec: - description: The specification for the - PersistentVolumeClaim. The entire - content is copied unchanged into the - PVC that gets created from this template. - The same fields as in a PersistentVolumeClaim - are also valid here. properties: accessModes: - description: 'accessModes contains - the desired access modes the volume - should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array x-kubernetes-list-type: atomic dataSource: - description: 'dataSource field can - be used to specify either: * An - existing VolumeSnapshot object - (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an external - controller can support the specified - data source, it will create a - new volume based on the contents - of the specified data source. - When the AnyVolumeDataSource feature - gate is enabled, dataSource contents - will be copied to dataSourceRef, - and dataSourceRef contents will - be copied to dataSource when dataSourceRef.namespace - is not specified. If the namespace - is specified, then dataSourceRef - will not be copied to dataSource.' properties: apiGroup: - description: APIGroup is the - group for the resource being - referenced. If APIGroup is - not specified, the specified - Kind must be in the core API - group. For any other third-party - types, APIGroup is required. type: string kind: - description: Kind is the type - of resource being referenced type: string name: - description: Name is the name - of resource being referenced type: string required: - kind @@ -10976,98 +4047,20 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef specifies - the object from which to populate - the volume with data, if a non-empty - volume is desired. This may be - any object from a non-empty API - group (non core object) or a PersistentVolumeClaim - object. When this field is specified, - volume binding will only succeed - if the type of the specified object - matches some installed volume - populator or dynamic provisioner. - This field will replace the functionality - of the dataSource field and as - such if both fields are non-empty, - they must have the same value. - For backwards compatibility, when - namespace isn''t specified in - dataSourceRef, both fields (dataSource - and dataSourceRef) will be set - to the same value automatically - if one of them is empty and the - other is non-empty. When namespace - is specified in dataSourceRef, - dataSource isn''t set to the same - value and must be empty. There - are three important differences - between dataSource and dataSourceRef: - * While dataSource only allows - two specific types of objects, - dataSourceRef allows any non-core - object, as well as PersistentVolumeClaim - objects. * While dataSource ignores - disallowed values (dropping them), - dataSourceRef preserves all values, - and generates an error if a disallowed - value is specified. * While dataSource - only allows local objects, dataSourceRef - allows objects in any namespaces. - (Beta) Using this field requires - the AnyVolumeDataSource feature - gate to be enabled. (Alpha) Using - the namespace field of dataSourceRef - requires the CrossNamespaceVolumeDataSource - feature gate to be enabled.' properties: apiGroup: - description: APIGroup is the - group for the resource being - referenced. If APIGroup is - not specified, the specified - Kind must be in the core API - group. For any other third-party - types, APIGroup is required. type: string kind: - description: Kind is the type - of resource being referenced type: string name: - description: Name is the name - of resource being referenced type: string namespace: - description: Namespace is the - namespace of resource being - referenced Note that when - a namespace is specified, - a gateway.networking.k8s.io/ReferenceGrant - object is required in the - referent namespace to allow - that namespace's owner to - accept the reference. See - the ReferenceGrant documentation - for details. (Alpha) This - field requires the CrossNamespaceVolumeDataSource - feature gate to be enabled. type: string required: - kind - name type: object resources: - description: 'resources represents - the minimum resources the volume - should have. If RecoverVolumeExpansionFailure - feature is enabled users are allowed - to specify resource requirements - that are lower than previous value - but must still be higher than - capacity recorded in the status - field of the claim. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: @@ -11076,10 +4069,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes - the maximum amount of compute - resources allowed. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -11088,59 +4077,18 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes - the minimum amount of compute - resources required. If Requests - is omitted for a container, - it defaults to Limits if that - is explicitly specified, otherwise - to an implementation-defined - value. Requests cannot exceed - Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: - description: selector is a label - query over volumes to consider - for binding. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, a - key, and an operator that - relates the key and values. properties: key: - description: key is the - label key that the selector - applies to. type: string operator: - description: operator - represents a key's relationship - to a set of values. - Valid operators are - In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is - an array of string values. - If the operator is In - or NotIn, the values - array must be non-empty. - If the operator is Exists - or DoesNotExist, the - values array must be - empty. This array is - replaced during a strategic - merge patch. items: type: string type: array @@ -11154,94 +4102,30 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in the - matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName is - the name of the StorageClass required - by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeAttributesClassName: - description: 'volumeAttributesClassName - may be used to set the VolumeAttributesClass - used by this claim. If specified, - the CSI driver will create or - update the volume with the attributes - defined in the corresponding VolumeAttributesClass. - This has a different purpose than - storageClassName, it can be changed - after the claim is created. An - empty string value means that - no VolumeAttributesClass will - be applied to the claim but it''s - not allowed to reset this field - to empty string once it is set. - If unspecified and the PersistentVolumeClaim - is unbound, the default VolumeAttributesClass - will be set by the persistentvolume - controller if it exists. If the - resource referred to by volumeAttributesClass - does not exist, this PersistentVolumeClaim - will be set to a Pending state, - as reflected by the modifyVolumeStatus - field, until such as a resource - exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires - the VolumeAttributesClass feature - gate to be enabled.' type: string volumeMode: - description: volumeMode defines - what type of volume is required - by the claim. Value of Filesystem - is implied when not included in - claim spec. type: string volumeName: - description: volumeName is the binding - reference to the PersistentVolume - backing this claim. type: string type: object required: - spec type: object vsphereVolume: - description: vsphereVolume represents a - vSphere volume attached and mounted on - kubelets host machine properties: fsType: - description: fsType is filesystem type - to mount. Must be a filesystem type - supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. type: string storagePolicyID: - description: storagePolicyID is the - storage Policy Based Management (SPBM) - profile ID associated with the StoragePolicyName. type: string storagePolicyName: - description: storagePolicyName is the - storage Policy Based Management (SPBM) - profile name. type: string volumePath: - description: volumePath is the path - that identifies vSphere volume vmdk type: string required: - volumePath @@ -11250,168 +4134,49 @@ spec: type: object type: array name: - description: Name indicates to the name of the task type: string params: - description: Params specifies parameters for the task. - You must provide the parameter in the Addon desired - structure. type: object x-kubernetes-preserve-unknown-fields: true targetVolumes: - description: TargetVolumes specifies which volumes - from the target should be mounted in the backup/restore - job/container. properties: volumeClaimTemplates: - description: VolumeClaimTemplates specifies a - template for the PersistentVolumeClaims that - will be created for each Pod in a StatefulSet. items: - description: PersistentVolumeClaim is a user's - request for and claim to a persistent volume properties: apiVersion: - description: 'APIVersion defines the versioned - schema of this representation of an object. - Servers should convert recognized schemas - to the latest internal value, and may - reject unrecognized values. More info: - https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing - the REST resource this object represents. - Servers may infer this from the endpoint - the client submits requests to. Cannot - be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: - description: 'Standard object''s metadata. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' properties: annotations: additionalProperties: type: string - description: 'Annotations is an unstructured - key value map stored with a resource - that may be set by external tools - to store and retrieve arbitrary metadata. - They are not queryable and should - be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations' type: object generateName: - description: "GenerateName is an optional - prefix, used by the server, to generate - a unique name ONLY IF the Name field - has not been provided. If this field - is used, the name returned to the - client will be different than the - name passed. This value will also - be combined with a unique suffix. - The provided value has the same validation - rules as the Name field, and may be - truncated by the length of the suffix - required to make the value unique - on the server. \n If this field is - specified and the generated name exists, - the server will NOT return a 409 - - instead, it will either return 201 - Created or 500 with Reason ServerTimeout - indicating a unique name could not - be found in the time allotted, and - the client should retry (optionally - after the time indicated in the Retry-After - header). \n Applied only if Name is - not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" type: string labels: additionalProperties: type: string - description: 'Map of string keys and - values that can be used to organize - and categorize (scope and select) - objects. May match selectors of replication - controllers and services. More info: - http://kubernetes.io/docs/user-guide/labels' type: object name: - description: 'Name must be unique within - a namespace. Is required when creating - resources, although some resources - may allow a client to request the - generation of an appropriate name - automatically. Name is primarily intended - for creation idempotence and configuration - definition. Cannot be updated. More - info: http://kubernetes.io/docs/user-guide/identifiers#names' type: string namespace: - description: "Namespace defines the - space within each name must be unique. - An empty namespace is equivalent to - the \"default\" namespace, but \"default\" - is the canonical representation. Not - all objects are required to be scoped - to a namespace - the value of this - field for those objects will be empty. - \n Must be a DNS_LABEL. Cannot be - updated. More info: http://kubernetes.io/docs/user-guide/namespaces" type: string ownerReferences: - description: List of objects depended - by this object. If ALL objects in - the list have been deleted, this object - will be garbage collected. If this - object is managed by a controller, - then an entry in this list will point - to this controller, with the controller - field set to true. There cannot be - more than one managing controller. items: - description: OwnerReference contains - enough information to let you identify - an owning object. An owning object - must be in the same namespace as - the dependent, or be cluster-scoped, - so there is no namespace field. properties: apiVersion: - description: API version of the - referent. type: string blockOwnerDeletion: - description: If true, AND if the - owner has the "foregroundDeletion" - finalizer, then the owner cannot - be deleted from the key-value - store until this reference is - removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion - for how the garbage collector - interacts with this field and - enforces the foreground deletion. - Defaults to false. To set this - field, a user needs "delete" - permission of the owner, otherwise - 422 (Unprocessable Entity) will - be returned. type: boolean controller: - description: If true, this reference - points to the managing controller. type: boolean kind: - description: 'Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: - description: 'UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -11423,52 +4188,19 @@ spec: type: array type: object spec: - description: 'Spec defines the desired characteristics - of a volume requested by a pod author. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: accessModes: - description: 'accessModes contains the - desired access modes the volume should - have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array x-kubernetes-list-type: atomic dataSource: - description: 'dataSource field can be - used to specify either: * An existing - VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an external - controller can support the specified - data source, it will create a new - volume based on the contents of the - specified data source. When the AnyVolumeDataSource - feature gate is enabled, dataSource - contents will be copied to dataSourceRef, - and dataSourceRef contents will be - copied to dataSource when dataSourceRef.namespace - is not specified. If the namespace - is specified, then dataSourceRef will - not be copied to dataSource.' properties: apiGroup: - description: APIGroup is the group - for the resource being referenced. - If APIGroup is not specified, - the specified Kind must be in - the core API group. For any other - third-party types, APIGroup is - required. type: string kind: - description: Kind is the type of - resource being referenced type: string name: - description: Name is the name of - resource being referenced type: string required: - kind @@ -11476,93 +4208,20 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef specifies - the object from which to populate - the volume with data, if a non-empty - volume is desired. This may be any - object from a non-empty API group - (non core object) or a PersistentVolumeClaim - object. When this field is specified, - volume binding will only succeed if - the type of the specified object matches - some installed volume populator or - dynamic provisioner. This field will - replace the functionality of the dataSource - field and as such if both fields are - non-empty, they must have the same - value. For backwards compatibility, - when namespace isn''t specified in - dataSourceRef, both fields (dataSource - and dataSourceRef) will be set to - the same value automatically if one - of them is empty and the other is - non-empty. When namespace is specified - in dataSourceRef, dataSource isn''t - set to the same value and must be - empty. There are three important differences - between dataSource and dataSourceRef: - * While dataSource only allows two - specific types of objects, dataSourceRef - allows any non-core object, as well - as PersistentVolumeClaim objects. - * While dataSource ignores disallowed - values (dropping them), dataSourceRef - preserves all values, and generates - an error if a disallowed value is - specified. * While dataSource only - allows local objects, dataSourceRef - allows objects in any namespaces. - (Beta) Using this field requires the - AnyVolumeDataSource feature gate to - be enabled. (Alpha) Using the namespace - field of dataSourceRef requires the - CrossNamespaceVolumeDataSource feature - gate to be enabled.' properties: apiGroup: - description: APIGroup is the group - for the resource being referenced. - If APIGroup is not specified, - the specified Kind must be in - the core API group. For any other - third-party types, APIGroup is - required. type: string kind: - description: Kind is the type of - resource being referenced type: string name: - description: Name is the name of - resource being referenced type: string namespace: - description: Namespace is the namespace - of resource being referenced Note - that when a namespace is specified, - a gateway.networking.k8s.io/ReferenceGrant - object is required in the referent - namespace to allow that namespace's - owner to accept the reference. - See the ReferenceGrant documentation - for details. (Alpha) This field - requires the CrossNamespaceVolumeDataSource - feature gate to be enabled. type: string required: - kind - name type: object resources: - description: 'resources represents the - minimum resources the volume should - have. If RecoverVolumeExpansionFailure - feature is enabled users are allowed - to specify resource requirements that - are lower than previous value but - must still be higher than capacity - recorded in the status field of the - claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: @@ -11571,9 +4230,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the - maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -11582,55 +4238,18 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes - the minimum amount of compute - resources required. If Requests - is omitted for a container, it - defaults to Limits if that is - explicitly specified, otherwise - to an implementation-defined value. - Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: - description: selector is a label query - over volumes to consider for binding. properties: matchExpressions: - description: matchExpressions is - a list of label selector requirements. - The requirements are ANDed. items: - description: A label selector - requirement is a selector that - contains values, a key, and - an operator that relates the - key and values. properties: key: - description: key is the label - key that the selector applies - to. type: string operator: - description: operator represents - a key's relationship to - a set of values. Valid operators - are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an - array of string values. - If the operator is In or - NotIn, the values array - must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be - empty. This array is replaced - during a strategic merge - patch. items: type: string type: array @@ -11644,137 +4263,28 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map - of {key,value} pairs. A single - {key,value} in the matchLabels - map is equivalent to an element - of matchExpressions, whose key - field is "key", the operator is - "In", and the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName is the - name of the StorageClass required - by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeAttributesClassName: - description: 'volumeAttributesClassName - may be used to set the VolumeAttributesClass - used by this claim. If specified, - the CSI driver will create or update - the volume with the attributes defined - in the corresponding VolumeAttributesClass. - This has a different purpose than - storageClassName, it can be changed - after the claim is created. An empty - string value means that no VolumeAttributesClass - will be applied to the claim but it''s - not allowed to reset this field to - empty string once it is set. If unspecified - and the PersistentVolumeClaim is unbound, - the default VolumeAttributesClass - will be set by the persistentvolume - controller if it exists. If the resource - referred to by volumeAttributesClass - does not exist, this PersistentVolumeClaim - will be set to a Pending state, as - reflected by the modifyVolumeStatus - field, until such as a resource exists. - More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires - the VolumeAttributesClass feature - gate to be enabled.' type: string volumeMode: - description: volumeMode defines what - type of volume is required by the - claim. Value of Filesystem is implied - when not included in claim spec. type: string volumeName: - description: volumeName is the binding - reference to the PersistentVolume - backing this claim. type: string type: object status: - description: 'Status represents the current - information/status of a persistent volume - claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: accessModes: - description: 'accessModes contains the - actual access modes the volume backing - the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array x-kubernetes-list-type: atomic allocatedResourceStatuses: additionalProperties: - description: When a controller receives - persistentvolume claim update with - ClaimResourceStatus for a resource - that it does not recognizes, then - it should ignore that update and - let other controllers handle it. type: string - description: "allocatedResourceStatuses - stores status of resource being resized - for the given PVC. Key names follow - standard Kubernetes label syntax. - Valid values are either: * Un-prefixed - keys: - storage - the capacity of - the volume. * Custom resources must - use implementation-defined prefixed - names such as \"example.com/my-custom-resource\" - Apart from above values - keys that - are unprefixed or have kubernetes.io - prefix are considered reserved and - hence may not be used. \n ClaimResourceStatus - can be in any of following states: - - ControllerResizeInProgress: State - set when resize controller starts - resizing the volume in control-plane. - - ControllerResizeFailed: State set - when resize has failed in resize controller - with a terminal error. - NodeResizePending: - State set when resize controller has - finished resizing the volume but further - resizing of volume is needed on the - node. - NodeResizeInProgress: State - set when kubelet starts resizing the - volume. - NodeResizeFailed: State - set when resizing has failed in kubelet - with a terminal error. Transient errors - don't set NodeResizeFailed. For example: - if expanding a PVC for more capacity - - this field can be one of the following - states: - pvc.status.allocatedResourceStatus['storage'] - = \"ControllerResizeInProgress\" - - pvc.status.allocatedResourceStatus['storage'] - = \"ControllerResizeFailed\" - pvc.status.allocatedResourceStatus['storage'] - = \"NodeResizePending\" - pvc.status.allocatedResourceStatus['storage'] - = \"NodeResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] - = \"NodeResizeFailed\" When this field - is not set, it means that no resize - operation is in progress for the given - PVC. \n A controller that receives - PVC update with previously unknown - resourceName or ClaimResourceStatus - should ignore the update for the purpose - it was designed. For example - a controller - that only is responsible for resizing - capacity of the volume, should ignore - PVC updates that change other valid - resources associated with PVC. \n - This is an alpha field and requires - enabling RecoverVolumeExpansionFailure - feature." type: object x-kubernetes-map-type: granular allocatedResources: @@ -11784,42 +4294,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: "allocatedResources tracks - the resources allocated to a PVC including - its capacity. Key names follow standard - Kubernetes label syntax. Valid values - are either: * Un-prefixed keys: - - storage - the capacity of the volume. - * Custom resources must use implementation-defined - prefixed names such as \"example.com/my-custom-resource\" - Apart from above values - keys that - are unprefixed or have kubernetes.io - prefix are considered reserved and - hence may not be used. \n Capacity - reported here may be larger than the - actual capacity when a volume expansion - operation is requested. For storage - quota, the larger value from allocatedResources - and PVC.spec.resources is used. If - allocatedResources is not set, PVC.spec.resources - alone is used for quota calculation. - If a volume expansion capacity request - is lowered, allocatedResources is - only lowered if there are no expansion - operations in progress and if the - actual volume capacity is equal or - lower than the requested capacity. - \n A controller that receives PVC - update with previously unknown resourceName - should ignore the update for the purpose - it was designed. For example - a controller - that only is responsible for resizing - capacity of the volume, should ignore - PVC updates that change other valid - resources associated with PVC. \n - This is an alpha field and requires - enabling RecoverVolumeExpansionFailure - feature." type: object capacity: additionalProperties: @@ -11828,51 +4302,23 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: capacity represents the - actual resources of the underlying - volume. type: object conditions: - description: conditions is the current - Condition of persistent volume claim. - If underlying persistent volume is - being resized then the Condition will - be set to 'Resizing'. items: - description: PersistentVolumeClaimCondition - contains details about state of - pvc properties: lastProbeTime: - description: lastProbeTime is - the time we probed the condition. format: date-time type: string lastTransitionTime: - description: lastTransitionTime - is the time the condition transitioned - from one status to another. format: date-time type: string message: - description: message is the human-readable - message indicating details about - last transition. type: string reason: - description: reason is a unique, - this should be a short, machine - understandable string that gives - the reason for condition's last - transition. If it reports "Resizing" - that means the underlying persistent - volume is being resized. type: string status: type: string type: - description: PersistentVolumeClaimConditionType - is a valid value of PersistentVolumeClaimCondition.Type type: string required: - status @@ -11883,126 +4329,37 @@ spec: - type x-kubernetes-list-type: map currentVolumeAttributesClassName: - description: currentVolumeAttributesClassName - is the current name of the VolumeAttributesClass - the PVC is using. When unset, there - is no VolumeAttributeClass applied - to this PersistentVolumeClaim This - is an alpha field and requires enabling - VolumeAttributesClass feature. type: string modifyVolumeStatus: - description: ModifyVolumeStatus represents - the status object of ControllerModifyVolume - operation. When this is unset, there - is no ModifyVolume operation being - attempted. This is an alpha field - and requires enabling VolumeAttributesClass - feature. properties: status: - description: 'status is the status - of the ControllerModifyVolume - operation. It can be in any of - following states: - Pending Pending - indicates that the PersistentVolumeClaim - cannot be modified due to unmet - requirements, such as the specified - VolumeAttributesClass not existing. - - InProgress InProgress indicates - that the volume is being modified. - - Infeasible Infeasible indicates - that the request has been rejected - as invalid by the CSI driver. - To resolve the error, a valid - VolumeAttributesClass needs to - be specified. Note: New statuses - can be added in the future. Consumers - should check for unknown statuses - and fail appropriately.' type: string targetVolumeAttributesClassName: - description: targetVolumeAttributesClassName - is the name of the VolumeAttributesClass - the PVC currently being reconciled type: string required: - status type: object phase: - description: phase represents the current - phase of PersistentVolumeClaim. type: string type: object type: object type: array volumeMounts: - description: VolumeMounts specifies the mount - for the volumes specified in `Volumes` section items: - description: VolumeMount describes a mounting - of a Volume within a container. properties: mountPath: - description: Path within the container at - which the volume should be mounted. Must - not contain ':'. type: string mountPropagation: - description: mountPropagation determines - how mounts are propagated from the host - to container and the other way around. - When not set, MountPropagationNone is - used. This field is beta in 1.10. When - RecursiveReadOnly is set to IfPossible - or to Enabled, MountPropagation must be - None or unspecified (which defaults to - None). type: string name: - description: This must match the Name of - a Volume. type: string readOnly: - description: Mounted read-only if true, - read-write otherwise (false or unspecified). - Defaults to false. type: boolean recursiveReadOnly: - description: "RecursiveReadOnly specifies - whether read-only mounts should be handled - recursively. \n If ReadOnly is false, - this field has no meaning and must be - unspecified. \n If ReadOnly is true, and - this field is set to Disabled, the mount - is not made recursively read-only. If - this field is set to IfPossible, the mount - is made recursively read-only, if it is - supported by the container runtime. If - this field is set to Enabled, the mount - is made recursively read-only if it is - supported by the container runtime, otherwise - the pod will not be started and an error - will be generated to indicate the reason. - \n If this field is set to IfPossible - or Enabled, MountPropagation must be set - to None (or be unspecified, which defaults - to None). \n If this field is not specified, - it is treated as an equivalent of Disabled." type: string subPath: - description: Path within the volume from - which the container's volume should be - mounted. Defaults to "" (volume's root). type: string subPathExpr: - description: Expanded path within the volume - from which the container's volume should - be mounted. Behaves similarly to SubPath - but environment variable references $(VAR_NAME) - are expanded using the container's environment. - Defaults to "" (volume's root). SubPathExpr - and SubPath are mutually exclusive. type: string required: - mountPath @@ -12010,300 +4367,109 @@ spec: type: object type: array volumes: - description: Volumes indicates the list of volumes - of targeted application that should be mounted - on the backup/restore job. items: - description: Volume represents a named volume - in a pod that may be accessed by any container - in the pod. properties: awsElasticBlockStore: - description: 'awsElasticBlockStore represents - an AWS Disk resource that is attached - to a kubelet''s host machine and then - exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' properties: fsType: - description: 'fsType is the filesystem - type of the volume that you want to - mount. Tip: Ensure that the filesystem - type is supported by the host operating - system. Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if - unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in - the filesystem from compromising the - machine' type: string partition: - description: 'partition is the partition - in the volume that you want to mount. - If omitted, the default is to mount - by volume name. Examples: For volume - /dev/sda1, you specify the partition - as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can leave - the property empty).' format: int32 type: integer readOnly: - description: 'readOnly value true will - force the readOnly setting in VolumeMounts. - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: boolean volumeID: - description: 'volumeID is unique ID - of the persistent disk resource in - AWS (Amazon EBS volume). More info: - https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: string required: - volumeID type: object azureDisk: - description: azureDisk represents an Azure - Data Disk mount on the host and bind mount - to the pod. properties: cachingMode: - description: 'cachingMode is the Host - Caching mode: None, Read Only, Read - Write.' type: string diskName: - description: diskName is the Name of - the data disk in the blob storage type: string diskURI: - description: diskURI is the URI of data - disk in the blob storage type: string fsType: - description: fsType is Filesystem type - to mount. Must be a filesystem type - supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. type: string kind: - description: 'kind expected values are - Shared: multiple blob disks per storage - account Dedicated: single blob disk - per storage account Managed: azure - managed data disk (only in managed - availability set). defaults to shared' type: string readOnly: - description: readOnly Defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. type: boolean required: - diskName - diskURI type: object azureFile: - description: azureFile represents an Azure - File Service mount on the host and bind - mount to the pod. properties: readOnly: - description: readOnly defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. type: boolean secretName: - description: secretName is the name - of secret that contains Azure Storage - Account Name and Key type: string shareName: - description: shareName is the azure - share Name type: string required: - secretName - shareName type: object cephfs: - description: cephFS represents a Ceph FS - mount on the host that shares a pod's - lifetime properties: monitors: - description: 'monitors is Required: - Monitors is a collection of Ceph monitors - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' items: type: string type: array x-kubernetes-list-type: atomic path: - description: 'path is Optional: Used - as the mounted root, rather than the - full Ceph tree, default is /' type: string readOnly: - description: 'readOnly is Optional: - Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting - in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: boolean secretFile: - description: 'secretFile is Optional: - SecretFile is the path to key ring - for User, default is /etc/ceph/user.secret - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string secretRef: - description: 'secretRef is Optional: - SecretRef is reference to the authentication - secret for User, default is empty. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is optional: User - is the rados user name, default is - admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string required: - monitors type: object cinder: - description: 'cinder represents a cinder - volume attached and mounted on kubelets - host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' properties: fsType: - description: 'fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if - unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string readOnly: - description: 'readOnly defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: boolean secretRef: - description: 'secretRef is optional: - points to a secret object containing - parameters used to connect to OpenStack.' properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic volumeID: - description: 'volumeID used to identify - the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string required: - volumeID type: object configMap: - description: configMap represents a configMap - that should populate this volume properties: defaultMode: - description: 'defaultMode is optional: - mode bits used to set permissions - on created files by default. Must - be an octal value between 0000 and - 0777 or a decimal value between 0 - and 511. YAML accepts both octal and - decimal values, JSON requires decimal - values for mode bits. Defaults to - 0644. Directories within the path - are not affected by this setting. - This might be in conflict with other - options that affect the file mode, - like fsGroup, and the result can be - other mode bits set.' format: int32 type: integer items: - description: items if unspecified, each - key-value pair in the Data field of - the referenced ConfigMap will be projected - into the volume as a file whose name - is the key and content is the value. - If specified, the listed keys will - be projected into the specified paths, - and unlisted keys will not be present. - If a key is specified which is not - present in the ConfigMap, the volume - setup will error unless it is marked - optional. Paths must be relative and - may not contain the '..' path or start - with '..'. items: - description: Maps a string key to - a path within a volume. properties: key: - description: key is the key to - project. type: string mode: - description: 'mode is Optional: - mode bits used to set permissions - on this file. Must be an octal - value between 0000 and 0777 - or a decimal value between 0 - and 511. YAML accepts both octal - and decimal values, JSON requires - decimal values for mode bits. - If not specified, the volume - defaultMode will be used. This - might be in conflict with other - options that affect the file - mode, like fsGroup, and the - result can be other mode bits - set.' format: int32 type: integer path: - description: path is the relative - path of the file to map the - key to. May not be an absolute - path. May not contain the path - element '..'. May not start - with the string '..'. type: string required: - key @@ -12313,191 +4479,67 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value here - are almost certainly wrong. TODO: - Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional specify whether - the ConfigMap or its keys must be - defined type: boolean type: object x-kubernetes-map-type: atomic csi: - description: csi (Container Storage Interface) - represents ephemeral storage that is handled - by certain external CSI drivers (Beta - feature). properties: driver: - description: driver is the name of the - CSI driver that handles this volume. - Consult with your admin for the correct - name as registered in the cluster. type: string fsType: - description: fsType to mount. Ex. "ext4", - "xfs", "ntfs". If not provided, the - empty value is passed to the associated - CSI driver which will determine the - default filesystem to apply. type: string nodePublishSecretRef: - description: nodePublishSecretRef is - a reference to the secret object containing - sensitive information to pass to the - CSI driver to complete the CSI NodePublishVolume - and NodeUnpublishVolume calls. This - field is optional, and may be empty - if no secret is required. If the secret - object contains more than one secret, - all secret references are passed. properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic readOnly: - description: readOnly specifies a read-only - configuration for the volume. Defaults - to false (read/write). type: boolean volumeAttributes: additionalProperties: type: string - description: volumeAttributes stores - driver-specific properties that are - passed to the CSI driver. Consult - your driver's documentation for supported - values. type: object required: - driver type: object downwardAPI: - description: downwardAPI represents downward - API about the pod that should populate - this volume properties: defaultMode: - description: 'Optional: mode bits to - use on created files by default. Must - be a Optional: mode bits used to set - permissions on created files by default. - Must be an octal value between 0000 - and 0777 or a decimal value between - 0 and 511. YAML accepts both octal - and decimal values, JSON requires - decimal values for mode bits. Defaults - to 0644. Directories within the path - are not affected by this setting. - This might be in conflict with other - options that affect the file mode, - like fsGroup, and the result can be - other mode bits set.' format: int32 type: integer items: - description: Items is a list of downward - API volume file items: - description: DownwardAPIVolumeFile - represents information to create - the file containing the pod field properties: fieldRef: - description: 'Required: Selects - a field of the pod: only annotations, - labels, name, namespace and - uid are supported.' properties: apiVersion: - description: Version of the - schema the FieldPath is - written in terms of, defaults - to "v1". type: string fieldPath: - description: Path of the field - to select in the specified - API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: mode bits - used to set permissions on this - file, must be an octal value - between 0000 and 0777 or a decimal - value between 0 and 511. YAML - accepts both octal and decimal - values, JSON requires decimal - values for mode bits. If not - specified, the volume defaultMode - will be used. This might be - in conflict with other options - that affect the file mode, like - fsGroup, and the result can - be other mode bits set.' format: int32 type: integer path: - description: 'Required: Path is the - relative path name of the file - to be created. Must not be absolute - or contain the ''..'' path. - Must be utf-8 encoded. The first - item of the relative path must - not start with ''..''' type: string resourceFieldRef: - description: 'Selects a resource - of the container: only resources - limits and requests (limits.cpu, - limits.memory, requests.cpu - and requests.memory) are currently - supported.' properties: containerName: - description: 'Container name: - required for volumes, optional - for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the - output format of the exposed - resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource - to select' type: string required: - resource @@ -12510,251 +4552,50 @@ spec: x-kubernetes-list-type: atomic type: object emptyDir: - description: 'emptyDir represents a temporary - directory that shares a pod''s lifetime. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' properties: medium: - description: 'medium represents what - type of storage medium should back - this directory. The default is "" - which means to use the node''s default - medium. Must be an empty string (default) - or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: anyOf: - type: integer - type: string - description: 'sizeLimit is the total - amount of local storage required for - this EmptyDir volume. The size limit - is also applicable for memory medium. - The maximum usage on memory medium - EmptyDir would be the minimum value - between the SizeLimit specified here - and the sum of memory limits of all - containers in a pod. The default is - nil which means that the limit is - undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object ephemeral: - description: "ephemeral represents a volume - that is handled by a cluster storage driver. - The volume's lifecycle is tied to the - pod that defines it - it will be created - before the pod starts, and deleted when - the pod is removed. \n Use this if: a) - the volume is only needed while the pod - runs, b) features of normal volumes like - restoring from snapshot or capacity tracking - are needed, c) the storage driver is specified - through a storage class, and d) the storage - driver supports dynamic volume provisioning - through a PersistentVolumeClaim (see EphemeralVolumeSource - for more information on the connection - between this volume type and PersistentVolumeClaim). - \n Use PersistentVolumeClaim or one of - the vendor-specific APIs for volumes that - persist for longer than the lifecycle - of an individual pod. \n Use CSI for light-weight - local ephemeral volumes if the CSI driver - is meant to be used that way - see the - documentation of the driver for more information. - \n A pod can use both types of ephemeral - volumes and persistent volumes at the - same time." properties: volumeClaimTemplate: - description: "Will be used to create - a stand-alone PVC to provision the - volume. The pod in which this EphemeralVolumeSource - is embedded will be the owner of the - PVC, i.e. the PVC will be deleted - together with the pod. The name of - the PVC will be `-` where `` is the - name from the `PodSpec.Volumes` array - entry. Pod validation will reject - the pod if the concatenated name is - not valid for a PVC (for example, - too long). \n An existing PVC with - that name that is not owned by the - pod will *not* be used for the pod - to avoid using an unrelated volume - by mistake. Starting the pod is then - blocked until the unrelated PVC is - removed. If such a pre-created PVC - is meant to be used by the pod, the - PVC has to updated with an owner reference - to the pod once the pod exists. Normally - this should not be necessary, but - it may be useful when manually reconstructing - a broken cluster. \n This field is - read-only and no changes will be made - by Kubernetes to the PVC after it - has been created. \n Required, must - not be nil." properties: metadata: - description: May contain labels - and annotations that will be copied - into the PVC when creating it. - No other fields are allowed and - will be rejected during validation. properties: annotations: additionalProperties: type: string - description: 'Annotations is - an unstructured key value - map stored with a resource - that may be set by external - tools to store and retrieve - arbitrary metadata. They are - not queryable and should be - preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations' type: object generateName: - description: "GenerateName is - an optional prefix, used by - the server, to generate a - unique name ONLY IF the Name - field has not been provided. - If this field is used, the - name returned to the client - will be different than the - name passed. This value will - also be combined with a unique - suffix. The provided value - has the same validation rules - as the Name field, and may - be truncated by the length - of the suffix required to - make the value unique on the - server. \n If this field is - specified and the generated - name exists, the server will - NOT return a 409 - instead, - it will either return 201 - Created or 500 with Reason - ServerTimeout indicating a - unique name could not be found - in the time allotted, and - the client should retry (optionally - after the time indicated in - the Retry-After header). \n - Applied only if Name is not - specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" type: string labels: additionalProperties: type: string - description: 'Map of string - keys and values that can be - used to organize and categorize - (scope and select) objects. - May match selectors of replication - controllers and services. - More info: http://kubernetes.io/docs/user-guide/labels' type: object name: - description: 'Name must be unique - within a namespace. Is required - when creating resources, although - some resources may allow a - client to request the generation - of an appropriate name automatically. - Name is primarily intended - for creation idempotence and - configuration definition. - Cannot be updated. More info: - http://kubernetes.io/docs/user-guide/identifiers#names' type: string namespace: - description: "Namespace defines - the space within each name - must be unique. An empty namespace - is equivalent to the \"default\" - namespace, but \"default\" - is the canonical representation. - Not all objects are required - to be scoped to a namespace - - the value of this field - for those objects will be - empty. \n Must be a DNS_LABEL. - Cannot be updated. More info: - http://kubernetes.io/docs/user-guide/namespaces" type: string ownerReferences: - description: List of objects - depended by this object. If - ALL objects in the list have - been deleted, this object - will be garbage collected. - If this object is managed - by a controller, then an entry - in this list will point to - this controller, with the - controller field set to true. - There cannot be more than - one managing controller. items: - description: OwnerReference - contains enough information - to let you identify an owning - object. An owning object - must be in the same namespace - as the dependent, or be - cluster-scoped, so there - is no namespace field. properties: apiVersion: - description: API version - of the referent. type: string blockOwnerDeletion: - description: If true, - AND if the owner has - the "foregroundDeletion" - finalizer, then the - owner cannot be deleted - from the key-value store - until this reference - is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion - for how the garbage - collector interacts - with this field and - enforces the foreground - deletion. Defaults to - false. To set this field, - a user needs "delete" - permission of the owner, - otherwise 422 (Unprocessable - Entity) will be returned. type: boolean controller: - description: If true, - this reference points - to the managing controller. type: boolean kind: - description: 'Kind of - the referent. More info: - https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string name: - description: 'Name of - the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: - description: 'UID of the - referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -12766,63 +4607,19 @@ spec: type: array type: object spec: - description: The specification for - the PersistentVolumeClaim. The - entire content is copied unchanged - into the PVC that gets created - from this template. The same fields - as in a PersistentVolumeClaim - are also valid here. properties: accessModes: - description: 'accessModes contains - the desired access modes the - volume should have. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array x-kubernetes-list-type: atomic dataSource: - description: 'dataSource field - can be used to specify either: - * An existing VolumeSnapshot - object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an external - controller can support the - specified data source, it - will create a new volume based - on the contents of the specified - data source. When the AnyVolumeDataSource - feature gate is enabled, dataSource - contents will be copied to - dataSourceRef, and dataSourceRef - contents will be copied to - dataSource when dataSourceRef.namespace - is not specified. If the namespace - is specified, then dataSourceRef - will not be copied to dataSource.' properties: apiGroup: - description: APIGroup is - the group for the resource - being referenced. If APIGroup - is not specified, the - specified Kind must be - in the core API group. - For any other third-party - types, APIGroup is required. type: string kind: - description: Kind is the - type of resource being - referenced type: string name: - description: Name is the - name of resource being - referenced type: string required: - kind @@ -12830,110 +4627,20 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef - specifies the object from - which to populate the volume - with data, if a non-empty - volume is desired. This may - be any object from a non-empty - API group (non core object) - or a PersistentVolumeClaim - object. When this field is - specified, volume binding - will only succeed if the type - of the specified object matches - some installed volume populator - or dynamic provisioner. This - field will replace the functionality - of the dataSource field and - as such if both fields are - non-empty, they must have - the same value. For backwards - compatibility, when namespace - isn''t specified in dataSourceRef, - both fields (dataSource and - dataSourceRef) will be set - to the same value automatically - if one of them is empty and - the other is non-empty. When - namespace is specified in - dataSourceRef, dataSource - isn''t set to the same value - and must be empty. There are - three important differences - between dataSource and dataSourceRef: - * While dataSource only allows - two specific types of objects, - dataSourceRef allows any non-core - object, as well as PersistentVolumeClaim - objects. * While dataSource - ignores disallowed values - (dropping them), dataSourceRef - preserves all values, and - generates an error if a disallowed - value is specified. * While - dataSource only allows local - objects, dataSourceRef allows - objects in any namespaces. - (Beta) Using this field requires - the AnyVolumeDataSource feature - gate to be enabled. (Alpha) - Using the namespace field - of dataSourceRef requires - the CrossNamespaceVolumeDataSource - feature gate to be enabled.' properties: apiGroup: - description: APIGroup is - the group for the resource - being referenced. If APIGroup - is not specified, the - specified Kind must be - in the core API group. - For any other third-party - types, APIGroup is required. type: string kind: - description: Kind is the - type of resource being - referenced type: string name: - description: Name is the - name of resource being - referenced type: string namespace: - description: Namespace is - the namespace of resource - being referenced Note - that when a namespace - is specified, a gateway.networking.k8s.io/ReferenceGrant - object is required in - the referent namespace - to allow that namespace's - owner to accept the reference. - See the ReferenceGrant - documentation for details. - (Alpha) This field requires - the CrossNamespaceVolumeDataSource - feature gate to be enabled. type: string required: - kind - name type: object resources: - description: 'resources represents - the minimum resources the - volume should have. If RecoverVolumeExpansionFailure - feature is enabled users are - allowed to specify resource - requirements that are lower - than previous value but must - still be higher than capacity - recorded in the status field - of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: @@ -12942,10 +4649,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes - the maximum amount of - compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -12954,66 +4657,18 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes - the minimum amount of - compute resources required. - If Requests is omitted - for a container, it defaults - to Limits if that is explicitly - specified, otherwise to - an implementation-defined - value. Requests cannot - exceed Limits. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: - description: selector is a label - query over volumes to consider - for binding. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key - and values. properties: key: - description: key is - the label key that - the selector applies - to. type: string operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values - is an array of string - values. If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. This - array is replaced - during a strategic - merge patch. items: type: string type: array @@ -13027,69 +4682,16 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an element - of matchExpressions, whose - key field is "key", the - operator is "In", and - the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName - is the name of the StorageClass - required by the claim. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeAttributesClassName: - description: 'volumeAttributesClassName - may be used to set the VolumeAttributesClass - used by this claim. If specified, - the CSI driver will create - or update the volume with - the attributes defined in - the corresponding VolumeAttributesClass. - This has a different purpose - than storageClassName, it - can be changed after the claim - is created. An empty string - value means that no VolumeAttributesClass - will be applied to the claim - but it''s not allowed to reset - this field to empty string - once it is set. If unspecified - and the PersistentVolumeClaim - is unbound, the default VolumeAttributesClass - will be set by the persistentvolume - controller if it exists. If - the resource referred to by - volumeAttributesClass does - not exist, this PersistentVolumeClaim - will be set to a Pending state, - as reflected by the modifyVolumeStatus - field, until such as a resource - exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires - the VolumeAttributesClass - feature gate to be enabled.' type: string volumeMode: - description: volumeMode defines - what type of volume is required - by the claim. Value of Filesystem - is implied when not included - in claim spec. type: string volumeName: - description: volumeName is the - binding reference to the PersistentVolume - backing this claim. type: string type: object required: @@ -13097,103 +4699,41 @@ spec: type: object type: object fc: - description: fc represents a Fibre Channel - resource that is attached to a kubelet's - host machine and then exposed to the pod. properties: fsType: - description: 'fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if - unspecified. TODO: how do we prevent - errors in the filesystem from compromising - the machine' type: string lun: - description: 'lun is Optional: FC target - lun number' format: int32 type: integer readOnly: - description: 'readOnly is Optional: - Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting - in VolumeMounts.' type: boolean targetWWNs: - description: 'targetWWNs is Optional: - FC target worldwide names (WWNs)' items: type: string type: array x-kubernetes-list-type: atomic wwids: - description: 'wwids Optional: FC volume - world wide identifiers (wwids) Either - wwids or combination of targetWWNs - and lun must be set, but not both - simultaneously.' items: type: string type: array x-kubernetes-list-type: atomic type: object flexVolume: - description: flexVolume represents a generic - volume resource that is provisioned/attached - using an exec based plugin. properties: driver: - description: driver is the name of the - driver to use for this volume. type: string fsType: - description: fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - The default filesystem depends on - FlexVolume script. type: string options: additionalProperties: type: string - description: 'options is Optional: this - field holds extra command options - if any.' type: object readOnly: - description: 'readOnly is Optional: - defaults to false (read/write). ReadOnly - here will force the ReadOnly setting - in VolumeMounts.' type: boolean secretRef: - description: 'secretRef is Optional: - secretRef is reference to the secret - object containing sensitive information - to pass to the plugin scripts. This - may be empty if no secret object is - specified. If the secret object contains - more than one secret, all secrets - are passed to the plugin scripts.' properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic @@ -13201,207 +4741,79 @@ spec: - driver type: object flocker: - description: flocker represents a Flocker - volume attached to a kubelet's host machine. - This depends on the Flocker control service - being running properties: datasetName: - description: datasetName is Name of - the dataset stored as metadata -> - name on the dataset for Flocker should - be considered as deprecated type: string datasetUUID: - description: datasetUUID is the UUID - of the dataset. This is unique identifier - of a Flocker dataset type: string type: object gcePersistentDisk: - description: 'gcePersistentDisk represents - a GCE Disk resource that is attached to - a kubelet''s host machine and then exposed - to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' properties: fsType: - description: 'fsType is filesystem type - of the volume that you want to mount. - Tip: Ensure that the filesystem type - is supported by the host operating - system. Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if - unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in - the filesystem from compromising the - machine' type: string partition: - description: 'partition is the partition - in the volume that you want to mount. - If omitted, the default is to mount - by volume name. Examples: For volume - /dev/sda1, you specify the partition - as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can leave - the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' format: int32 type: integer pdName: - description: 'pdName is unique name - of the PD resource in GCE. Used to - identify the disk in GCE. More info: - https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: string readOnly: - description: 'readOnly here will force - the ReadOnly setting in VolumeMounts. - Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: boolean required: - pdName type: object glusterfs: - description: 'glusterfs represents a Glusterfs - mount on the host that shares a pod''s - lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' properties: endpoints: - description: 'endpoints is the endpoint - name that details Glusterfs topology. - More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string path: - description: 'path is the Glusterfs - volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string readOnly: - description: 'readOnly here will force - the Glusterfs volume to be mounted - with read-only permissions. Defaults - to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: boolean required: - endpoints - path type: object hostPath: - description: 'hostPath represents a pre-existing - file or directory on the host machine - that is directly exposed to the container. - This is generally used for system agents - or other privileged things that are allowed - to see the host machine. Most containers - will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict - who can use host directory mounts and - who can/can not mount host directories - as read/write.' properties: path: - description: 'path of the directory - on the host. If the path is a symlink, - it will follow the link to the real - path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string type: - description: 'type for HostPath Volume - Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string required: - path type: object iscsi: - description: 'iscsi represents an ISCSI - Disk resource that is attached to a kubelet''s - host machine and then exposed to the pod. - More info: https://examples.k8s.io/volumes/iscsi/README.md' properties: chapAuthDiscovery: - description: chapAuthDiscovery defines - whether support iSCSI Discovery CHAP - authentication type: boolean chapAuthSession: - description: chapAuthSession defines - whether support iSCSI Session CHAP - authentication type: boolean fsType: - description: 'fsType is the filesystem - type of the volume that you want to - mount. Tip: Ensure that the filesystem - type is supported by the host operating - system. Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if - unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in - the filesystem from compromising the - machine' type: string initiatorName: - description: initiatorName is the custom - iSCSI Initiator Name. If initiatorName - is specified with iscsiInterface simultaneously, - new iSCSI interface : will be created for the connection. type: string iqn: - description: iqn is the target iSCSI - Qualified Name. type: string iscsiInterface: - description: iscsiInterface is the interface - Name that uses an iSCSI transport. - Defaults to 'default' (tcp). type: string lun: - description: lun represents iSCSI Target - Lun number. format: int32 type: integer portals: - description: portals is the iSCSI Target - Portal List. The portal is either - an IP or ip_addr:port if the port - is other than default (typically TCP - ports 860 and 3260). items: type: string type: array x-kubernetes-list-type: atomic readOnly: - description: readOnly here will force - the ReadOnly setting in VolumeMounts. - Defaults to false. type: boolean secretRef: - description: secretRef is the CHAP Secret - for iSCSI target and initiator authentication properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic targetPortal: - description: targetPortal is iSCSI Target - Portal. The Portal is either an IP - or ip_addr:port if the port is other - than default (typically TCP ports - 860 and 3260). type: string required: - iqn @@ -13409,204 +4821,68 @@ spec: - targetPortal type: object name: - description: 'name of the volume. Must be - a DNS_LABEL and unique within the pod. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string nfs: - description: 'nfs represents an NFS mount - on the host that shares a pod''s lifetime - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' properties: path: - description: 'path that is exported - by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string readOnly: - description: 'readOnly here will force - the NFS export to be mounted with - read-only permissions. Defaults to - false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: boolean server: - description: 'server is the hostname - or IP address of the NFS server. More - info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string required: - path - server type: object persistentVolumeClaim: - description: 'persistentVolumeClaimVolumeSource - represents a reference to a PersistentVolumeClaim - in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: claimName: - description: 'claimName is the name - of a PersistentVolumeClaim in the - same namespace as the pod using this - volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' type: string readOnly: - description: readOnly Will force the - ReadOnly setting in VolumeMounts. - Default false. type: boolean required: - claimName type: object photonPersistentDisk: - description: photonPersistentDisk represents - a PhotonController persistent disk attached - and mounted on kubelets host machine properties: fsType: - description: fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if - unspecified. type: string pdID: - description: pdID is the ID that identifies - Photon Controller persistent disk type: string required: - pdID type: object portworxVolume: - description: portworxVolume represents a - portworx volume attached and mounted on - kubelets host machine properties: fsType: - description: fSType represents the filesystem - type to mount Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs". Implicitly - inferred to be "ext4" if unspecified. type: string readOnly: - description: readOnly defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. type: boolean volumeID: - description: volumeID uniquely identifies - a Portworx volume type: string required: - volumeID type: object projected: - description: projected items for all in - one resources secrets, configmaps, and - downward API properties: defaultMode: - description: defaultMode are the mode - bits used to set permissions on created - files by default. Must be an octal - value between 0000 and 0777 or a decimal - value between 0 and 511. YAML accepts - both octal and decimal values, JSON - requires decimal values for mode bits. - Directories within the path are not - affected by this setting. This might - be in conflict with other options - that affect the file mode, like fsGroup, - and the result can be other mode bits - set. format: int32 type: integer sources: - description: sources is the list of - volume projections items: - description: Projection that may be - projected along with other supported - volume types properties: clusterTrustBundle: - description: "ClusterTrustBundle - allows a pod to access the `.spec.trustBundle` - field of ClusterTrustBundle - objects in an auto-updating - file. \n Alpha, gated by the - ClusterTrustBundleProjection - feature gate. \n ClusterTrustBundle - objects can either be selected - by name, or by the combination - of signer name and a label selector. - \n Kubelet performs aggressive - normalization of the PEM contents - written into the pod filesystem. - \ Esoteric PEM features such - as inter-block comments and - block headers are stripped. - \ Certificates are deduplicated. - The ordering of certificates - within the file is arbitrary, - and Kubelet may change the order - over time." properties: labelSelector: - description: Select all ClusterTrustBundles - that match this label selector. Only - has effect if signerName - is set. Mutually-exclusive - with name. If unset, interpreted - as "match nothing". If - set but empty, interpreted - as "match everything". properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. properties: key: - description: key - is the label key - that the selector - applies to. type: string operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. items: type: string type: array @@ -13620,123 +4896,31 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. type: object type: object x-kubernetes-map-type: atomic name: - description: Select a single - ClusterTrustBundle by object - name. Mutually-exclusive - with signerName and labelSelector. type: string optional: - description: If true, don't - block pod startup if the - referenced ClusterTrustBundle(s) - aren't available. If using - name, then the named ClusterTrustBundle - is allowed not to exist. If - using signerName, then the - combination of signerName - and labelSelector is allowed - to match zero ClusterTrustBundles. type: boolean path: - description: Relative path - from the volume root to - write the bundle. type: string signerName: - description: Select all ClusterTrustBundles - that match this signer name. - Mutually-exclusive with - name. The contents of all - selected ClusterTrustBundles - will be unified and deduplicated. type: string required: - path type: object configMap: - description: configMap information - about the configMap data to - project properties: items: - description: items if unspecified, - each key-value pair in the - Data field of the referenced - ConfigMap will be projected - into the volume as a file - whose name is the key and - content is the value. If - specified, the listed keys - will be projected into the - specified paths, and unlisted - keys will not be present. - If a key is specified which - is not present in the ConfigMap, - the volume setup will error - unless it is marked optional. - Paths must be relative and - may not contain the '..' - path or start with '..'. items: - description: Maps a string - key to a path within a - volume. properties: key: - description: key is - the key to project. type: string mode: - description: 'mode is - Optional: mode bits - used to set permissions - on this file. Must - be an octal value - between 0000 and 0777 - or a decimal value - between 0 and 511. - YAML accepts both - octal and decimal - values, JSON requires - decimal values for - mode bits. If not - specified, the volume - defaultMode will be - used. This might be - in conflict with other - options that affect - the file mode, like - fsGroup, and the result - can be other mode - bits set.' format: int32 type: integer path: - description: path is - the relative path - of the file to map - the key to. May not - be an absolute path. - May not contain the - path element '..'. - May not start with - the string '..'. type: string required: - key @@ -13746,134 +4930,42 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of the - referent. This field is - effectively required, but - due to backwards compatibility - is allowed to be empty. - Instances of this type with - an empty value here are - almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional specify - whether the ConfigMap or - its keys must be defined type: boolean type: object x-kubernetes-map-type: atomic downwardAPI: - description: downwardAPI information - about the downwardAPI data to - project properties: items: - description: Items is a list - of DownwardAPIVolume file items: - description: DownwardAPIVolumeFile - represents information - to create the file containing - the pod field properties: fieldRef: - description: 'Required: - Selects a field of - the pod: only annotations, - labels, name, namespace - and uid are supported.' properties: apiVersion: - description: Version - of the schema - the FieldPath - is written in - terms of, defaults - to "v1". type: string fieldPath: - description: Path - of the field to - select in the - specified API - version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: - mode bits used to - set permissions on - this file, must be - an octal value between - 0000 and 0777 or a - decimal value between - 0 and 511. YAML accepts - both octal and decimal - values, JSON requires - decimal values for - mode bits. If not - specified, the volume - defaultMode will be - used. This might be - in conflict with other - options that affect - the file mode, like - fsGroup, and the result - can be other mode - bits set.' format: int32 type: integer path: - description: 'Required: - Path is the relative - path name of the file - to be created. Must - not be absolute or - contain the ''..'' - path. Must be utf-8 - encoded. The first - item of the relative - path must not start - with ''..''' type: string resourceFieldRef: - description: 'Selects - a resource of the - container: only resources - limits and requests - (limits.cpu, limits.memory, - requests.cpu and requests.memory) - are currently supported.' properties: containerName: - description: 'Container - name: required - for volumes, optional - for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies - the output format - of the exposed - resources, defaults - to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: - resource to select' type: string required: - resource @@ -13886,72 +4978,16 @@ spec: x-kubernetes-list-type: atomic type: object secret: - description: secret information - about the secret data to project properties: items: - description: items if unspecified, - each key-value pair in the - Data field of the referenced - Secret will be projected - into the volume as a file - whose name is the key and - content is the value. If - specified, the listed keys - will be projected into the - specified paths, and unlisted - keys will not be present. - If a key is specified which - is not present in the Secret, - the volume setup will error - unless it is marked optional. - Paths must be relative and - may not contain the '..' - path or start with '..'. items: - description: Maps a string - key to a path within a - volume. properties: key: - description: key is - the key to project. type: string mode: - description: 'mode is - Optional: mode bits - used to set permissions - on this file. Must - be an octal value - between 0000 and 0777 - or a decimal value - between 0 and 511. - YAML accepts both - octal and decimal - values, JSON requires - decimal values for - mode bits. If not - specified, the volume - defaultMode will be - used. This might be - in conflict with other - options that affect - the file mode, like - fsGroup, and the result - can be other mode - bits set.' format: int32 type: integer path: - description: path is - the relative path - of the file to map - the key to. May not - be an absolute path. - May not contain the - path element '..'. - May not start with - the string '..'. type: string required: - key @@ -13961,68 +4997,19 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of the - referent. This field is - effectively required, but - due to backwards compatibility - is allowed to be empty. - Instances of this type with - an empty value here are - almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional field - specify whether the Secret - or its key must be defined type: boolean type: object x-kubernetes-map-type: atomic serviceAccountToken: - description: serviceAccountToken - is information about the serviceAccountToken - data to project properties: audience: - description: audience is the - intended audience of the - token. A recipient of a - token must identify itself - with an identifier specified - in the audience of the token, - and otherwise should reject - the token. The audience - defaults to the identifier - of the apiserver. type: string expirationSeconds: - description: expirationSeconds - is the requested duration - of validity of the service - account token. As the token - approaches expiration, the - kubelet volume plugin will - proactively rotate the service - account token. The kubelet - will start trying to rotate - the token if the token is - older than 80 percent of - its time to live or if the - token is older than 24 hours.Defaults - to 1 hour and must be at - least 10 minutes. format: int64 type: integer path: - description: path is the path - relative to the mount point - of the file to project the - token into. type: string required: - path @@ -14032,196 +5019,79 @@ spec: x-kubernetes-list-type: atomic type: object quobyte: - description: quobyte represents a Quobyte - mount on the host that shares a pod's - lifetime properties: group: - description: group to map volume access - to Default is no group type: string readOnly: - description: readOnly here will force - the Quobyte volume to be mounted with - read-only permissions. Defaults to - false. type: boolean registry: - description: registry represents a single - or multiple Quobyte Registry services - specified as a string as host:port - pair (multiple entries are separated - with commas) which acts as the central - registry for volumes type: string tenant: - description: tenant owning the given - Quobyte volume in the Backend Used - with dynamically provisioned Quobyte - volumes, value is set by the plugin type: string user: - description: user to map volume access - to Defaults to serivceaccount user type: string volume: - description: volume is a string that - references an already created Quobyte - volume by name. type: string required: - registry - volume type: object rbd: - description: 'rbd represents a Rados Block - Device mount on the host that shares a - pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' properties: fsType: - description: 'fsType is the filesystem - type of the volume that you want to - mount. Tip: Ensure that the filesystem - type is supported by the host operating - system. Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if - unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in - the filesystem from compromising the - machine' type: string image: - description: 'image is the rados image - name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string keyring: - description: 'keyring is the path to - key ring for RBDUser. Default is /etc/ceph/keyring. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string monitors: - description: 'monitors is a collection - of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' items: type: string type: array x-kubernetes-list-type: atomic pool: - description: 'pool is the rados pool - name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string readOnly: - description: 'readOnly here will force - the ReadOnly setting in VolumeMounts. - Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: boolean secretRef: - description: 'secretRef is name of the - authentication secret for RBDUser. - If provided overrides keyring. Default - is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is the rados user - name. Default is admin. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string required: - image - monitors type: object scaleIO: - description: scaleIO represents a ScaleIO - persistent volume attached and mounted - on Kubernetes nodes. properties: fsType: - description: fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Default is "xfs". type: string gateway: - description: gateway is the host address - of the ScaleIO API Gateway. type: string protectionDomain: - description: protectionDomain is the - name of the ScaleIO Protection Domain - for the configured storage. type: string readOnly: - description: readOnly Defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: secretRef references to - the secret for ScaleIO user and other - sensitive information. If this is - not provided, Login operation will - fail. properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic sslEnabled: - description: sslEnabled Flag enable/disable - SSL communication with Gateway, default - false type: boolean storageMode: - description: storageMode indicates whether - the storage for a volume should be - ThickProvisioned or ThinProvisioned. - Default is ThinProvisioned. type: string storagePool: - description: storagePool is the ScaleIO - Storage Pool associated with the protection - domain. type: string system: - description: system is the name of the - storage system as configured in ScaleIO. type: string volumeName: - description: volumeName is the name - of a volume already created in the - ScaleIO system that is associated - with this volume source. type: string required: - gateway @@ -14229,75 +5099,19 @@ spec: - system type: object secret: - description: 'secret represents a secret - that should populate this volume. More - info: https://kubernetes.io/docs/concepts/storage/volumes#secret' properties: defaultMode: - description: 'defaultMode is Optional: - mode bits used to set permissions - on created files by default. Must - be an octal value between 0000 and - 0777 or a decimal value between 0 - and 511. YAML accepts both octal and - decimal values, JSON requires decimal - values for mode bits. Defaults to - 0644. Directories within the path - are not affected by this setting. - This might be in conflict with other - options that affect the file mode, - like fsGroup, and the result can be - other mode bits set.' format: int32 type: integer items: - description: items If unspecified, each - key-value pair in the Data field of - the referenced Secret will be projected - into the volume as a file whose name - is the key and content is the value. - If specified, the listed keys will - be projected into the specified paths, - and unlisted keys will not be present. - If a key is specified which is not - present in the Secret, the volume - setup will error unless it is marked - optional. Paths must be relative and - may not contain the '..' path or start - with '..'. items: - description: Maps a string key to - a path within a volume. properties: key: - description: key is the key to - project. type: string mode: - description: 'mode is Optional: - mode bits used to set permissions - on this file. Must be an octal - value between 0000 and 0777 - or a decimal value between 0 - and 511. YAML accepts both octal - and decimal values, JSON requires - decimal values for mode bits. - If not specified, the volume - defaultMode will be used. This - might be in conflict with other - options that affect the file - mode, like fsGroup, and the - result can be other mode bits - set.' format: int32 type: integer path: - description: path is the relative - path of the file to map the - key to. May not be an absolute - path. May not contain the path - element '..'. May not start - with the string '..'. type: string required: - key @@ -14306,102 +5120,37 @@ spec: type: array x-kubernetes-list-type: atomic optional: - description: optional field specify - whether the Secret or its keys must - be defined type: boolean secretName: - description: 'secretName is the name - of the secret in the pod''s namespace - to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' type: string type: object storageos: - description: storageOS represents a StorageOS - volume attached and mounted on Kubernetes - nodes. properties: fsType: - description: fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if - unspecified. type: string readOnly: - description: readOnly defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: secretRef specifies the - secret to use for obtaining the StorageOS - API credentials. If not specified, - default values will be attempted. properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic volumeName: - description: volumeName is the human-readable - name of the StorageOS volume. Volume - names are only unique within a namespace. type: string volumeNamespace: - description: volumeNamespace specifies - the scope of the volume within StorageOS. If - no namespace is specified then the - Pod's namespace will be used. This - allows the Kubernetes name scoping - to be mirrored within StorageOS for - tighter integration. Set VolumeName - to any name to override the default - behaviour. Set to "default" if you - are not using namespaces within StorageOS. - Namespaces that do not pre-exist within - StorageOS will be created. type: string type: object vsphereVolume: - description: vsphereVolume represents a - vSphere volume attached and mounted on - kubelets host machine properties: fsType: - description: fsType is filesystem type - to mount. Must be a filesystem type - supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. type: string storagePolicyID: - description: storagePolicyID is the - storage Policy Based Management (SPBM) - profile ID associated with the StoragePolicyName. type: string storagePolicyName: - description: storagePolicyName is the - storage Policy Based Management (SPBM) - profile name. type: string volumePath: - description: volumePath is the path - that identifies vSphere volume vmdk type: string required: - volumePath @@ -14412,135 +5161,61 @@ spec: type: array type: object variables: - description: Variables specifies a list of variables - and their sources that will be used to resolve the - task. items: - description: EnvVar represents an environment variable - present in a Container. properties: name: - description: Name of the environment variable. - Must be a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) - are expanded using the previously defined - environment variables in the container and - any service environment variables. If a variable - cannot be resolved, the reference in the input - string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the - $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, - regardless of whether the variable exists - or not. Defaults to "".' type: string valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. properties: configMapKeyRef: - description: Selects a key of a ConfigMap. properties: key: - description: The key to select. type: string name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value here - are almost certainly wrong. TODO: - Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the ConfigMap - or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of the pod: - supports metadata.name, metadata.namespace, - `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, status.podIPs.' properties: apiVersion: - description: Version of the schema the - FieldPath is written in terms of, - defaults to "v1". type: string fieldPath: - description: Path of the field to select - in the specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource of the - container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, - requests.cpu, requests.memory and requests.ephemeral-storage) - are currently supported.' properties: containerName: - description: 'Container name: required - for volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output format - of the exposed resources, defaults - to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to - select' type: string required: - resource type: object x-kubernetes-map-type: atomic secretKeyRef: - description: Selects a key of a secret in - the pod's namespace properties: key: - description: The key of the secret to - select from. Must be a valid secret - key. type: string name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value here - are almost certainly wrong. TODO: - Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the Secret - or its key must be defined type: boolean required: - key @@ -14555,225 +5230,97 @@ spec: type: array type: object backupTimeout: - description: BackupTimeout specifies the maximum duration of - backup. Backup will be considered Failed if backup tasks do - not complete within this time limit. By default, KubeStash - don't set any timeout for backup. type: string hooks: - description: Hooks specifies the backup hooks that should be - executed before and/or after the backup. properties: postBackup: - description: PostBackup specifies a list of hooks that will - be executed after backup items: - description: HookInfo specifies the information about - the backup/restore hooks properties: executionPolicy: default: Always - description: 'ExecutionPolicy specifies when to execute - the hook. Valid values are: - "Always": KubeStash - will execute this hook no matter the backup/restore - failed. This is the default execution policy. - - "OnSuccess": KubeStash will execute this hook only - if the backup/restore has succeeded. - "OnFailure": - KubeStash will execute this hook only if the backup/restore - has failed.' enum: - Always - OnSuccess - OnFailure type: string hookTemplate: - description: HookTemplate points to a HookTemplate - CR that will be used to execute the hook. You can - refer to a HookTemplate from other namespaces as - long as your current namespace is allowed by the - `usagePolicy` in the respective HookTemplate. properties: name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string required: - name type: object maxRetry: - description: MaxRetry specifies how many times KubeStash - should retry the hook execution in case of failure. - The default value of this field is 0 which means - no retry. format: int32 minimum: 0 type: integer name: - description: Name specifies a name for the hook type: string params: - description: Params specifies parameters for the hook. - You must provide the parameter in the HookTemplates - desired structure. type: object x-kubernetes-preserve-unknown-fields: true runtimeSettings: - description: RuntimeSettings specifies runtime configurations - for the hook executor Job. Use this field only for - `Function` type hook executor. properties: container: properties: env: - description: List of environment variables - to set in the container. Cannot be updated. items: - description: EnvVar represents an environment - variable present in a Container. properties: name: - description: Name of the environment - variable. Must be a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) - are expanded using the previously - defined environment variables in the - container and any service environment - variables. If a variable cannot be - resolved, the reference in the input - string will be unchanged. Double $$ - are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: - i.e. "$$(VAR_NAME)" will produce the - string literal "$(VAR_NAME)". Escaped - references will never be expanded, - regardless of whether the variable - exists or not. Defaults to "".' type: string valueFrom: - description: Source for the environment - variable's value. Cannot be used if - value is not empty. properties: configMapKeyRef: - description: Selects a key of a - ConfigMap. properties: key: - description: The key to select. type: string name: default: "" - description: 'Name of the referent. - This field is effectively - required, but due to backwards - compatibility is allowed to - be empty. Instances of this - type with an empty value here - are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether - the ConfigMap or its key must - be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of - the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, status.podIPs.' properties: apiVersion: - description: Version of the - schema the FieldPath is written - in terms of, defaults to "v1". type: string fieldPath: - description: Path of the field - to select in the specified - API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource - of the container: only resources - limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, - requests.cpu, requests.memory - and requests.ephemeral-storage) - are currently supported.' properties: containerName: - description: 'Container name: - required for volumes, optional - for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output - format of the exposed resources, - defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource - to select' type: string required: - resource type: object x-kubernetes-map-type: atomic secretKeyRef: - description: Selects a key of a - secret in the pod's namespace properties: key: - description: The key of the - secret to select from. Must - be a valid secret key. type: string name: default: "" - description: 'Name of the referent. - This field is effectively - required, but due to backwards - compatibility is allowed to - be empty. Instances of this - type with an empty value here - are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether - the Secret or its key must - be defined type: boolean required: - key @@ -14785,81 +5332,31 @@ spec: type: object type: array envFrom: - description: List of sources to populate environment - variables in the container. The keys defined - within a source must be a C_IDENTIFIER. - All invalid keys will be reported as an - event when the container is starting. When - a key exists in multiple sources, the value - associated with the last source will take - precedence. Values defined by an Env with - a duplicate key will take precedence. Cannot - be updated. items: - description: EnvFromSource represents the - source of a set of ConfigMaps properties: configMapRef: - description: The ConfigMap to select - from properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the - ConfigMap must be defined type: boolean type: object x-kubernetes-map-type: atomic prefix: - description: An optional identifier - to prepend to each key in the ConfigMap. - Must be a C_IDENTIFIER. type: string secretRef: - description: The Secret to select from properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the - Secret must be defined type: boolean type: object x-kubernetes-map-type: atomic type: object type: array ionice: - description: 'Settings to configure `ionice` - to throttle the load on disk. More info: - http://kennystechtalk.blogspot.com/2015/04/throttling-cpu-usage-with-linux-cgroups.html - More info: https://oakbytes.wordpress.com/2012/06/06/linux-scheduler-cfs-and-nice/' properties: class: format: int32 @@ -14869,72 +5366,27 @@ spec: type: integer type: object lifecycle: - description: Actions that the management system - should take in response to container lifecycle - events. Cannot be updated. properties: postStart: - description: 'PostStart is called immediately - after a container is created. If the - handler fails, the container is terminated - and restarted according to its restart - policy. Other management of the container - blocks until the hook completes. More - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: Exec specifies the action - to take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the - command is root ('/') in the - container's filesystem. The - command is simply exec'd, it - is not run inside a shell, so - traditional shell instructions - ('|', etc) won't work. To use - a shell, you need to explicitly - call out to that shell. Exit - status of 0 is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the - http request to perform. properties: host: - description: Host name to connect - to, defaults to the pod IP. - You probably want to set "Host" - in httpHeaders instead. type: string httpHeaders: - description: Custom headers to - set in the request. HTTP allows - repeated headers. items: - description: HTTPHeader describes - a custom header to be used - in HTTP probes properties: name: - description: The header - field name. This will - be canonicalized upon - output, so case-variant - names will be understood - as the same header. type: string value: - description: The header - field value type: string required: - name @@ -14943,138 +5395,58 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on - the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for - connecting to the host. Defaults - to HTTP. type: string required: - port type: object sleep: - description: Sleep represents the - duration that the container should - sleep before being terminated. properties: seconds: - description: Seconds is the number - of seconds to sleep. format: int64 type: integer required: - seconds type: object tcpSocket: - description: Deprecated. TCPSocket - is NOT supported as a LifecycleHandler - and kept for the backward compatibility. - There are no validation of this - field and lifecycle hooks will fail - in runtime when tcp handler is specified. properties: host: - description: 'Optional: Host name - to connect to, defaults to the - pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: - description: 'PreStop is called immediately - before a container is terminated due - to an API request or management event - such as liveness/startup probe failure, - preemption, resource contention, etc. - The handler is not called if the container - crashes or exits. The Pod''s termination - grace period countdown begins before - the PreStop hook is executed. Regardless - of the outcome of the handler, the container - will eventually terminate within the - Pod''s termination grace period (unless - delayed by finalizers). Other management - of the container blocks until the hook - completes or until the termination grace - period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: Exec specifies the action - to take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the - command is root ('/') in the - container's filesystem. The - command is simply exec'd, it - is not run inside a shell, so - traditional shell instructions - ('|', etc) won't work. To use - a shell, you need to explicitly - call out to that shell. Exit - status of 0 is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the - http request to perform. properties: host: - description: Host name to connect - to, defaults to the pod IP. - You probably want to set "Host" - in httpHeaders instead. type: string httpHeaders: - description: Custom headers to - set in the request. HTTP allows - repeated headers. items: - description: HTTPHeader describes - a custom header to be used - in HTTP probes properties: name: - description: The header - field name. This will - be canonicalized upon - output, so case-variant - names will be understood - as the same header. type: string value: - description: The header - field value type: string required: - name @@ -15083,62 +5455,33 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on - the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for - connecting to the host. Defaults - to HTTP. type: string required: - port type: object sleep: - description: Sleep represents the - duration that the container should - sleep before being terminated. properties: seconds: - description: Seconds is the number - of seconds to sleep. format: int64 type: integer required: - seconds type: object tcpSocket: - description: Deprecated. TCPSocket - is NOT supported as a LifecycleHandler - and kept for the backward compatibility. - There are no validation of this - field and lifecycle hooks will fail - in runtime when tcp handler is specified. properties: host: - description: 'Optional: Host name - to connect to, defaults to the - pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -15146,88 +5489,38 @@ spec: type: object type: object livenessProbe: - description: 'Periodic probe of container - liveness. Container will be restarted if - the probe fails. Cannot be updated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action - to take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it - is not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to - explicitly call out to that shell. - Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults to - 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action - involving a GRPC port. properties: port: - description: Port number of the gRPC - service. Number must be in the range - 1 to 65535. format: int32 type: integer service: - description: "Service is the name - of the service to place in the gRPC - HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the - default behavior is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http - request to perform. properties: host: - description: Host name to connect - to, defaults to the pod IP. You - probably want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers to set - in the request. HTTP allows repeated - headers. items: - description: HTTPHeader describes - a custom header to be used in - HTTP probes properties: name: - description: The header field - name. This will be canonicalized - upon output, so case-variant - names will be understood as - the same header. type: string value: - description: The header field - value type: string required: - name @@ -15236,190 +5529,84 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the - HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the - port to access on the container. - Number must be in the range 1 to - 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after - the container has started before liveness - probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to - perform the probe. Default to 10 seconds. - Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to 1. - Must be 1 for liveness and startup. - Minimum value is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action - involving a TCP port. properties: host: - description: 'Optional: Host name - to connect to, defaults to the pod - IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the - port to access on the container. - Number must be in the range 1 to - 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds - the pod needs to terminate gracefully - upon probe failure. The grace period - is the duration in seconds after the - processes running in the pod are sent - a termination signal and the time when - the processes are forcibly halted with - a kill signal. Set this value longer - than the expected cleanup time for your - process. If this value is nil, the pod's - terminationGracePeriodSeconds will be - used. Otherwise, this value overrides - the value provided by the pod spec. - Value must be non-negative integer. - The value zero indicates stop immediately - via the kill signal (no opportunity - to shut down). This is a beta field - and requires enabling ProbeTerminationGracePeriod - feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after - which the probe times out. Defaults - to 1 second. Minimum value is 1. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object nice: - description: 'Settings to configure `nice` - to throttle the load on cpu. More info: - http://kennystechtalk.blogspot.com/2015/04/throttling-cpu-usage-with-linux-cgroups.html - More info: https://oakbytes.wordpress.com/2012/06/06/linux-scheduler-cfs-and-nice/' properties: adjustment: format: int32 type: integer type: object readinessProbe: - description: 'Periodic probe of container - service readiness. Container will be removed - from service endpoints if the probe fails. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action - to take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it - is not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to - explicitly call out to that shell. - Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults to - 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action - involving a GRPC port. properties: port: - description: Port number of the gRPC - service. Number must be in the range - 1 to 65535. format: int32 type: integer service: - description: "Service is the name - of the service to place in the gRPC - HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the - default behavior is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http - request to perform. properties: host: - description: Host name to connect - to, defaults to the pod IP. You - probably want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers to set - in the request. HTTP allows repeated - headers. items: - description: HTTPHeader describes - a custom header to be used in - HTTP probes properties: name: - description: The header field - name. This will be canonicalized - upon output, so case-variant - names will be understood as - the same header. type: string value: - description: The header field - value type: string required: - name @@ -15428,120 +5615,51 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the - HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the - port to access on the container. - Number must be in the range 1 to - 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after - the container has started before liveness - probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to - perform the probe. Default to 10 seconds. - Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to 1. - Must be 1 for liveness and startup. - Minimum value is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action - involving a TCP port. properties: host: - description: 'Optional: Host name - to connect to, defaults to the pod - IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the - port to access on the container. - Number must be in the range 1 to - 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds - the pod needs to terminate gracefully - upon probe failure. The grace period - is the duration in seconds after the - processes running in the pod are sent - a termination signal and the time when - the processes are forcibly halted with - a kill signal. Set this value longer - than the expected cleanup time for your - process. If this value is nil, the pod's - terminationGracePeriodSeconds will be - used. Otherwise, this value overrides - the value provided by the pod spec. - Value must be non-negative integer. - The value zero indicates stop immediately - via the kill signal (no opportunity - to shut down). This is a beta field - and requires enabling ProbeTerminationGracePeriod - feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after - which the probe times out. Defaults - to 1 second. Minimum value is 1. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object resources: - description: 'Compute Resources required by - container. Cannot be updated. More info: - https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' properties: claims: - description: "Claims lists the names of - resources, defined in spec.resourceClaims, - that are used by this container. \n - This is an alpha field and requires - enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. - It can only be set for containers." items: - description: ResourceClaim references - one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the - name of one entry in pod.spec.resourceClaims - of the Pod where this field is - used. It makes that resource available - inside a container. type: string required: - name @@ -15557,9 +5675,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum - amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -15568,248 +5683,77 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum - amount of compute resources required. - If Requests is omitted for a container, - it defaults to Limits if that is explicitly - specified, otherwise to an implementation-defined - value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: - description: 'Security options the pod should - run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation - controls whether a process can gain - more privileges than its parent process. - This bool directly controls if the no_new_privs - flag will be set on the container process. - AllowPrivilegeEscalation is true always - when the container is: 1) run as Privileged - 2) has CAP_SYS_ADMIN Note that this - field cannot be set when spec.os.name - is windows.' type: boolean appArmorProfile: - description: appArmorProfile is the AppArmor - options to use by this container. If - set, this profile overrides the pod's - appArmorProfile. Note that this field - cannot be set when spec.os.name is windows. properties: localhostProfile: - description: localhostProfile indicates - a profile loaded on the node that - should be used. The profile must - be preconfigured on the node to - work. Must match the loaded name - of the profile. Must be set if and - only if type is "Localhost". type: string type: - description: 'type indicates which - kind of AppArmor profile will be - applied. Valid options are: Localhost - - a profile pre-loaded on the node. - RuntimeDefault - the container runtime''s - default profile. Unconfined - no - AppArmor enforcement.' type: string required: - type type: object capabilities: - description: The capabilities to add/drop - when running containers. Defaults to - the default set of capabilities granted - by the container runtime. Note that - this field cannot be set when spec.os.name - is windows. properties: add: - description: Added capabilities items: - description: Capability represent - POSIX capabilities type type: string type: array x-kubernetes-list-type: atomic drop: - description: Removed capabilities items: - description: Capability represent - POSIX capabilities type type: string type: array x-kubernetes-list-type: atomic type: object privileged: - description: Run container in privileged - mode. Processes in privileged containers - are essentially equivalent to root on - the host. Defaults to false. Note that - this field cannot be set when spec.os.name - is windows. type: boolean procMount: - description: procMount denotes the type - of proc mount to use for the containers. - The default is DefaultProcMount which - uses the container runtime defaults - for readonly paths and masked paths. - This requires the ProcMountType feature - flag to be enabled. Note that this field - cannot be set when spec.os.name is windows. type: string readOnlyRootFilesystem: - description: Whether this container has - a read-only root filesystem. Default - is false. Note that this field cannot - be set when spec.os.name is windows. type: boolean runAsGroup: - description: The GID to run the entrypoint - of the container process. Uses runtime - default if unset. May also be set in - PodSecurityContext. If set in both - SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this field - cannot be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: - description: Indicates that the container - must run as a non-root user. If true, - the Kubelet will validate the image - at runtime to ensure that it does not - run as UID 0 (root) and fail to start - the container if it does. If unset or - false, no such validation will be performed. - May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint - of the container process. Defaults to - user specified in image metadata if - unspecified. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this field - cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be - applied to the container. If unspecified, - the container runtime will allocate - a random SELinux context for each container. May - also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this field - cannot be set when spec.os.name is windows. properties: level: - description: Level is SELinux level - label that applies to the container. type: string role: - description: Role is a SELinux role - label that applies to the container. type: string type: - description: Type is a SELinux type - label that applies to the container. type: string user: - description: User is a SELinux user - label that applies to the container. type: string type: object seccompProfile: - description: The seccomp options to use - by this container. If seccomp options - are provided at both the pod & container - level, the container options override - the pod options. Note that this field - cannot be set when spec.os.name is windows. properties: localhostProfile: - description: localhostProfile indicates - a profile defined in a file on the - node should be used. The profile - must be preconfigured on the node - to work. Must be a descending path, - relative to the kubelet's configured - seccomp profile location. Must be - set if type is "Localhost". Must - NOT be set for any other type. type: string type: - description: "type indicates which - kind of seccomp profile will be - applied. Valid options are: \n Localhost - - a profile defined in a file on - the node should be used. RuntimeDefault - - the container runtime default - profile should be used. Unconfined - - no profile should be applied." type: string required: - type type: object windowsOptions: - description: The Windows specific settings - applied to all containers. If unspecified, - the options from the PodSecurityContext - will be used. If set in both SecurityContext - and PodSecurityContext, the value specified - in SecurityContext takes precedence. - Note that this field cannot be set when - spec.os.name is linux. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is - where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA - credential spec named by the GMSACredentialSpecName - field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName - is the name of the GMSA credential - spec to use. type: string hostProcess: - description: HostProcess determines - if a container should be run as - a 'Host Process' container. All - of a Pod's containers must have - the same effective HostProcess value - (it is not allowed to have a mix - of HostProcess containers and non-HostProcess - containers). In addition, if HostProcess - is true then HostNetwork must also - be set to true. type: boolean runAsUserName: - description: The UserName in Windows - to run the entrypoint of the container - process. Defaults to the user specified - in image metadata if unspecified. - May also be set in PodSecurityContext. - If set in both SecurityContext and - PodSecurityContext, the value specified - in SecurityContext takes precedence. type: string type: object type: object @@ -15817,91 +5761,22 @@ spec: pod: properties: affinity: - description: If specified, the pod's scheduling - constraints properties: nodeAffinity: - description: Describes node affinity scheduling - rules for the pod. properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer - to schedule pods to nodes that satisfy - the affinity expressions specified - by this field, but it may choose - a node that violates one or more - of the expressions. The node that - is most preferred is the one with - the greatest sum of weights, i.e. - for each node that meets all of - the scheduling requirements (resource - request, requiredDuringScheduling - affinity expressions, etc.), compute - a sum by iterating through the elements - of this field and adding "weight" - to the sum if the node matches the - corresponding matchExpressions; - the node(s) with the highest sum - are the most preferred. items: - description: An empty preferred - scheduling term matches all objects - with implicit weight 0 (i.e. it's - a no-op). A null preferred scheduling - term matches no objects (i.e. - is also a no-op). properties: preference: - description: A node selector - term, associated with the - corresponding weight. properties: matchExpressions: - description: A list of node - selector requirements - by node's labels. items: - description: A node selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key - and values. properties: key: - description: The label - key that the selector - applies to. type: string operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, Exists, - DoesNotExist. Gt, - and Lt. type: string values: - description: An array - of string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. If - the operator is - Gt or Lt, the values - array must have - a single element, - which will be interpreted - as an integer. This - array is replaced - during a strategic - merge patch. items: type: string type: array @@ -15913,51 +5788,13 @@ spec: type: array x-kubernetes-list-type: atomic matchFields: - description: A list of node - selector requirements - by node's fields. items: - description: A node selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key - and values. properties: key: - description: The label - key that the selector - applies to. type: string operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, Exists, - DoesNotExist. Gt, - and Lt. type: string values: - description: An array - of string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. If - the operator is - Gt or Lt, the values - array must have - a single element, - which will be interpreted - as an integer. This - array is replaced - during a strategic - merge patch. items: type: string type: array @@ -15971,10 +5808,6 @@ spec: type: object x-kubernetes-map-type: atomic weight: - description: Weight associated - with matching the corresponding - nodeSelectorTerm, in the range - 1-100. format: int32 type: integer required: @@ -15984,75 +5817,18 @@ spec: type: array x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements - specified by this field are not - met at scheduling time, the pod - will not be scheduled onto the node. - If the affinity requirements specified - by this field cease to be met at - some point during pod execution - (e.g. due to an update), the system - may or may not try to eventually - evict the pod from its node. properties: nodeSelectorTerms: - description: Required. A list - of node selector terms. The - terms are ORed. items: - description: A null or empty - node selector term matches - no objects. The requirements - of them are ANDed. The TopologySelectorTerm - type implements a subset of - the NodeSelectorTerm. properties: matchExpressions: - description: A list of node - selector requirements - by node's labels. items: - description: A node selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key - and values. properties: key: - description: The label - key that the selector - applies to. type: string operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, Exists, - DoesNotExist. Gt, - and Lt. type: string values: - description: An array - of string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. If - the operator is - Gt or Lt, the values - array must have - a single element, - which will be interpreted - as an integer. This - array is replaced - during a strategic - merge patch. items: type: string type: array @@ -16064,51 +5840,13 @@ spec: type: array x-kubernetes-list-type: atomic matchFields: - description: A list of node - selector requirements - by node's fields. items: - description: A node selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key - and values. properties: key: - description: The label - key that the selector - applies to. type: string operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, Exists, - DoesNotExist. Gt, - and Lt. type: string values: - description: An array - of string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. If - the operator is - Gt or Lt, the values - array must have - a single element, - which will be interpreted - as an integer. This - array is replaced - during a strategic - merge patch. items: type: string type: array @@ -16129,97 +5867,22 @@ spec: x-kubernetes-map-type: atomic type: object podAffinity: - description: Describes pod affinity scheduling - rules (e.g. co-locate this pod in the - same node, zone, etc. as some other - pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer - to schedule pods to nodes that satisfy - the affinity expressions specified - by this field, but it may choose - a node that violates one or more - of the expressions. The node that - is most preferred is the one with - the greatest sum of weights, i.e. - for each node that meets all of - the scheduling requirements (resource - request, requiredDuringScheduling - affinity expressions, etc.), compute - a sum by iterating through the elements - of this field and adding "weight" - to the sum if the node has pods - which matches the corresponding - podAffinityTerm; the node(s) with - the highest sum are the most preferred. items: - description: The weights of all - of the matched WeightedPodAffinityTerm - fields are added per-node to find - the most preferred node(s) properties: podAffinityTerm: - description: Required. A pod - affinity term, associated - with the corresponding weight. properties: labelSelector: - description: A label query - over a set of resources, - in this case pods. If - it's null, this PodAffinityTerm - matches with no Pods. properties: matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements are - ANDed. items: - description: A label - selector requirement - is a selector that - contains values, - a key, and an operator - that relates the - key and values. properties: key: - description: key - is the label - key that the - selector applies - to. type: string operator: - description: operator - represents a - key's relationship - to a set of - values. Valid - operators are - In, NotIn, Exists - and DoesNotExist. type: string values: - description: values - is an array - of string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or - DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic - merge patch. items: type: string type: array @@ -16233,151 +5896,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels - map is equivalent - to an element of matchExpressions, - whose key field is - "key", the operator - is "In", and the values - array contains only - "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys - is a set of pod label - keys to select which pods - will be taken into consideration. - The keys are used to lookup - values from the incoming - pod labels, those key-value - labels are merged with - `labelSelector` as `key - in (value)` to select - the group of existing - pods which pods will be - taken into consideration - for the incoming pod's - pod (anti) affinity. Keys - that don't exist in the - incoming pod labels will - be ignored. The default - value is empty. The same - key is forbidden to exist - in both matchLabelKeys - and labelSelector. Also, - matchLabelKeys cannot - be set when labelSelector - isn't set. This is an - alpha field and requires - enabling MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys - is a set of pod label - keys to select which pods - will be taken into consideration. - The keys are used to lookup - values from the incoming - pod labels, those key-value - labels are merged with - `labelSelector` as `key - notin (value)` to select - the group of existing - pods which pods will be - taken into consideration - for the incoming pod's - pod (anti) affinity. Keys - that don't exist in the - incoming pod labels will - be ignored. The default - value is empty. The same - key is forbidden to exist - in both mismatchLabelKeys - and labelSelector. Also, - mismatchLabelKeys cannot - be set when labelSelector - isn't set. This is an - alpha field and requires - enabling MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query - over the set of namespaces - that the term applies - to. The term is applied - to the union of the namespaces - selected by this field - and the ones listed in - the namespaces field. - null selector and null - or empty namespaces list - means "this pod's namespace". - An empty selector ({}) - matches all namespaces. properties: matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements are - ANDed. items: - description: A label - selector requirement - is a selector that - contains values, - a key, and an operator - that relates the - key and values. properties: key: - description: key - is the label - key that the - selector applies - to. type: string operator: - description: operator - represents a - key's relationship - to a set of - values. Valid - operators are - In, NotIn, Exists - and DoesNotExist. type: string values: - description: values - is an array - of string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or - DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic - merge patch. items: type: string type: array @@ -16391,61 +5932,20 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels - map is equivalent - to an element of matchExpressions, - whose key field is - "key", the operator - is "In", and the values - array contains only - "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces - specifies a static list - of namespace names that - the term applies to. The - term is applied to the - union of the namespaces - listed in this field and - the ones selected by namespaceSelector. - null or empty namespaces - list and null namespaceSelector - means "this pod's namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: - description: This pod should - be co-located (affinity) - or not co-located (anti-affinity) - with the pods matching - the labelSelector in the - specified namespaces, - where co-located is defined - as running on a node whose - value of the label with - key topologyKey matches - that of any node on which - any of the selected pods - is running. Empty topologyKey - is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated - with matching the corresponding - podAffinityTerm, in the range - 1-100. format: int32 type: integer required: @@ -16455,81 +5955,18 @@ spec: type: array x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements - specified by this field are not - met at scheduling time, the pod - will not be scheduled onto the node. - If the affinity requirements specified - by this field cease to be met at - some point during pod execution - (e.g. due to a pod label update), - the system may or may not try to - eventually evict the pod from its - node. When there are multiple elements, - the lists of nodes corresponding - to each podAffinityTerm are intersected, - i.e. all terms must be satisfied. items: - description: Defines a set of pods - (namely those matching the labelSelector - relative to the given namespace(s)) - that this pod should be co-located - (affinity) or not co-located (anti-affinity) - with, where co-located is defined - as running on a node whose value - of the label with key - matches that of any node on which - a pod of the set of pods is running properties: labelSelector: - description: A label query over - a set of resources, in this - case pods. If it's null, this - PodAffinityTerm matches with - no Pods. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key - and values. properties: key: - description: key is - the label key that - the selector applies - to. type: string operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values - is an array of string - values. If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. This - array is replaced - during a strategic - merge patch. items: type: string type: array @@ -16543,136 +5980,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an element - of matchExpressions, whose - key field is "key", the - operator is "In", and - the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys - is a set of pod label keys - to select which pods will - be taken into consideration. - The keys are used to lookup - values from the incoming pod - labels, those key-value labels - are merged with `labelSelector` - as `key in (value)` to select - the group of existing pods - which pods will be taken into - consideration for the incoming - pod's pod (anti) affinity. - Keys that don't exist in the - incoming pod labels will be - ignored. The default value - is empty. The same key is - forbidden to exist in both - matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot - be set when labelSelector - isn't set. This is an alpha - field and requires enabling - MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys - is a set of pod label keys - to select which pods will - be taken into consideration. - The keys are used to lookup - values from the incoming pod - labels, those key-value labels - are merged with `labelSelector` - as `key notin (value)` to - select the group of existing - pods which pods will be taken - into consideration for the - incoming pod's pod (anti) - affinity. Keys that don't - exist in the incoming pod - labels will be ignored. The - default value is empty. The - same key is forbidden to exist - in both mismatchLabelKeys - and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector - isn't set. This is an alpha - field and requires enabling - MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over - the set of namespaces that - the term applies to. The term - is applied to the union of - the namespaces selected by - this field and the ones listed - in the namespaces field. null - selector and null or empty - namespaces list means "this - pod's namespace". An empty - selector ({}) matches all - namespaces. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key - and values. properties: key: - description: key is - the label key that - the selector applies - to. type: string operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values - is an array of string - values. If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. This - array is replaced - during a strategic - merge patch. items: type: string type: array @@ -16686,49 +6016,15 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an element - of matchExpressions, whose - key field is "key", the - operator is "In", and - the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies - a static list of namespace - names that the term applies - to. The term is applied to - the union of the namespaces - listed in this field and the - ones selected by namespaceSelector. - null or empty namespaces list - and null namespaceSelector - means "this pod's namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: - description: This pod should - be co-located (affinity) or - not co-located (anti-affinity) - with the pods matching the - labelSelector in the specified - namespaces, where co-located - is defined as running on a - node whose value of the label - with key topologyKey matches - that of any node on which - any of the selected pods is - running. Empty topologyKey - is not allowed. type: string required: - topologyKey @@ -16737,97 +6033,22 @@ spec: x-kubernetes-list-type: atomic type: object podAntiAffinity: - description: Describes pod anti-affinity - scheduling rules (e.g. avoid putting - this pod in the same node, zone, etc. - as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer - to schedule pods to nodes that satisfy - the anti-affinity expressions specified - by this field, but it may choose - a node that violates one or more - of the expressions. The node that - is most preferred is the one with - the greatest sum of weights, i.e. - for each node that meets all of - the scheduling requirements (resource - request, requiredDuringScheduling - anti-affinity expressions, etc.), - compute a sum by iterating through - the elements of this field and adding - "weight" to the sum if the node - has pods which matches the corresponding - podAffinityTerm; the node(s) with - the highest sum are the most preferred. items: - description: The weights of all - of the matched WeightedPodAffinityTerm - fields are added per-node to find - the most preferred node(s) properties: podAffinityTerm: - description: Required. A pod - affinity term, associated - with the corresponding weight. properties: labelSelector: - description: A label query - over a set of resources, - in this case pods. If - it's null, this PodAffinityTerm - matches with no Pods. properties: matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements are - ANDed. items: - description: A label - selector requirement - is a selector that - contains values, - a key, and an operator - that relates the - key and values. properties: key: - description: key - is the label - key that the - selector applies - to. type: string operator: - description: operator - represents a - key's relationship - to a set of - values. Valid - operators are - In, NotIn, Exists - and DoesNotExist. type: string values: - description: values - is an array - of string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or - DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic - merge patch. items: type: string type: array @@ -16841,151 +6062,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels - map is equivalent - to an element of matchExpressions, - whose key field is - "key", the operator - is "In", and the values - array contains only - "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys - is a set of pod label - keys to select which pods - will be taken into consideration. - The keys are used to lookup - values from the incoming - pod labels, those key-value - labels are merged with - `labelSelector` as `key - in (value)` to select - the group of existing - pods which pods will be - taken into consideration - for the incoming pod's - pod (anti) affinity. Keys - that don't exist in the - incoming pod labels will - be ignored. The default - value is empty. The same - key is forbidden to exist - in both matchLabelKeys - and labelSelector. Also, - matchLabelKeys cannot - be set when labelSelector - isn't set. This is an - alpha field and requires - enabling MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys - is a set of pod label - keys to select which pods - will be taken into consideration. - The keys are used to lookup - values from the incoming - pod labels, those key-value - labels are merged with - `labelSelector` as `key - notin (value)` to select - the group of existing - pods which pods will be - taken into consideration - for the incoming pod's - pod (anti) affinity. Keys - that don't exist in the - incoming pod labels will - be ignored. The default - value is empty. The same - key is forbidden to exist - in both mismatchLabelKeys - and labelSelector. Also, - mismatchLabelKeys cannot - be set when labelSelector - isn't set. This is an - alpha field and requires - enabling MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query - over the set of namespaces - that the term applies - to. The term is applied - to the union of the namespaces - selected by this field - and the ones listed in - the namespaces field. - null selector and null - or empty namespaces list - means "this pod's namespace". - An empty selector ({}) - matches all namespaces. properties: matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements are - ANDed. items: - description: A label - selector requirement - is a selector that - contains values, - a key, and an operator - that relates the - key and values. properties: key: - description: key - is the label - key that the - selector applies - to. type: string operator: - description: operator - represents a - key's relationship - to a set of - values. Valid - operators are - In, NotIn, Exists - and DoesNotExist. type: string values: - description: values - is an array - of string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or - DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic - merge patch. items: type: string type: array @@ -16999,61 +6098,20 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels - map is equivalent - to an element of matchExpressions, - whose key field is - "key", the operator - is "In", and the values - array contains only - "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces - specifies a static list - of namespace names that - the term applies to. The - term is applied to the - union of the namespaces - listed in this field and - the ones selected by namespaceSelector. - null or empty namespaces - list and null namespaceSelector - means "this pod's namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: - description: This pod should - be co-located (affinity) - or not co-located (anti-affinity) - with the pods matching - the labelSelector in the - specified namespaces, - where co-located is defined - as running on a node whose - value of the label with - key topologyKey matches - that of any node on which - any of the selected pods - is running. Empty topologyKey - is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated - with matching the corresponding - podAffinityTerm, in the range - 1-100. format: int32 type: integer required: @@ -17063,81 +6121,18 @@ spec: type: array x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity - requirements specified by this field - are not met at scheduling time, - the pod will not be scheduled onto - the node. If the anti-affinity requirements - specified by this field cease to - be met at some point during pod - execution (e.g. due to a pod label - update), the system may or may not - try to eventually evict the pod - from its node. When there are multiple - elements, the lists of nodes corresponding - to each podAffinityTerm are intersected, - i.e. all terms must be satisfied. items: - description: Defines a set of pods - (namely those matching the labelSelector - relative to the given namespace(s)) - that this pod should be co-located - (affinity) or not co-located (anti-affinity) - with, where co-located is defined - as running on a node whose value - of the label with key - matches that of any node on which - a pod of the set of pods is running properties: labelSelector: - description: A label query over - a set of resources, in this - case pods. If it's null, this - PodAffinityTerm matches with - no Pods. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key - and values. properties: key: - description: key is - the label key that - the selector applies - to. type: string operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values - is an array of string - values. If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. This - array is replaced - during a strategic - merge patch. items: type: string type: array @@ -17151,136 +6146,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an element - of matchExpressions, whose - key field is "key", the - operator is "In", and - the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys - is a set of pod label keys - to select which pods will - be taken into consideration. - The keys are used to lookup - values from the incoming pod - labels, those key-value labels - are merged with `labelSelector` - as `key in (value)` to select - the group of existing pods - which pods will be taken into - consideration for the incoming - pod's pod (anti) affinity. - Keys that don't exist in the - incoming pod labels will be - ignored. The default value - is empty. The same key is - forbidden to exist in both - matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot - be set when labelSelector - isn't set. This is an alpha - field and requires enabling - MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys - is a set of pod label keys - to select which pods will - be taken into consideration. - The keys are used to lookup - values from the incoming pod - labels, those key-value labels - are merged with `labelSelector` - as `key notin (value)` to - select the group of existing - pods which pods will be taken - into consideration for the - incoming pod's pod (anti) - affinity. Keys that don't - exist in the incoming pod - labels will be ignored. The - default value is empty. The - same key is forbidden to exist - in both mismatchLabelKeys - and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector - isn't set. This is an alpha - field and requires enabling - MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over - the set of namespaces that - the term applies to. The term - is applied to the union of - the namespaces selected by - this field and the ones listed - in the namespaces field. null - selector and null or empty - namespaces list means "this - pod's namespace". An empty - selector ({}) matches all - namespaces. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key - and values. properties: key: - description: key is - the label key that - the selector applies - to. type: string operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values - is an array of string - values. If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. This - array is replaced - during a strategic - merge patch. items: type: string type: array @@ -17294,49 +6182,15 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an element - of matchExpressions, whose - key field is "key", the - operator is "In", and - the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies - a static list of namespace - names that the term applies - to. The term is applied to - the union of the namespaces - listed in this field and the - ones selected by namespaceSelector. - null or empty namespaces list - and null namespaceSelector - means "this pod's namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: - description: This pod should - be co-located (affinity) or - not co-located (anti-affinity) - with the pods matching the - labelSelector in the specified - namespaces, where co-located - is defined as running on a - node whose value of the label - with key topologyKey matches - that of any node on which - any of the selected pods is - running. Empty topologyKey - is not allowed. type: string required: - topologyKey @@ -17346,332 +6200,106 @@ spec: type: object type: object automountServiceAccountToken: - description: AutomountServiceAccountToken - indicates whether a service account token - should be automatically mounted. type: boolean enableServiceLinks: - description: 'EnableServiceLinks indicates - whether information about services should - be injected into pod''s environment variables, - matching the syntax of Docker links. Optional: - Defaults to true.' type: boolean imagePullSecrets: - description: 'ImagePullSecrets is an optional - list of references to secrets in the same - namespace to use for pulling any of the - images used by this PodRuntimeSettings. - If specified, these secrets will be passed - to individual puller implementations for - them to use. For example, in the case of - docker, only DockerConfig type secrets are - honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' items: - description: LocalObjectReference contains - enough information to let you locate the - referenced object inside the same namespace. properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value here - are almost certainly wrong. TODO: - Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic type: array nodeName: - description: NodeName is a request to schedule - this pod onto a specific node. If it is - non-empty, the scheduler simply schedules - this pod onto that node, assuming that it - fits resource requirements. type: string nodeSelector: additionalProperties: type: string - description: 'NodeSelector is a selector which - must be true for the pod to fit on a node. - Selector which must match a node''s labels - for the pod to be scheduled on that node. - More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' type: object podAnnotations: additionalProperties: type: string - description: PodAnnotations are the annotations - that will be attached with the respective - Pod type: object podLabels: additionalProperties: type: string - description: PodLabels are the labels that - will be attached with the respective Pod type: object priority: - description: The priority value. Various system - components use this field to find the priority - of the pod. When Priority Admission Controller - is enabled, it prevents users from setting - this field. The admission controller populates - this field from PriorityClassName. The higher - the value, the higher the priority. format: int32 type: integer priorityClassName: - description: If specified, indicates the pod's - priority. "system-node-critical" and "system-cluster-critical" - are two special keywords which indicate - the highest priorities with the former being - the highest priority. Any other name must - be defined by creating a PriorityClass object - with that name. If not specified, the pod - priority will be default or zero if there - is no default. type: string readinessGates: - description: 'If specified, all readiness - gates will be evaluated for pod readiness. - A pod is ready when all its containers are - ready AND all conditions specified in the - readiness gates have status equal to "True" - More info: https://git.k8s.io/enhancements/keps/sig-network/0007-pod-ready%2B%2B.md' items: - description: PodReadinessGate contains the - reference to a pod condition properties: conditionType: - description: ConditionType refers to - a condition in the pod's condition - list with matching type. type: string required: - conditionType type: object type: array runtimeClassName: - description: 'RuntimeClassName refers to a - RuntimeClass object in the node.k8s.io group, - which should be used to run this pod. If - no RuntimeClass resource matches the named - class, the pod will not be run. If unset - or empty, the "legacy" RuntimeClass will - be used, which is an implicit class with - an empty definition that uses the default - runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md - This is an alpha feature and may change - in the future.' type: string schedulerName: - description: If specified, the pod will be - dispatched by specified scheduler. If not - specified, the pod will be dispatched by - default scheduler. type: string securityContext: - description: 'Security options the pod should - run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: appArmorProfile: - description: appArmorProfile is the AppArmor - options to use by the containers in - this pod. Note that this field cannot - be set when spec.os.name is windows. properties: localhostProfile: - description: localhostProfile indicates - a profile loaded on the node that - should be used. The profile must - be preconfigured on the node to - work. Must match the loaded name - of the profile. Must be set if and - only if type is "Localhost". type: string type: - description: 'type indicates which - kind of AppArmor profile will be - applied. Valid options are: Localhost - - a profile pre-loaded on the node. - RuntimeDefault - the container runtime''s - default profile. Unconfined - no - AppArmor enforcement.' type: string required: - type type: object fsGroup: - description: "A special supplemental group - that applies to all containers in a - pod. Some volume types allow the Kubelet - to change the ownership of that volume - to be owned by the pod: \n 1. The owning - GID will be the FSGroup 2. The setgid - bit is set (new files created in the - volume will be owned by FSGroup) 3. - The permission bits are OR'd with rw-rw---- - \n If unset, the Kubelet will not modify - the ownership and permissions of any - volume. Note that this field cannot - be set when spec.os.name is windows." format: int64 type: integer fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines - behavior of changing ownership and permission - of the volume before being exposed inside - Pod. This field will only apply to volume - types which support fsGroup based ownership(and - permissions). It will have no effect - on ephemeral volume types such as: secret, - configmaps and emptydir. Valid values - are "OnRootMismatch" and "Always". If - not specified, "Always" is used. Note - that this field cannot be set when spec.os.name - is windows.' type: string runAsGroup: - description: The GID to run the entrypoint - of the container process. Uses runtime - default if unset. May also be set in - SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified - in SecurityContext takes precedence - for that container. Note that this field - cannot be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: - description: Indicates that the container - must run as a non-root user. If true, - the Kubelet will validate the image - at runtime to ensure that it does not - run as UID 0 (root) and fail to start - the container if it does. If unset or - false, no such validation will be performed. - May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint - of the container process. Defaults to - user specified in image metadata if - unspecified. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence for that container. - Note that this field cannot be set when - spec.os.name is windows. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be - applied to all containers. If unspecified, - the container runtime will allocate - a random SELinux context for each container. May - also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence for that container. - Note that this field cannot be set when - spec.os.name is windows. properties: level: - description: Level is SELinux level - label that applies to the container. type: string role: - description: Role is a SELinux role - label that applies to the container. type: string type: - description: Type is a SELinux type - label that applies to the container. type: string user: - description: User is a SELinux user - label that applies to the container. type: string type: object seccompProfile: - description: The seccomp options to use - by the containers in this pod. Note - that this field cannot be set when spec.os.name - is windows. properties: localhostProfile: - description: localhostProfile indicates - a profile defined in a file on the - node should be used. The profile - must be preconfigured on the node - to work. Must be a descending path, - relative to the kubelet's configured - seccomp profile location. Must be - set if type is "Localhost". Must - NOT be set for any other type. type: string type: - description: "type indicates which - kind of seccomp profile will be - applied. Valid options are: \n Localhost - - a profile defined in a file on - the node should be used. RuntimeDefault - - the container runtime default - profile should be used. Unconfined - - no profile should be applied." type: string required: - type type: object supplementalGroups: - description: A list of groups applied - to the first process run in each container, - in addition to the container's primary - GID, the fsGroup (if specified), and - group memberships defined in the container - image for the uid of the container process. - If unspecified, no additional groups - are added to any container. Note that - group memberships defined in the container - image for the uid of the container process - are still effective, even if they are - not included in this list. Note that - this field cannot be set when spec.os.name - is windows. items: format: int64 type: integer type: array x-kubernetes-list-type: atomic sysctls: - description: Sysctls hold a list of namespaced - sysctls used for the pod. Pods with - unsupported sysctls (by the container - runtime) might fail to launch. Note - that this field cannot be set when spec.os.name - is windows. items: - description: Sysctl defines a kernel - parameter to be set properties: name: - description: Name of a property - to set type: string value: - description: Value of a property - to set type: string required: - name @@ -17680,168 +6308,52 @@ spec: type: array x-kubernetes-list-type: atomic windowsOptions: - description: The Windows specific settings - applied to all containers. If unspecified, - the options within a container's SecurityContext - will be used. If set in both SecurityContext - and PodSecurityContext, the value specified - in SecurityContext takes precedence. - Note that this field cannot be set when - spec.os.name is linux. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is - where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA - credential spec named by the GMSACredentialSpecName - field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName - is the name of the GMSA credential - spec to use. type: string hostProcess: - description: HostProcess determines - if a container should be run as - a 'Host Process' container. All - of a Pod's containers must have - the same effective HostProcess value - (it is not allowed to have a mix - of HostProcess containers and non-HostProcess - containers). In addition, if HostProcess - is true then HostNetwork must also - be set to true. type: boolean runAsUserName: - description: The UserName in Windows - to run the entrypoint of the container - process. Defaults to the user specified - in image metadata if unspecified. - May also be set in PodSecurityContext. - If set in both SecurityContext and - PodSecurityContext, the value specified - in SecurityContext takes precedence. type: string type: object type: object serviceAccountAnnotations: additionalProperties: type: string - description: ServiceAccountAnnotations are - the annotations that will be attached with - the respective ServiceAccount type: object serviceAccountName: - description: 'ServiceAccountName is the name - of the ServiceAccount to use to run this - pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' type: string tolerations: - description: If specified, the pod's tolerations. items: - description: The pod this Toleration is - attached to tolerates any taint that matches - the triple using the - matching operator . properties: effect: - description: Effect indicates the taint - effect to match. Empty means match - all taint effects. When specified, - allowed values are NoSchedule, PreferNoSchedule - and NoExecute. type: string key: - description: Key is the taint key that - the toleration applies to. Empty means - match all taint keys. If the key is - empty, operator must be Exists; this - combination means to match all values - and all keys. type: string operator: - description: Operator represents a key's - relationship to the value. Valid operators - are Exists and Equal. Defaults to - Equal. Exists is equivalent to wildcard - for value, so that a pod can tolerate - all taints of a particular category. type: string tolerationSeconds: - description: TolerationSeconds represents - the period of time the toleration - (which must be of effect NoExecute, - otherwise this field is ignored) tolerates - the taint. By default, it is not set, - which means tolerate the taint forever - (do not evict). Zero and negative - values will be treated as 0 (evict - immediately) by the system. format: int64 type: integer value: - description: Value is the taint value - the toleration matches to. If the - operator is Exists, the value should - be empty, otherwise just a regular - string. type: string type: object type: array topologySpreadConstraints: - description: TopologySpreadConstraints describes - how a group of pods ought to spread across - topology domains. Scheduler will schedule - pods in a way which abides by the constraints. - All topologySpreadConstraints are ANDed. items: - description: TopologySpreadConstraint specifies - how to spread matching pods among the - given topology. properties: labelSelector: - description: LabelSelector is used to - find matching pods. Pods that match - this label selector are counted to - determine the number of pods in their - corresponding topology domain. properties: matchExpressions: - description: matchExpressions is - a list of label selector requirements. - The requirements are ANDed. items: - description: A label selector - requirement is a selector that - contains values, a key, and - an operator that relates the - key and values. properties: key: - description: key is the label - key that the selector applies - to. type: string operator: - description: operator represents - a key's relationship to - a set of values. Valid operators - are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an - array of string values. - If the operator is In or - NotIn, the values array - must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be - empty. This array is replaced - during a strategic merge - patch. items: type: string type: array @@ -17855,183 +6367,27 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map - of {key,value} pairs. A single - {key,value} in the matchLabels - map is equivalent to an element - of matchExpressions, whose key - field is "key", the operator is - "In", and the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: "MatchLabelKeys is a set - of pod label keys to select the pods - over which spreading will be calculated. - The keys are used to lookup values - from the incoming pod labels, those - key-value labels are ANDed with labelSelector - to select the group of existing pods - over which spreading will be calculated - for the incoming pod. The same key - is forbidden to exist in both MatchLabelKeys - and LabelSelector. MatchLabelKeys - cannot be set when LabelSelector isn't - set. Keys that don't exist in the - incoming pod labels will be ignored. - A null or empty list means only match - against labelSelector. \n This is - a beta field and requires the MatchLabelKeysInPodTopologySpread - feature gate to be enabled (enabled - by default)." items: type: string type: array x-kubernetes-list-type: atomic maxSkew: - description: 'MaxSkew describes the - degree to which pods may be unevenly - distributed. When `whenUnsatisfiable=DoNotSchedule`, - it is the maximum permitted difference - between the number of matching pods - in the target topology and the global - minimum. The global minimum is the - minimum number of matching pods in - an eligible domain or zero if the - number of eligible domains is less - than MinDomains. For example, in a - 3-zone cluster, MaxSkew is set to - 1, and pods with the same labelSelector - spread as 2/2/1: In this case, the - global minimum is 1. | zone1 | zone2 - | zone3 | | P P | P P | P | - - if MaxSkew is 1, incoming pod can - only be scheduled to zone3 to become - 2/2/2; scheduling it onto zone1(zone2) - would make the ActualSkew(3-1) on - zone1(zone2) violate MaxSkew(1). - - if MaxSkew is 2, incoming pod can - be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, - it is used to give higher precedence - to topologies that satisfy it. It''s - a required field. Default value is - 1 and 0 is not allowed.' format: int32 type: integer minDomains: - description: "MinDomains indicates a - minimum number of eligible domains. - When the number of eligible domains - with matching topology keys is less - than minDomains, Pod Topology Spread - treats \"global minimum\" as 0, and - then the calculation of Skew is performed. - And when the number of eligible domains - with matching topology keys equals - or greater than minDomains, this value - has no effect on scheduling. As a - result, when the number of eligible - domains is less than minDomains, scheduler - won't schedule more than maxSkew Pods - to those domains. If value is nil, - the constraint behaves as if MinDomains - is equal to 1. Valid values are integers - greater than 0. When value is not - nil, WhenUnsatisfiable must be DoNotSchedule. - \n For example, in a 3-zone cluster, - MaxSkew is set to 2, MinDomains is - set to 5 and pods with the same labelSelector - spread as 2/2/2: | zone1 | zone2 | - zone3 | | P P | P P | P P | - The number of domains is less than - 5(MinDomains), so \"global minimum\" - is treated as 0. In this situation, - new pod with the same labelSelector - cannot be scheduled, because computed - skew will be 3(3 - 0) if new Pod is - scheduled to any of the three zones, - it will violate MaxSkew." format: int32 type: integer nodeAffinityPolicy: - description: "NodeAffinityPolicy indicates - how we will treat Pod's nodeAffinity/nodeSelector - when calculating pod topology spread - skew. Options are: - Honor: only nodes - matching nodeAffinity/nodeSelector - are included in the calculations. - - Ignore: nodeAffinity/nodeSelector - are ignored. All nodes are included - in the calculations. \n If this value - is nil, the behavior is equivalent - to the Honor policy. This is a beta-level - feature default enabled by the NodeInclusionPolicyInPodTopologySpread - feature flag." type: string nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates - how we will treat node taints when - calculating pod topology spread skew. - Options are: - Honor: nodes without - taints, along with tainted nodes for - which the incoming pod has a toleration, - are included. - Ignore: node taints - are ignored. All nodes are included. - \n If this value is nil, the behavior - is equivalent to the Ignore policy. - This is a beta-level feature default - enabled by the NodeInclusionPolicyInPodTopologySpread - feature flag." type: string topologyKey: - description: TopologyKey is the key - of node labels. Nodes that have a - label with this key and identical - values are considered to be in the - same topology. We consider each as a "bucket", and try to put - balanced number of pods into each - bucket. We define a domain as a particular - instance of a topology. Also, we define - an eligible domain as a domain whose - nodes meet the requirements of nodeAffinityPolicy - and nodeTaintsPolicy. e.g. If TopologyKey - is "kubernetes.io/hostname", each - Node is a domain of that topology. - And, if TopologyKey is "topology.kubernetes.io/zone", - each zone is a domain of that topology. - It's a required field. type: string whenUnsatisfiable: - description: 'WhenUnsatisfiable indicates - how to deal with a pod if it doesn''t - satisfy the spread constraint. - DoNotSchedule - (default) tells the scheduler not - to schedule it. - ScheduleAnyway tells - the scheduler to schedule the pod - in any location, but giving higher - precedence to topologies that would - help reduce the skew. A constraint - is considered "Unsatisfiable" for - an incoming pod if and only if every - possible node assignment for that - pod would violate "MaxSkew" on some - topology. For example, in a 3-zone - cluster, MaxSkew is set to 1, and - pods with the same labelSelector spread - as 3/1/1: | zone1 | zone2 | zone3 - | | P P P | P | P | If WhenUnsatisfiable - is set to DoNotSchedule, incoming - pod can only be scheduled to zone2(zone3) - to become 3/2/1(3/1/2) as ActualSkew(2-1) - on zone2(zone3) satisfies MaxSkew(1). - In other words, the cluster can still - be imbalanced, but scheduler won''t - make it *more* imbalanced. It''s a - required field.' type: string required: - maxSkew @@ -18046,143 +6402,63 @@ spec: type: object type: object timeout: - description: Timeout specifies a duration in seconds - that KubeStash should wait for the hook execution - to be completed. If the hook execution does not - finish within this time period, KubeStash will consider - this hook execution as failure. Then, it will be - re-tried according to MaxRetry policy. type: string variables: - description: Variables specifies a list of variables - and their sources that will be used to resolve the - HookTemplate. items: - description: EnvVar represents an environment variable - present in a Container. properties: name: - description: Name of the environment variable. - Must be a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) - are expanded using the previously defined - environment variables in the container and - any service environment variables. If a variable - cannot be resolved, the reference in the input - string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the - $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, - regardless of whether the variable exists - or not. Defaults to "".' type: string valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. properties: configMapKeyRef: - description: Selects a key of a ConfigMap. properties: key: - description: The key to select. type: string name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value here - are almost certainly wrong. TODO: - Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the ConfigMap - or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of the pod: - supports metadata.name, metadata.namespace, - `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, status.podIPs.' properties: apiVersion: - description: Version of the schema the - FieldPath is written in terms of, - defaults to "v1". type: string fieldPath: - description: Path of the field to select - in the specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource of the - container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, - requests.cpu, requests.memory and requests.ephemeral-storage) - are currently supported.' properties: containerName: - description: 'Container name: required - for volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output format - of the exposed resources, defaults - to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to - select' type: string required: - resource type: object x-kubernetes-map-type: atomic secretKeyRef: - description: Selects a key of a secret in - the pod's namespace properties: key: - description: The key of the secret to - select from. Must be a valid secret - key. type: string name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value here - are almost certainly wrong. TODO: - Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the Secret - or its key must be defined type: boolean required: - key @@ -18194,69 +6470,21 @@ spec: type: object type: array volumeMounts: - description: VolumeMounts specifies the mount for - the volumes specified in `Volumes` section Use this - field only for `Function` type hook executor. items: - description: VolumeMount describes a mounting of - a Volume within a container. properties: mountPath: - description: Path within the container at which - the volume should be mounted. Must not contain - ':'. type: string mountPropagation: - description: mountPropagation determines how - mounts are propagated from the host to container - and the other way around. When not set, MountPropagationNone - is used. This field is beta in 1.10. When - RecursiveReadOnly is set to IfPossible or - to Enabled, MountPropagation must be None - or unspecified (which defaults to None). type: string name: - description: This must match the Name of a Volume. type: string readOnly: - description: Mounted read-only if true, read-write - otherwise (false or unspecified). Defaults - to false. type: boolean recursiveReadOnly: - description: "RecursiveReadOnly specifies whether - read-only mounts should be handled recursively. - \n If ReadOnly is false, this field has no - meaning and must be unspecified. \n If ReadOnly - is true, and this field is set to Disabled, - the mount is not made recursively read-only. - \ If this field is set to IfPossible, the - mount is made recursively read-only, if it - is supported by the container runtime. If - this field is set to Enabled, the mount is - made recursively read-only if it is supported - by the container runtime, otherwise the pod - will not be started and an error will be generated - to indicate the reason. \n If this field is - set to IfPossible or Enabled, MountPropagation - must be set to None (or be unspecified, which - defaults to None). \n If this field is not - specified, it is treated as an equivalent - of Disabled." type: string subPath: - description: Path within the volume from which - the container's volume should be mounted. - Defaults to "" (volume's root). type: string subPathExpr: - description: Expanded path within the volume - from which the container's volume should be - mounted. Behaves similarly to SubPath but - environment variable references $(VAR_NAME) - are expanded using the container's environment. - Defaults to "" (volume's root). SubPathExpr - and SubPath are mutually exclusive. type: string required: - mountPath @@ -18264,284 +6492,109 @@ spec: type: object type: array volumes: - description: Volumes indicates the list of volumes - of targeted application that should be mounted on - the hook executor. Use this field only for `Function` - type hook executor. items: - description: Volume represents a named volume in - a pod that may be accessed by any container in - the pod. properties: awsElasticBlockStore: - description: 'awsElasticBlockStore represents - an AWS Disk resource that is attached to a - kubelet''s host machine and then exposed to - the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' properties: fsType: - description: 'fsType is the filesystem type - of the volume that you want to mount. - Tip: Ensure that the filesystem type is - supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the - filesystem from compromising the machine' type: string partition: - description: 'partition is the partition - in the volume that you want to mount. - If omitted, the default is to mount by - volume name. Examples: For volume /dev/sda1, - you specify the partition as "1". Similarly, - the volume partition for /dev/sda is "0" - (or you can leave the property empty).' format: int32 type: integer readOnly: - description: 'readOnly value true will force - the readOnly setting in VolumeMounts. - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: boolean volumeID: - description: 'volumeID is unique ID of the - persistent disk resource in AWS (Amazon - EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: string required: - volumeID type: object azureDisk: - description: azureDisk represents an Azure Data - Disk mount on the host and bind mount to the - pod. properties: cachingMode: - description: 'cachingMode is the Host Caching - mode: None, Read Only, Read Write.' type: string diskName: - description: diskName is the Name of the - data disk in the blob storage type: string diskURI: - description: diskURI is the URI of data - disk in the blob storage type: string fsType: - description: fsType is Filesystem type to - mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to - be "ext4" if unspecified. type: string kind: - description: 'kind expected values are Shared: - multiple blob disks per storage account Dedicated: - single blob disk per storage account Managed: - azure managed data disk (only in managed - availability set). defaults to shared' type: string readOnly: - description: readOnly Defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. type: boolean required: - diskName - diskURI type: object azureFile: - description: azureFile represents an Azure File - Service mount on the host and bind mount to - the pod. properties: readOnly: - description: readOnly defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. type: boolean secretName: - description: secretName is the name of - secret that contains Azure Storage Account - Name and Key type: string shareName: - description: shareName is the azure share - Name type: string required: - secretName - shareName type: object cephfs: - description: cephFS represents a Ceph FS mount - on the host that shares a pod's lifetime properties: monitors: - description: 'monitors is Required: Monitors - is a collection of Ceph monitors More - info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' items: type: string type: array x-kubernetes-list-type: atomic path: - description: 'path is Optional: Used as - the mounted root, rather than the full - Ceph tree, default is /' type: string readOnly: - description: 'readOnly is Optional: Defaults - to false (read/write). ReadOnly here will - force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: boolean secretFile: - description: 'secretFile is Optional: SecretFile - is the path to key ring for User, default - is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string secretRef: - description: 'secretRef is Optional: SecretRef - is reference to the authentication secret - for User, default is empty. More info: - https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value here - are almost certainly wrong. TODO: - Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is optional: User is - the rados user name, default is admin - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string required: - monitors type: object cinder: - description: 'cinder represents a cinder volume - attached and mounted on kubelets host machine. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' properties: fsType: - description: 'fsType is the filesystem type - to mount. Must be a filesystem type supported - by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred - to be "ext4" if unspecified. More info: - https://examples.k8s.io/mysql-cinder-pd/README.md' type: string readOnly: - description: 'readOnly defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: boolean secretRef: - description: 'secretRef is optional: points - to a secret object containing parameters - used to connect to OpenStack.' properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value here - are almost certainly wrong. TODO: - Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic volumeID: - description: 'volumeID used to identify - the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string required: - volumeID type: object configMap: - description: configMap represents a configMap - that should populate this volume properties: defaultMode: - description: 'defaultMode is optional: mode - bits used to set permissions on created - files by default. Must be an octal value - between 0000 and 0777 or a decimal value - between 0 and 511. YAML accepts both octal - and decimal values, JSON requires decimal - values for mode bits. Defaults to 0644. - Directories within the path are not affected - by this setting. This might be in conflict - with other options that affect the file - mode, like fsGroup, and the result can - be other mode bits set.' format: int32 type: integer items: - description: items if unspecified, each - key-value pair in the Data field of the - referenced ConfigMap will be projected - into the volume as a file whose name is - the key and content is the value. If specified, - the listed keys will be projected into - the specified paths, and unlisted keys - will not be present. If a key is specified - which is not present in the ConfigMap, - the volume setup will error unless it - is marked optional. Paths must be relative - and may not contain the '..' path or start - with '..'. items: - description: Maps a string key to a path - within a volume. properties: key: - description: key is the key to project. type: string mode: - description: 'mode is Optional: mode - bits used to set permissions on - this file. Must be an octal value - between 0000 and 0777 or a decimal - value between 0 and 511. YAML accepts - both octal and decimal values, JSON - requires decimal values for mode - bits. If not specified, the volume - defaultMode will be used. This might - be in conflict with other options - that affect the file mode, like - fsGroup, and the result can be other - mode bits set.' format: int32 type: integer path: - description: path is the relative - path of the file to map the key - to. May not be an absolute path. - May not contain the path element - '..'. May not start with the string - '..'. type: string required: - key @@ -18551,181 +6604,67 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of the referent. This - field is effectively required, but due - to backwards compatibility is allowed - to be empty. Instances of this type with - an empty value here are almost certainly - wrong. TODO: Add other useful fields. - apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional specify whether the - ConfigMap or its keys must be defined type: boolean type: object x-kubernetes-map-type: atomic csi: - description: csi (Container Storage Interface) - represents ephemeral storage that is handled - by certain external CSI drivers (Beta feature). properties: driver: - description: driver is the name of the CSI - driver that handles this volume. Consult - with your admin for the correct name as - registered in the cluster. type: string fsType: - description: fsType to mount. Ex. "ext4", - "xfs", "ntfs". If not provided, the empty - value is passed to the associated CSI - driver which will determine the default - filesystem to apply. type: string nodePublishSecretRef: - description: nodePublishSecretRef is a reference - to the secret object containing sensitive - information to pass to the CSI driver - to complete the CSI NodePublishVolume - and NodeUnpublishVolume calls. This field - is optional, and may be empty if no secret - is required. If the secret object contains - more than one secret, all secret references - are passed. properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value here - are almost certainly wrong. TODO: - Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic readOnly: - description: readOnly specifies a read-only - configuration for the volume. Defaults - to false (read/write). type: boolean volumeAttributes: additionalProperties: type: string - description: volumeAttributes stores driver-specific - properties that are passed to the CSI - driver. Consult your driver's documentation - for supported values. type: object required: - driver type: object downwardAPI: - description: downwardAPI represents downward - API about the pod that should populate this - volume properties: defaultMode: - description: 'Optional: mode bits to use - on created files by default. Must be a - Optional: mode bits used to set permissions - on created files by default. Must be an - octal value between 0000 and 0777 or a - decimal value between 0 and 511. YAML - accepts both octal and decimal values, - JSON requires decimal values for mode - bits. Defaults to 0644. Directories within - the path are not affected by this setting. - This might be in conflict with other options - that affect the file mode, like fsGroup, - and the result can be other mode bits - set.' format: int32 type: integer items: - description: Items is a list of downward - API volume file items: - description: DownwardAPIVolumeFile represents - information to create the file containing - the pod field properties: fieldRef: - description: 'Required: Selects a - field of the pod: only annotations, - labels, name, namespace and uid - are supported.' properties: apiVersion: - description: Version of the schema - the FieldPath is written in - terms of, defaults to "v1". type: string fieldPath: - description: Path of the field - to select in the specified API - version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: mode bits - used to set permissions on this - file, must be an octal value between - 0000 and 0777 or a decimal value - between 0 and 511. YAML accepts - both octal and decimal values, JSON - requires decimal values for mode - bits. If not specified, the volume - defaultMode will be used. This might - be in conflict with other options - that affect the file mode, like - fsGroup, and the result can be other - mode bits set.' format: int32 type: integer path: - description: 'Required: Path is the - relative path name of the file to - be created. Must not be absolute - or contain the ''..'' path. Must - be utf-8 encoded. The first item - of the relative path must not start - with ''..''' type: string resourceFieldRef: - description: 'Selects a resource of - the container: only resources limits - and requests (limits.cpu, limits.memory, - requests.cpu and requests.memory) - are currently supported.' properties: containerName: - description: 'Container name: - required for volumes, optional - for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output - format of the exposed resources, - defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource - to select' type: string required: - resource @@ -18738,229 +6677,50 @@ spec: x-kubernetes-list-type: atomic type: object emptyDir: - description: 'emptyDir represents a temporary - directory that shares a pod''s lifetime. More - info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' properties: medium: - description: 'medium represents what type - of storage medium should back this directory. - The default is "" which means to use the - node''s default medium. Must be an empty - string (default) or Memory. More info: - https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: anyOf: - type: integer - type: string - description: 'sizeLimit is the total amount - of local storage required for this EmptyDir - volume. The size limit is also applicable - for memory medium. The maximum usage on - memory medium EmptyDir would be the minimum - value between the SizeLimit specified - here and the sum of memory limits of all - containers in a pod. The default is nil - which means that the limit is undefined. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object ephemeral: - description: "ephemeral represents a volume - that is handled by a cluster storage driver. - The volume's lifecycle is tied to the pod - that defines it - it will be created before - the pod starts, and deleted when the pod is - removed. \n Use this if: a) the volume is - only needed while the pod runs, b) features - of normal volumes like restoring from snapshot - or capacity tracking are needed, c) the storage - driver is specified through a storage class, - and d) the storage driver supports dynamic - volume provisioning through a PersistentVolumeClaim - (see EphemeralVolumeSource for more information - on the connection between this volume type - and PersistentVolumeClaim). \n Use PersistentVolumeClaim - or one of the vendor-specific APIs for volumes - that persist for longer than the lifecycle - of an individual pod. \n Use CSI for light-weight - local ephemeral volumes if the CSI driver - is meant to be used that way - see the documentation - of the driver for more information. \n A pod - can use both types of ephemeral volumes and - persistent volumes at the same time." properties: volumeClaimTemplate: - description: "Will be used to create a stand-alone - PVC to provision the volume. The pod in - which this EphemeralVolumeSource is embedded - will be the owner of the PVC, i.e. the - PVC will be deleted together with the - pod. The name of the PVC will be `-` where `` - is the name from the `PodSpec.Volumes` - array entry. Pod validation will reject - the pod if the concatenated name is not - valid for a PVC (for example, too long). - \n An existing PVC with that name that - is not owned by the pod will *not* be - used for the pod to avoid using an unrelated - volume by mistake. Starting the pod is - then blocked until the unrelated PVC is - removed. If such a pre-created PVC is - meant to be used by the pod, the PVC has - to updated with an owner reference to - the pod once the pod exists. Normally - this should not be necessary, but it may - be useful when manually reconstructing - a broken cluster. \n This field is read-only - and no changes will be made by Kubernetes - to the PVC after it has been created. - \n Required, must not be nil." properties: metadata: - description: May contain labels and - annotations that will be copied into - the PVC when creating it. No other - fields are allowed and will be rejected - during validation. properties: annotations: additionalProperties: type: string - description: 'Annotations is an - unstructured key value map stored - with a resource that may be set - by external tools to store and - retrieve arbitrary metadata. They - are not queryable and should be - preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations' type: object generateName: - description: "GenerateName is an - optional prefix, used by the server, - to generate a unique name ONLY - IF the Name field has not been - provided. If this field is used, - the name returned to the client - will be different than the name - passed. This value will also be - combined with a unique suffix. - The provided value has the same - validation rules as the Name field, - and may be truncated by the length - of the suffix required to make - the value unique on the server. - \n If this field is specified - and the generated name exists, - the server will NOT return a 409 - - instead, it will either return - 201 Created or 500 with Reason - ServerTimeout indicating a unique - name could not be found in the - time allotted, and the client - should retry (optionally after - the time indicated in the Retry-After - header). \n Applied only if Name - is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" type: string labels: additionalProperties: type: string - description: 'Map of string keys - and values that can be used to - organize and categorize (scope - and select) objects. May match - selectors of replication controllers - and services. More info: http://kubernetes.io/docs/user-guide/labels' type: object name: - description: 'Name must be unique - within a namespace. Is required - when creating resources, although - some resources may allow a client - to request the generation of an - appropriate name automatically. - Name is primarily intended for - creation idempotence and configuration - definition. Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' type: string namespace: - description: "Namespace defines - the space within each name must - be unique. An empty namespace - is equivalent to the \"default\" - namespace, but \"default\" is - the canonical representation. - Not all objects are required to - be scoped to a namespace - the - value of this field for those - objects will be empty. \n Must - be a DNS_LABEL. Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/namespaces" type: string ownerReferences: - description: List of objects depended - by this object. If ALL objects - in the list have been deleted, - this object will be garbage collected. - If this object is managed by a - controller, then an entry in this - list will point to this controller, - with the controller field set - to true. There cannot be more - than one managing controller. items: - description: OwnerReference contains - enough information to let you - identify an owning object. An - owning object must be in the - same namespace as the dependent, - or be cluster-scoped, so there - is no namespace field. properties: apiVersion: - description: API version of - the referent. type: string blockOwnerDeletion: - description: If true, AND - if the owner has the "foregroundDeletion" - finalizer, then the owner - cannot be deleted from the - key-value store until this - reference is removed. See - https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion - for how the garbage collector - interacts with this field - and enforces the foreground - deletion. Defaults to false. - To set this field, a user - needs "delete" permission - of the owner, otherwise - 422 (Unprocessable Entity) - will be returned. type: boolean controller: - description: If true, this - reference points to the - managing controller. type: boolean kind: - description: 'Kind of the - referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: - description: 'UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -18972,57 +6732,19 @@ spec: type: array type: object spec: - description: The specification for the - PersistentVolumeClaim. The entire - content is copied unchanged into the - PVC that gets created from this template. - The same fields as in a PersistentVolumeClaim - are also valid here. properties: accessModes: - description: 'accessModes contains - the desired access modes the volume - should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array x-kubernetes-list-type: atomic dataSource: - description: 'dataSource field can - be used to specify either: * An - existing VolumeSnapshot object - (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an external - controller can support the specified - data source, it will create a - new volume based on the contents - of the specified data source. - When the AnyVolumeDataSource feature - gate is enabled, dataSource contents - will be copied to dataSourceRef, - and dataSourceRef contents will - be copied to dataSource when dataSourceRef.namespace - is not specified. If the namespace - is specified, then dataSourceRef - will not be copied to dataSource.' properties: apiGroup: - description: APIGroup is the - group for the resource being - referenced. If APIGroup is - not specified, the specified - Kind must be in the core API - group. For any other third-party - types, APIGroup is required. type: string kind: - description: Kind is the type - of resource being referenced type: string name: - description: Name is the name - of resource being referenced type: string required: - kind @@ -19030,98 +6752,20 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef specifies - the object from which to populate - the volume with data, if a non-empty - volume is desired. This may be - any object from a non-empty API - group (non core object) or a PersistentVolumeClaim - object. When this field is specified, - volume binding will only succeed - if the type of the specified object - matches some installed volume - populator or dynamic provisioner. - This field will replace the functionality - of the dataSource field and as - such if both fields are non-empty, - they must have the same value. - For backwards compatibility, when - namespace isn''t specified in - dataSourceRef, both fields (dataSource - and dataSourceRef) will be set - to the same value automatically - if one of them is empty and the - other is non-empty. When namespace - is specified in dataSourceRef, - dataSource isn''t set to the same - value and must be empty. There - are three important differences - between dataSource and dataSourceRef: - * While dataSource only allows - two specific types of objects, - dataSourceRef allows any non-core - object, as well as PersistentVolumeClaim - objects. * While dataSource ignores - disallowed values (dropping them), - dataSourceRef preserves all values, - and generates an error if a disallowed - value is specified. * While dataSource - only allows local objects, dataSourceRef - allows objects in any namespaces. - (Beta) Using this field requires - the AnyVolumeDataSource feature - gate to be enabled. (Alpha) Using - the namespace field of dataSourceRef - requires the CrossNamespaceVolumeDataSource - feature gate to be enabled.' properties: apiGroup: - description: APIGroup is the - group for the resource being - referenced. If APIGroup is - not specified, the specified - Kind must be in the core API - group. For any other third-party - types, APIGroup is required. type: string kind: - description: Kind is the type - of resource being referenced type: string name: - description: Name is the name - of resource being referenced type: string namespace: - description: Namespace is the - namespace of resource being - referenced Note that when - a namespace is specified, - a gateway.networking.k8s.io/ReferenceGrant - object is required in the - referent namespace to allow - that namespace's owner to - accept the reference. See - the ReferenceGrant documentation - for details. (Alpha) This - field requires the CrossNamespaceVolumeDataSource - feature gate to be enabled. type: string required: - kind - name type: object resources: - description: 'resources represents - the minimum resources the volume - should have. If RecoverVolumeExpansionFailure - feature is enabled users are allowed - to specify resource requirements - that are lower than previous value - but must still be higher than - capacity recorded in the status - field of the claim. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: @@ -19130,10 +6774,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes - the maximum amount of compute - resources allowed. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -19142,59 +6782,18 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes - the minimum amount of compute - resources required. If Requests - is omitted for a container, - it defaults to Limits if that - is explicitly specified, otherwise - to an implementation-defined - value. Requests cannot exceed - Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: - description: selector is a label - query over volumes to consider - for binding. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, a - key, and an operator that - relates the key and values. properties: key: - description: key is the - label key that the selector - applies to. type: string operator: - description: operator - represents a key's relationship - to a set of values. - Valid operators are - In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is - an array of string values. - If the operator is In - or NotIn, the values - array must be non-empty. - If the operator is Exists - or DoesNotExist, the - values array must be - empty. This array is - replaced during a strategic - merge patch. items: type: string type: array @@ -19208,64 +6807,16 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in the - matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName is - the name of the StorageClass required - by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeAttributesClassName: - description: 'volumeAttributesClassName - may be used to set the VolumeAttributesClass - used by this claim. If specified, - the CSI driver will create or - update the volume with the attributes - defined in the corresponding VolumeAttributesClass. - This has a different purpose than - storageClassName, it can be changed - after the claim is created. An - empty string value means that - no VolumeAttributesClass will - be applied to the claim but it''s - not allowed to reset this field - to empty string once it is set. - If unspecified and the PersistentVolumeClaim - is unbound, the default VolumeAttributesClass - will be set by the persistentvolume - controller if it exists. If the - resource referred to by volumeAttributesClass - does not exist, this PersistentVolumeClaim - will be set to a Pending state, - as reflected by the modifyVolumeStatus - field, until such as a resource - exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires - the VolumeAttributesClass feature - gate to be enabled.' type: string volumeMode: - description: volumeMode defines - what type of volume is required - by the claim. Value of Filesystem - is implied when not included in - claim spec. type: string volumeName: - description: volumeName is the binding - reference to the PersistentVolume - backing this claim. type: string type: object required: @@ -19273,94 +6824,41 @@ spec: type: object type: object fc: - description: fc represents a Fibre Channel resource - that is attached to a kubelet's host machine - and then exposed to the pod. properties: fsType: - description: 'fsType is the filesystem type - to mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to - be "ext4" if unspecified. TODO: how do - we prevent errors in the filesystem from - compromising the machine' type: string lun: - description: 'lun is Optional: FC target - lun number' format: int32 type: integer readOnly: - description: 'readOnly is Optional: Defaults - to false (read/write). ReadOnly here will - force the ReadOnly setting in VolumeMounts.' type: boolean targetWWNs: - description: 'targetWWNs is Optional: FC - target worldwide names (WWNs)' items: type: string type: array x-kubernetes-list-type: atomic wwids: - description: 'wwids Optional: FC volume - world wide identifiers (wwids) Either - wwids or combination of targetWWNs and - lun must be set, but not both simultaneously.' items: type: string type: array x-kubernetes-list-type: atomic type: object flexVolume: - description: flexVolume represents a generic - volume resource that is provisioned/attached - using an exec based plugin. properties: driver: - description: driver is the name of the driver - to use for this volume. type: string fsType: - description: fsType is the filesystem type - to mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". The default filesystem - depends on FlexVolume script. type: string options: additionalProperties: type: string - description: 'options is Optional: this - field holds extra command options if any.' type: object readOnly: - description: 'readOnly is Optional: defaults - to false (read/write). ReadOnly here will - force the ReadOnly setting in VolumeMounts.' type: boolean secretRef: - description: 'secretRef is Optional: secretRef - is reference to the secret object containing - sensitive information to pass to the plugin - scripts. This may be empty if no secret - object is specified. If the secret object - contains more than one secret, all secrets - are passed to the plugin scripts.' properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value here - are almost certainly wrong. TODO: - Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic @@ -19368,197 +6866,79 @@ spec: - driver type: object flocker: - description: flocker represents a Flocker volume - attached to a kubelet's host machine. This - depends on the Flocker control service being - running properties: datasetName: - description: datasetName is Name of the - dataset stored as metadata -> name on - the dataset for Flocker should be considered - as deprecated type: string datasetUUID: - description: datasetUUID is the UUID of - the dataset. This is unique identifier - of a Flocker dataset type: string type: object gcePersistentDisk: - description: 'gcePersistentDisk represents a - GCE Disk resource that is attached to a kubelet''s - host machine and then exposed to the pod. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' properties: fsType: - description: 'fsType is filesystem type - of the volume that you want to mount. - Tip: Ensure that the filesystem type is - supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the - filesystem from compromising the machine' type: string partition: - description: 'partition is the partition - in the volume that you want to mount. - If omitted, the default is to mount by - volume name. Examples: For volume /dev/sda1, - you specify the partition as "1". Similarly, - the volume partition for /dev/sda is "0" - (or you can leave the property empty). - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' format: int32 type: integer pdName: - description: 'pdName is unique name of the - PD resource in GCE. Used to identify the - disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: string readOnly: - description: 'readOnly here will force the - ReadOnly setting in VolumeMounts. Defaults - to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: boolean required: - pdName type: object glusterfs: - description: 'glusterfs represents a Glusterfs - mount on the host that shares a pod''s lifetime. - More info: https://examples.k8s.io/volumes/glusterfs/README.md' properties: endpoints: - description: 'endpoints is the endpoint - name that details Glusterfs topology. - More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string path: - description: 'path is the Glusterfs volume - path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string readOnly: - description: 'readOnly here will force the - Glusterfs volume to be mounted with read-only - permissions. Defaults to false. More info: - https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: boolean required: - endpoints - path type: object hostPath: - description: 'hostPath represents a pre-existing - file or directory on the host machine that - is directly exposed to the container. This - is generally used for system agents or other - privileged things that are allowed to see - the host machine. Most containers will NOT - need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict who - can use host directory mounts and who can/can - not mount host directories as read/write.' properties: path: - description: 'path of the directory on the - host. If the path is a symlink, it will - follow the link to the real path. More - info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string type: - description: 'type for HostPath Volume Defaults - to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string required: - path type: object iscsi: - description: 'iscsi represents an ISCSI Disk - resource that is attached to a kubelet''s - host machine and then exposed to the pod. - More info: https://examples.k8s.io/volumes/iscsi/README.md' properties: chapAuthDiscovery: - description: chapAuthDiscovery defines whether - support iSCSI Discovery CHAP authentication type: boolean chapAuthSession: - description: chapAuthSession defines whether - support iSCSI Session CHAP authentication type: boolean fsType: - description: 'fsType is the filesystem type - of the volume that you want to mount. - Tip: Ensure that the filesystem type is - supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the - filesystem from compromising the machine' type: string initiatorName: - description: initiatorName is the custom - iSCSI Initiator Name. If initiatorName - is specified with iscsiInterface simultaneously, - new iSCSI interface : will be created for the connection. type: string iqn: - description: iqn is the target iSCSI Qualified - Name. type: string iscsiInterface: - description: iscsiInterface is the interface - Name that uses an iSCSI transport. Defaults - to 'default' (tcp). type: string lun: - description: lun represents iSCSI Target - Lun number. format: int32 type: integer portals: - description: portals is the iSCSI Target - Portal List. The portal is either an IP - or ip_addr:port if the port is other than - default (typically TCP ports 860 and 3260). items: type: string type: array x-kubernetes-list-type: atomic readOnly: - description: readOnly here will force the - ReadOnly setting in VolumeMounts. Defaults - to false. type: boolean secretRef: - description: secretRef is the CHAP Secret - for iSCSI target and initiator authentication properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value here - are almost certainly wrong. TODO: - Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic targetPortal: - description: targetPortal is iSCSI Target - Portal. The Portal is either an IP or - ip_addr:port if the port is other than - default (typically TCP ports 860 and 3260). type: string required: - iqn @@ -19566,194 +6946,68 @@ spec: - targetPortal type: object name: - description: 'name of the volume. Must be a - DNS_LABEL and unique within the pod. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string nfs: - description: 'nfs represents an NFS mount on - the host that shares a pod''s lifetime More - info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' properties: path: - description: 'path that is exported by the - NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string readOnly: - description: 'readOnly here will force the - NFS export to be mounted with read-only - permissions. Defaults to false. More info: - https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: boolean server: - description: 'server is the hostname or - IP address of the NFS server. More info: - https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string required: - path - server type: object persistentVolumeClaim: - description: 'persistentVolumeClaimVolumeSource - represents a reference to a PersistentVolumeClaim - in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: claimName: - description: 'claimName is the name of a - PersistentVolumeClaim in the same namespace - as the pod using this volume. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' type: string readOnly: - description: readOnly Will force the ReadOnly - setting in VolumeMounts. Default false. type: boolean required: - claimName type: object photonPersistentDisk: - description: photonPersistentDisk represents - a PhotonController persistent disk attached - and mounted on kubelets host machine properties: fsType: - description: fsType is the filesystem type - to mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to - be "ext4" if unspecified. type: string pdID: - description: pdID is the ID that identifies - Photon Controller persistent disk type: string required: - pdID type: object portworxVolume: - description: portworxVolume represents a portworx - volume attached and mounted on kubelets host - machine properties: fsType: - description: fSType represents the filesystem - type to mount Must be a filesystem type - supported by the host operating system. - Ex. "ext4", "xfs". Implicitly inferred - to be "ext4" if unspecified. type: string readOnly: - description: readOnly defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. type: boolean volumeID: - description: volumeID uniquely identifies - a Portworx volume type: string required: - volumeID type: object projected: - description: projected items for all in one - resources secrets, configmaps, and downward - API properties: defaultMode: - description: defaultMode are the mode bits - used to set permissions on created files - by default. Must be an octal value between - 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and - decimal values, JSON requires decimal - values for mode bits. Directories within - the path are not affected by this setting. - This might be in conflict with other options - that affect the file mode, like fsGroup, - and the result can be other mode bits - set. format: int32 type: integer sources: - description: sources is the list of volume - projections items: - description: Projection that may be projected - along with other supported volume types properties: clusterTrustBundle: - description: "ClusterTrustBundle allows - a pod to access the `.spec.trustBundle` - field of ClusterTrustBundle objects - in an auto-updating file. \n Alpha, - gated by the ClusterTrustBundleProjection - feature gate. \n ClusterTrustBundle - objects can either be selected by - name, or by the combination of signer - name and a label selector. \n Kubelet - performs aggressive normalization - of the PEM contents written into - the pod filesystem. Esoteric PEM - features such as inter-block comments - and block headers are stripped. - \ Certificates are deduplicated. - The ordering of certificates within - the file is arbitrary, and Kubelet - may change the order over time." properties: labelSelector: - description: Select all ClusterTrustBundles - that match this label selector. Only - has effect if signerName is - set. Mutually-exclusive with - name. If unset, interpreted - as "match nothing". If set - but empty, interpreted as "match - everything". properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key and - values. properties: key: - description: key is - the label key that - the selector applies - to. type: string operator: - description: operator - represents a key's - relationship to a - set of values. Valid - operators are In, - NotIn, Exists and - DoesNotExist. type: string values: - description: values - is an array of string - values. If the operator - is In or NotIn, the - values array must - be non-empty. If the - operator is Exists - or DoesNotExist, the - values array must - be empty. This array - is replaced during - a strategic merge - patch. items: type: string type: array @@ -19767,110 +7021,31 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in - the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic name: - description: Select a single ClusterTrustBundle - by object name. Mutually-exclusive - with signerName and labelSelector. type: string optional: - description: If true, don't block - pod startup if the referenced - ClusterTrustBundle(s) aren't - available. If using name, then - the named ClusterTrustBundle - is allowed not to exist. If - using signerName, then the combination - of signerName and labelSelector - is allowed to match zero ClusterTrustBundles. type: boolean path: - description: Relative path from - the volume root to write the - bundle. type: string signerName: - description: Select all ClusterTrustBundles - that match this signer name. - Mutually-exclusive with name. The - contents of all selected ClusterTrustBundles - will be unified and deduplicated. type: string required: - path type: object configMap: - description: configMap information - about the configMap data to project properties: items: - description: items if unspecified, - each key-value pair in the Data - field of the referenced ConfigMap - will be projected into the volume - as a file whose name is the - key and content is the value. - If specified, the listed keys - will be projected into the specified - paths, and unlisted keys will - not be present. If a key is - specified which is not present - in the ConfigMap, the volume - setup will error unless it is - marked optional. Paths must - be relative and may not contain - the '..' path or start with - '..'. items: - description: Maps a string key - to a path within a volume. properties: key: - description: key is the - key to project. type: string mode: - description: 'mode is Optional: - mode bits used to set - permissions on this file. - Must be an octal value - between 0000 and 0777 - or a decimal value between - 0 and 511. YAML accepts - both octal and decimal - values, JSON requires - decimal values for mode - bits. If not specified, - the volume defaultMode - will be used. This might - be in conflict with other - options that affect the - file mode, like fsGroup, - and the result can be - other mode bits set.' format: int32 type: integer path: - description: path is the - relative path of the file - to map the key to. May - not be an absolute path. - May not contain the path - element '..'. May not - start with the string - '..'. type: string required: - key @@ -19880,124 +7055,42 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional specify - whether the ConfigMap or its - keys must be defined type: boolean type: object x-kubernetes-map-type: atomic downwardAPI: - description: downwardAPI information - about the downwardAPI data to project properties: items: - description: Items is a list of - DownwardAPIVolume file items: - description: DownwardAPIVolumeFile - represents information to - create the file containing - the pod field properties: fieldRef: - description: 'Required: - Selects a field of the - pod: only annotations, - labels, name, namespace - and uid are supported.' properties: apiVersion: - description: Version - of the schema the - FieldPath is written - in terms of, defaults - to "v1". type: string fieldPath: - description: Path of - the field to select - in the specified API - version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: - mode bits used to set - permissions on this file, - must be an octal value - between 0000 and 0777 - or a decimal value between - 0 and 511. YAML accepts - both octal and decimal - values, JSON requires - decimal values for mode - bits. If not specified, - the volume defaultMode - will be used. This might - be in conflict with other - options that affect the - file mode, like fsGroup, - and the result can be - other mode bits set.' format: int32 type: integer path: - description: 'Required: - Path is the relative - path name of the file - to be created. Must not - be absolute or contain - the ''..'' path. Must - be utf-8 encoded. The - first item of the relative - path must not start with - ''..''' type: string resourceFieldRef: - description: 'Selects a - resource of the container: - only resources limits - and requests (limits.cpu, - limits.memory, requests.cpu - and requests.memory) are - currently supported.' properties: containerName: - description: 'Container - name: required for - volumes, optional - for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies - the output format - of the exposed resources, - defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: - resource to select' type: string required: - resource @@ -20010,64 +7103,16 @@ spec: x-kubernetes-list-type: atomic type: object secret: - description: secret information about - the secret data to project properties: items: - description: items if unspecified, - each key-value pair in the Data - field of the referenced Secret - will be projected into the volume - as a file whose name is the - key and content is the value. - If specified, the listed keys - will be projected into the specified - paths, and unlisted keys will - not be present. If a key is - specified which is not present - in the Secret, the volume setup - will error unless it is marked - optional. Paths must be relative - and may not contain the '..' - path or start with '..'. items: - description: Maps a string key - to a path within a volume. properties: key: - description: key is the - key to project. type: string mode: - description: 'mode is Optional: - mode bits used to set - permissions on this file. - Must be an octal value - between 0000 and 0777 - or a decimal value between - 0 and 511. YAML accepts - both octal and decimal - values, JSON requires - decimal values for mode - bits. If not specified, - the volume defaultMode - will be used. This might - be in conflict with other - options that affect the - file mode, like fsGroup, - and the result can be - other mode bits set.' format: int32 type: integer path: - description: path is the - relative path of the file - to map the key to. May - not be an absolute path. - May not contain the path - element '..'. May not - start with the string - '..'. type: string required: - key @@ -20077,63 +7122,19 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional field specify - whether the Secret or its key - must be defined type: boolean type: object x-kubernetes-map-type: atomic serviceAccountToken: - description: serviceAccountToken is - information about the serviceAccountToken - data to project properties: audience: - description: audience is the intended - audience of the token. A recipient - of a token must identify itself - with an identifier specified - in the audience of the token, - and otherwise should reject - the token. The audience defaults - to the identifier of the apiserver. type: string expirationSeconds: - description: expirationSeconds - is the requested duration of - validity of the service account - token. As the token approaches - expiration, the kubelet volume - plugin will proactively rotate - the service account token. The - kubelet will start trying to - rotate the token if the token - is older than 80 percent of - its time to live or if the token - is older than 24 hours.Defaults - to 1 hour and must be at least - 10 minutes. format: int64 type: integer path: - description: path is the path - relative to the mount point - of the file to project the token - into. type: string required: - path @@ -20143,183 +7144,79 @@ spec: x-kubernetes-list-type: atomic type: object quobyte: - description: quobyte represents a Quobyte mount - on the host that shares a pod's lifetime properties: group: - description: group to map volume access - to Default is no group type: string readOnly: - description: readOnly here will force the - Quobyte volume to be mounted with read-only - permissions. Defaults to false. type: boolean registry: - description: registry represents a single - or multiple Quobyte Registry services - specified as a string as host:port pair - (multiple entries are separated with commas) - which acts as the central registry for - volumes type: string tenant: - description: tenant owning the given Quobyte - volume in the Backend Used with dynamically - provisioned Quobyte volumes, value is - set by the plugin type: string user: - description: user to map volume access to - Defaults to serivceaccount user type: string volume: - description: volume is a string that references - an already created Quobyte volume by name. type: string required: - registry - volume type: object rbd: - description: 'rbd represents a Rados Block Device - mount on the host that shares a pod''s lifetime. - More info: https://examples.k8s.io/volumes/rbd/README.md' properties: fsType: - description: 'fsType is the filesystem type - of the volume that you want to mount. - Tip: Ensure that the filesystem type is - supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the - filesystem from compromising the machine' type: string image: - description: 'image is the rados image name. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string keyring: - description: 'keyring is the path to key - ring for RBDUser. Default is /etc/ceph/keyring. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string monitors: - description: 'monitors is a collection of - Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' items: type: string type: array x-kubernetes-list-type: atomic pool: - description: 'pool is the rados pool name. - Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string readOnly: - description: 'readOnly here will force the - ReadOnly setting in VolumeMounts. Defaults - to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: boolean secretRef: - description: 'secretRef is name of the authentication - secret for RBDUser. If provided overrides - keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value here - are almost certainly wrong. TODO: - Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is the rados user name. - Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string required: - image - monitors type: object scaleIO: - description: scaleIO represents a ScaleIO persistent - volume attached and mounted on Kubernetes - nodes. properties: fsType: - description: fsType is the filesystem type - to mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Default is "xfs". type: string gateway: - description: gateway is the host address - of the ScaleIO API Gateway. type: string protectionDomain: - description: protectionDomain is the name - of the ScaleIO Protection Domain for the - configured storage. type: string readOnly: - description: readOnly Defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: secretRef references to the - secret for ScaleIO user and other sensitive - information. If this is not provided, - Login operation will fail. properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value here - are almost certainly wrong. TODO: - Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic sslEnabled: - description: sslEnabled Flag enable/disable - SSL communication with Gateway, default - false type: boolean storageMode: - description: storageMode indicates whether - the storage for a volume should be ThickProvisioned - or ThinProvisioned. Default is ThinProvisioned. type: string storagePool: - description: storagePool is the ScaleIO - Storage Pool associated with the protection - domain. type: string system: - description: system is the name of the storage - system as configured in ScaleIO. type: string volumeName: - description: volumeName is the name of a - volume already created in the ScaleIO - system that is associated with this volume - source. type: string required: - gateway @@ -20327,68 +7224,19 @@ spec: - system type: object secret: - description: 'secret represents a secret that - should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' properties: defaultMode: - description: 'defaultMode is Optional: mode - bits used to set permissions on created - files by default. Must be an octal value - between 0000 and 0777 or a decimal value - between 0 and 511. YAML accepts both octal - and decimal values, JSON requires decimal - values for mode bits. Defaults to 0644. - Directories within the path are not affected - by this setting. This might be in conflict - with other options that affect the file - mode, like fsGroup, and the result can - be other mode bits set.' format: int32 type: integer items: - description: items If unspecified, each - key-value pair in the Data field of the - referenced Secret will be projected into - the volume as a file whose name is the - key and content is the value. If specified, - the listed keys will be projected into - the specified paths, and unlisted keys - will not be present. If a key is specified - which is not present in the Secret, the - volume setup will error unless it is marked - optional. Paths must be relative and may - not contain the '..' path or start with - '..'. items: - description: Maps a string key to a path - within a volume. properties: key: - description: key is the key to project. type: string mode: - description: 'mode is Optional: mode - bits used to set permissions on - this file. Must be an octal value - between 0000 and 0777 or a decimal - value between 0 and 511. YAML accepts - both octal and decimal values, JSON - requires decimal values for mode - bits. If not specified, the volume - defaultMode will be used. This might - be in conflict with other options - that affect the file mode, like - fsGroup, and the result can be other - mode bits set.' format: int32 type: integer path: - description: path is the relative - path of the file to map the key - to. May not be an absolute path. - May not contain the path element - '..'. May not start with the string - '..'. type: string required: - key @@ -20397,97 +7245,37 @@ spec: type: array x-kubernetes-list-type: atomic optional: - description: optional field specify whether - the Secret or its keys must be defined type: boolean secretName: - description: 'secretName is the name of - the secret in the pod''s namespace to - use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' type: string type: object storageos: - description: storageOS represents a StorageOS - volume attached and mounted on Kubernetes - nodes. properties: fsType: - description: fsType is the filesystem type - to mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to - be "ext4" if unspecified. type: string readOnly: - description: readOnly defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: secretRef specifies the secret - to use for obtaining the StorageOS API - credentials. If not specified, default - values will be attempted. properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value here - are almost certainly wrong. TODO: - Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic volumeName: - description: volumeName is the human-readable - name of the StorageOS volume. Volume - names are only unique within a namespace. type: string volumeNamespace: - description: volumeNamespace specifies the - scope of the volume within StorageOS. If - no namespace is specified then the Pod's - namespace will be used. This allows the - Kubernetes name scoping to be mirrored - within StorageOS for tighter integration. - Set VolumeName to any name to override - the default behaviour. Set to "default" - if you are not using namespaces within - StorageOS. Namespaces that do not pre-exist - within StorageOS will be created. type: string type: object vsphereVolume: - description: vsphereVolume represents a vSphere - volume attached and mounted on kubelets host - machine properties: fsType: - description: fsType is filesystem type to - mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to - be "ext4" if unspecified. type: string storagePolicyID: - description: storagePolicyID is the storage - Policy Based Management (SPBM) profile - ID associated with the StoragePolicyName. type: string storagePolicyName: - description: storagePolicyName is the storage - Policy Based Management (SPBM) profile - name. type: string volumePath: - description: volumePath is the path that - identifies vSphere volume vmdk type: string required: - volumePath @@ -20499,215 +7287,93 @@ spec: type: object type: array preBackup: - description: PreBackup specifies a list of hooks that will - be executed before backup items: - description: HookInfo specifies the information about - the backup/restore hooks properties: executionPolicy: default: Always - description: 'ExecutionPolicy specifies when to execute - the hook. Valid values are: - "Always": KubeStash - will execute this hook no matter the backup/restore - failed. This is the default execution policy. - - "OnSuccess": KubeStash will execute this hook only - if the backup/restore has succeeded. - "OnFailure": - KubeStash will execute this hook only if the backup/restore - has failed.' enum: - Always - OnSuccess - OnFailure type: string hookTemplate: - description: HookTemplate points to a HookTemplate - CR that will be used to execute the hook. You can - refer to a HookTemplate from other namespaces as - long as your current namespace is allowed by the - `usagePolicy` in the respective HookTemplate. properties: name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string required: - name type: object maxRetry: - description: MaxRetry specifies how many times KubeStash - should retry the hook execution in case of failure. - The default value of this field is 0 which means - no retry. format: int32 minimum: 0 type: integer name: - description: Name specifies a name for the hook type: string params: - description: Params specifies parameters for the hook. - You must provide the parameter in the HookTemplates - desired structure. type: object x-kubernetes-preserve-unknown-fields: true runtimeSettings: - description: RuntimeSettings specifies runtime configurations - for the hook executor Job. Use this field only for - `Function` type hook executor. properties: container: properties: env: - description: List of environment variables - to set in the container. Cannot be updated. items: - description: EnvVar represents an environment - variable present in a Container. properties: name: - description: Name of the environment - variable. Must be a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) - are expanded using the previously - defined environment variables in the - container and any service environment - variables. If a variable cannot be - resolved, the reference in the input - string will be unchanged. Double $$ - are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: - i.e. "$$(VAR_NAME)" will produce the - string literal "$(VAR_NAME)". Escaped - references will never be expanded, - regardless of whether the variable - exists or not. Defaults to "".' type: string valueFrom: - description: Source for the environment - variable's value. Cannot be used if - value is not empty. properties: configMapKeyRef: - description: Selects a key of a - ConfigMap. properties: key: - description: The key to select. type: string name: default: "" - description: 'Name of the referent. - This field is effectively - required, but due to backwards - compatibility is allowed to - be empty. Instances of this - type with an empty value here - are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether - the ConfigMap or its key must - be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of - the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, status.podIPs.' properties: apiVersion: - description: Version of the - schema the FieldPath is written - in terms of, defaults to "v1". type: string fieldPath: - description: Path of the field - to select in the specified - API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource - of the container: only resources - limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, - requests.cpu, requests.memory - and requests.ephemeral-storage) - are currently supported.' properties: containerName: - description: 'Container name: - required for volumes, optional - for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output - format of the exposed resources, - defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource - to select' type: string required: - resource type: object x-kubernetes-map-type: atomic secretKeyRef: - description: Selects a key of a - secret in the pod's namespace properties: key: - description: The key of the - secret to select from. Must - be a valid secret key. type: string name: default: "" - description: 'Name of the referent. - This field is effectively - required, but due to backwards - compatibility is allowed to - be empty. Instances of this - type with an empty value here - are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether - the Secret or its key must - be defined type: boolean required: - key @@ -20719,81 +7385,31 @@ spec: type: object type: array envFrom: - description: List of sources to populate environment - variables in the container. The keys defined - within a source must be a C_IDENTIFIER. - All invalid keys will be reported as an - event when the container is starting. When - a key exists in multiple sources, the value - associated with the last source will take - precedence. Values defined by an Env with - a duplicate key will take precedence. Cannot - be updated. items: - description: EnvFromSource represents the - source of a set of ConfigMaps properties: configMapRef: - description: The ConfigMap to select - from properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the - ConfigMap must be defined type: boolean type: object x-kubernetes-map-type: atomic prefix: - description: An optional identifier - to prepend to each key in the ConfigMap. - Must be a C_IDENTIFIER. type: string secretRef: - description: The Secret to select from properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the - Secret must be defined type: boolean type: object x-kubernetes-map-type: atomic type: object type: array ionice: - description: 'Settings to configure `ionice` - to throttle the load on disk. More info: - http://kennystechtalk.blogspot.com/2015/04/throttling-cpu-usage-with-linux-cgroups.html - More info: https://oakbytes.wordpress.com/2012/06/06/linux-scheduler-cfs-and-nice/' properties: class: format: int32 @@ -20803,72 +7419,27 @@ spec: type: integer type: object lifecycle: - description: Actions that the management system - should take in response to container lifecycle - events. Cannot be updated. properties: postStart: - description: 'PostStart is called immediately - after a container is created. If the - handler fails, the container is terminated - and restarted according to its restart - policy. Other management of the container - blocks until the hook completes. More - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: Exec specifies the action - to take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the - command is root ('/') in the - container's filesystem. The - command is simply exec'd, it - is not run inside a shell, so - traditional shell instructions - ('|', etc) won't work. To use - a shell, you need to explicitly - call out to that shell. Exit - status of 0 is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the - http request to perform. properties: host: - description: Host name to connect - to, defaults to the pod IP. - You probably want to set "Host" - in httpHeaders instead. type: string httpHeaders: - description: Custom headers to - set in the request. HTTP allows - repeated headers. items: - description: HTTPHeader describes - a custom header to be used - in HTTP probes properties: name: - description: The header - field name. This will - be canonicalized upon - output, so case-variant - names will be understood - as the same header. type: string value: - description: The header - field value type: string required: - name @@ -20877,138 +7448,58 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on - the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for - connecting to the host. Defaults - to HTTP. type: string required: - port type: object sleep: - description: Sleep represents the - duration that the container should - sleep before being terminated. properties: seconds: - description: Seconds is the number - of seconds to sleep. format: int64 type: integer required: - seconds type: object tcpSocket: - description: Deprecated. TCPSocket - is NOT supported as a LifecycleHandler - and kept for the backward compatibility. - There are no validation of this - field and lifecycle hooks will fail - in runtime when tcp handler is specified. properties: host: - description: 'Optional: Host name - to connect to, defaults to the - pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: - description: 'PreStop is called immediately - before a container is terminated due - to an API request or management event - such as liveness/startup probe failure, - preemption, resource contention, etc. - The handler is not called if the container - crashes or exits. The Pod''s termination - grace period countdown begins before - the PreStop hook is executed. Regardless - of the outcome of the handler, the container - will eventually terminate within the - Pod''s termination grace period (unless - delayed by finalizers). Other management - of the container blocks until the hook - completes or until the termination grace - period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: Exec specifies the action - to take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the - command is root ('/') in the - container's filesystem. The - command is simply exec'd, it - is not run inside a shell, so - traditional shell instructions - ('|', etc) won't work. To use - a shell, you need to explicitly - call out to that shell. Exit - status of 0 is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the - http request to perform. properties: host: - description: Host name to connect - to, defaults to the pod IP. - You probably want to set "Host" - in httpHeaders instead. type: string httpHeaders: - description: Custom headers to - set in the request. HTTP allows - repeated headers. items: - description: HTTPHeader describes - a custom header to be used - in HTTP probes properties: name: - description: The header - field name. This will - be canonicalized upon - output, so case-variant - names will be understood - as the same header. type: string value: - description: The header - field value type: string required: - name @@ -21017,62 +7508,33 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on - the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for - connecting to the host. Defaults - to HTTP. type: string required: - port type: object sleep: - description: Sleep represents the - duration that the container should - sleep before being terminated. properties: seconds: - description: Seconds is the number - of seconds to sleep. format: int64 type: integer required: - seconds type: object tcpSocket: - description: Deprecated. TCPSocket - is NOT supported as a LifecycleHandler - and kept for the backward compatibility. - There are no validation of this - field and lifecycle hooks will fail - in runtime when tcp handler is specified. properties: host: - description: 'Optional: Host name - to connect to, defaults to the - pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -21080,88 +7542,38 @@ spec: type: object type: object livenessProbe: - description: 'Periodic probe of container - liveness. Container will be restarted if - the probe fails. Cannot be updated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action - to take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it - is not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to - explicitly call out to that shell. - Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults to - 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action - involving a GRPC port. properties: port: - description: Port number of the gRPC - service. Number must be in the range - 1 to 65535. format: int32 type: integer service: - description: "Service is the name - of the service to place in the gRPC - HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the - default behavior is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http - request to perform. properties: host: - description: Host name to connect - to, defaults to the pod IP. You - probably want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers to set - in the request. HTTP allows repeated - headers. items: - description: HTTPHeader describes - a custom header to be used in - HTTP probes properties: name: - description: The header field - name. This will be canonicalized - upon output, so case-variant - names will be understood as - the same header. type: string value: - description: The header field - value type: string required: - name @@ -21170,190 +7582,84 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the - HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the - port to access on the container. - Number must be in the range 1 to - 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after - the container has started before liveness - probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to - perform the probe. Default to 10 seconds. - Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to 1. - Must be 1 for liveness and startup. - Minimum value is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action - involving a TCP port. properties: host: - description: 'Optional: Host name - to connect to, defaults to the pod - IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the - port to access on the container. - Number must be in the range 1 to - 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds - the pod needs to terminate gracefully - upon probe failure. The grace period - is the duration in seconds after the - processes running in the pod are sent - a termination signal and the time when - the processes are forcibly halted with - a kill signal. Set this value longer - than the expected cleanup time for your - process. If this value is nil, the pod's - terminationGracePeriodSeconds will be - used. Otherwise, this value overrides - the value provided by the pod spec. - Value must be non-negative integer. - The value zero indicates stop immediately - via the kill signal (no opportunity - to shut down). This is a beta field - and requires enabling ProbeTerminationGracePeriod - feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after - which the probe times out. Defaults - to 1 second. Minimum value is 1. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object nice: - description: 'Settings to configure `nice` - to throttle the load on cpu. More info: - http://kennystechtalk.blogspot.com/2015/04/throttling-cpu-usage-with-linux-cgroups.html - More info: https://oakbytes.wordpress.com/2012/06/06/linux-scheduler-cfs-and-nice/' properties: adjustment: format: int32 type: integer type: object readinessProbe: - description: 'Periodic probe of container - service readiness. Container will be removed - from service endpoints if the probe fails. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action - to take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it - is not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to - explicitly call out to that shell. - Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults to - 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action - involving a GRPC port. properties: port: - description: Port number of the gRPC - service. Number must be in the range - 1 to 65535. format: int32 type: integer service: - description: "Service is the name - of the service to place in the gRPC - HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the - default behavior is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http - request to perform. properties: host: - description: Host name to connect - to, defaults to the pod IP. You - probably want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers to set - in the request. HTTP allows repeated - headers. items: - description: HTTPHeader describes - a custom header to be used in - HTTP probes properties: name: - description: The header field - name. This will be canonicalized - upon output, so case-variant - names will be understood as - the same header. type: string value: - description: The header field - value type: string required: - name @@ -21362,120 +7668,51 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the - HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the - port to access on the container. - Number must be in the range 1 to - 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after - the container has started before liveness - probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to - perform the probe. Default to 10 seconds. - Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to 1. - Must be 1 for liveness and startup. - Minimum value is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action - involving a TCP port. properties: host: - description: 'Optional: Host name - to connect to, defaults to the pod - IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the - port to access on the container. - Number must be in the range 1 to - 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds - the pod needs to terminate gracefully - upon probe failure. The grace period - is the duration in seconds after the - processes running in the pod are sent - a termination signal and the time when - the processes are forcibly halted with - a kill signal. Set this value longer - than the expected cleanup time for your - process. If this value is nil, the pod's - terminationGracePeriodSeconds will be - used. Otherwise, this value overrides - the value provided by the pod spec. - Value must be non-negative integer. - The value zero indicates stop immediately - via the kill signal (no opportunity - to shut down). This is a beta field - and requires enabling ProbeTerminationGracePeriod - feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after - which the probe times out. Defaults - to 1 second. Minimum value is 1. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object resources: - description: 'Compute Resources required by - container. Cannot be updated. More info: - https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' properties: claims: - description: "Claims lists the names of - resources, defined in spec.resourceClaims, - that are used by this container. \n - This is an alpha field and requires - enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. - It can only be set for containers." items: - description: ResourceClaim references - one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the - name of one entry in pod.spec.resourceClaims - of the Pod where this field is - used. It makes that resource available - inside a container. type: string required: - name @@ -21491,9 +7728,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum - amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -21502,248 +7736,77 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum - amount of compute resources required. - If Requests is omitted for a container, - it defaults to Limits if that is explicitly - specified, otherwise to an implementation-defined - value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: - description: 'Security options the pod should - run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation - controls whether a process can gain - more privileges than its parent process. - This bool directly controls if the no_new_privs - flag will be set on the container process. - AllowPrivilegeEscalation is true always - when the container is: 1) run as Privileged - 2) has CAP_SYS_ADMIN Note that this - field cannot be set when spec.os.name - is windows.' type: boolean appArmorProfile: - description: appArmorProfile is the AppArmor - options to use by this container. If - set, this profile overrides the pod's - appArmorProfile. Note that this field - cannot be set when spec.os.name is windows. properties: localhostProfile: - description: localhostProfile indicates - a profile loaded on the node that - should be used. The profile must - be preconfigured on the node to - work. Must match the loaded name - of the profile. Must be set if and - only if type is "Localhost". type: string type: - description: 'type indicates which - kind of AppArmor profile will be - applied. Valid options are: Localhost - - a profile pre-loaded on the node. - RuntimeDefault - the container runtime''s - default profile. Unconfined - no - AppArmor enforcement.' type: string required: - type type: object capabilities: - description: The capabilities to add/drop - when running containers. Defaults to - the default set of capabilities granted - by the container runtime. Note that - this field cannot be set when spec.os.name - is windows. properties: add: - description: Added capabilities items: - description: Capability represent - POSIX capabilities type type: string type: array x-kubernetes-list-type: atomic drop: - description: Removed capabilities items: - description: Capability represent - POSIX capabilities type type: string type: array x-kubernetes-list-type: atomic type: object privileged: - description: Run container in privileged - mode. Processes in privileged containers - are essentially equivalent to root on - the host. Defaults to false. Note that - this field cannot be set when spec.os.name - is windows. type: boolean procMount: - description: procMount denotes the type - of proc mount to use for the containers. - The default is DefaultProcMount which - uses the container runtime defaults - for readonly paths and masked paths. - This requires the ProcMountType feature - flag to be enabled. Note that this field - cannot be set when spec.os.name is windows. type: string readOnlyRootFilesystem: - description: Whether this container has - a read-only root filesystem. Default - is false. Note that this field cannot - be set when spec.os.name is windows. type: boolean runAsGroup: - description: The GID to run the entrypoint - of the container process. Uses runtime - default if unset. May also be set in - PodSecurityContext. If set in both - SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this field - cannot be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: - description: Indicates that the container - must run as a non-root user. If true, - the Kubelet will validate the image - at runtime to ensure that it does not - run as UID 0 (root) and fail to start - the container if it does. If unset or - false, no such validation will be performed. - May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint - of the container process. Defaults to - user specified in image metadata if - unspecified. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this field - cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be - applied to the container. If unspecified, - the container runtime will allocate - a random SELinux context for each container. May - also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this field - cannot be set when spec.os.name is windows. properties: level: - description: Level is SELinux level - label that applies to the container. type: string role: - description: Role is a SELinux role - label that applies to the container. type: string type: - description: Type is a SELinux type - label that applies to the container. type: string user: - description: User is a SELinux user - label that applies to the container. type: string type: object seccompProfile: - description: The seccomp options to use - by this container. If seccomp options - are provided at both the pod & container - level, the container options override - the pod options. Note that this field - cannot be set when spec.os.name is windows. properties: localhostProfile: - description: localhostProfile indicates - a profile defined in a file on the - node should be used. The profile - must be preconfigured on the node - to work. Must be a descending path, - relative to the kubelet's configured - seccomp profile location. Must be - set if type is "Localhost". Must - NOT be set for any other type. type: string type: - description: "type indicates which - kind of seccomp profile will be - applied. Valid options are: \n Localhost - - a profile defined in a file on - the node should be used. RuntimeDefault - - the container runtime default - profile should be used. Unconfined - - no profile should be applied." type: string required: - type type: object windowsOptions: - description: The Windows specific settings - applied to all containers. If unspecified, - the options from the PodSecurityContext - will be used. If set in both SecurityContext - and PodSecurityContext, the value specified - in SecurityContext takes precedence. - Note that this field cannot be set when - spec.os.name is linux. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is - where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA - credential spec named by the GMSACredentialSpecName - field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName - is the name of the GMSA credential - spec to use. type: string hostProcess: - description: HostProcess determines - if a container should be run as - a 'Host Process' container. All - of a Pod's containers must have - the same effective HostProcess value - (it is not allowed to have a mix - of HostProcess containers and non-HostProcess - containers). In addition, if HostProcess - is true then HostNetwork must also - be set to true. type: boolean runAsUserName: - description: The UserName in Windows - to run the entrypoint of the container - process. Defaults to the user specified - in image metadata if unspecified. - May also be set in PodSecurityContext. - If set in both SecurityContext and - PodSecurityContext, the value specified - in SecurityContext takes precedence. type: string type: object type: object @@ -21751,91 +7814,22 @@ spec: pod: properties: affinity: - description: If specified, the pod's scheduling - constraints properties: nodeAffinity: - description: Describes node affinity scheduling - rules for the pod. properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer - to schedule pods to nodes that satisfy - the affinity expressions specified - by this field, but it may choose - a node that violates one or more - of the expressions. The node that - is most preferred is the one with - the greatest sum of weights, i.e. - for each node that meets all of - the scheduling requirements (resource - request, requiredDuringScheduling - affinity expressions, etc.), compute - a sum by iterating through the elements - of this field and adding "weight" - to the sum if the node matches the - corresponding matchExpressions; - the node(s) with the highest sum - are the most preferred. items: - description: An empty preferred - scheduling term matches all objects - with implicit weight 0 (i.e. it's - a no-op). A null preferred scheduling - term matches no objects (i.e. - is also a no-op). properties: preference: - description: A node selector - term, associated with the - corresponding weight. properties: matchExpressions: - description: A list of node - selector requirements - by node's labels. items: - description: A node selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key - and values. properties: key: - description: The label - key that the selector - applies to. type: string operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, Exists, - DoesNotExist. Gt, - and Lt. type: string values: - description: An array - of string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. If - the operator is - Gt or Lt, the values - array must have - a single element, - which will be interpreted - as an integer. This - array is replaced - during a strategic - merge patch. items: type: string type: array @@ -21847,51 +7841,13 @@ spec: type: array x-kubernetes-list-type: atomic matchFields: - description: A list of node - selector requirements - by node's fields. items: - description: A node selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key - and values. properties: key: - description: The label - key that the selector - applies to. type: string operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, Exists, - DoesNotExist. Gt, - and Lt. type: string values: - description: An array - of string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. If - the operator is - Gt or Lt, the values - array must have - a single element, - which will be interpreted - as an integer. This - array is replaced - during a strategic - merge patch. items: type: string type: array @@ -21905,10 +7861,6 @@ spec: type: object x-kubernetes-map-type: atomic weight: - description: Weight associated - with matching the corresponding - nodeSelectorTerm, in the range - 1-100. format: int32 type: integer required: @@ -21918,75 +7870,18 @@ spec: type: array x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements - specified by this field are not - met at scheduling time, the pod - will not be scheduled onto the node. - If the affinity requirements specified - by this field cease to be met at - some point during pod execution - (e.g. due to an update), the system - may or may not try to eventually - evict the pod from its node. properties: nodeSelectorTerms: - description: Required. A list - of node selector terms. The - terms are ORed. items: - description: A null or empty - node selector term matches - no objects. The requirements - of them are ANDed. The TopologySelectorTerm - type implements a subset of - the NodeSelectorTerm. properties: matchExpressions: - description: A list of node - selector requirements - by node's labels. items: - description: A node selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key - and values. properties: key: - description: The label - key that the selector - applies to. type: string operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, Exists, - DoesNotExist. Gt, - and Lt. type: string values: - description: An array - of string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. If - the operator is - Gt or Lt, the values - array must have - a single element, - which will be interpreted - as an integer. This - array is replaced - during a strategic - merge patch. items: type: string type: array @@ -21998,51 +7893,13 @@ spec: type: array x-kubernetes-list-type: atomic matchFields: - description: A list of node - selector requirements - by node's fields. items: - description: A node selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key - and values. properties: key: - description: The label - key that the selector - applies to. type: string operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, Exists, - DoesNotExist. Gt, - and Lt. type: string values: - description: An array - of string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. If - the operator is - Gt or Lt, the values - array must have - a single element, - which will be interpreted - as an integer. This - array is replaced - during a strategic - merge patch. items: type: string type: array @@ -22063,97 +7920,22 @@ spec: x-kubernetes-map-type: atomic type: object podAffinity: - description: Describes pod affinity scheduling - rules (e.g. co-locate this pod in the - same node, zone, etc. as some other - pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer - to schedule pods to nodes that satisfy - the affinity expressions specified - by this field, but it may choose - a node that violates one or more - of the expressions. The node that - is most preferred is the one with - the greatest sum of weights, i.e. - for each node that meets all of - the scheduling requirements (resource - request, requiredDuringScheduling - affinity expressions, etc.), compute - a sum by iterating through the elements - of this field and adding "weight" - to the sum if the node has pods - which matches the corresponding - podAffinityTerm; the node(s) with - the highest sum are the most preferred. items: - description: The weights of all - of the matched WeightedPodAffinityTerm - fields are added per-node to find - the most preferred node(s) properties: podAffinityTerm: - description: Required. A pod - affinity term, associated - with the corresponding weight. properties: labelSelector: - description: A label query - over a set of resources, - in this case pods. If - it's null, this PodAffinityTerm - matches with no Pods. properties: matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements are - ANDed. items: - description: A label - selector requirement - is a selector that - contains values, - a key, and an operator - that relates the - key and values. properties: key: - description: key - is the label - key that the - selector applies - to. type: string operator: - description: operator - represents a - key's relationship - to a set of - values. Valid - operators are - In, NotIn, Exists - and DoesNotExist. type: string values: - description: values - is an array - of string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or - DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic - merge patch. items: type: string type: array @@ -22167,151 +7949,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels - map is equivalent - to an element of matchExpressions, - whose key field is - "key", the operator - is "In", and the values - array contains only - "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys - is a set of pod label - keys to select which pods - will be taken into consideration. - The keys are used to lookup - values from the incoming - pod labels, those key-value - labels are merged with - `labelSelector` as `key - in (value)` to select - the group of existing - pods which pods will be - taken into consideration - for the incoming pod's - pod (anti) affinity. Keys - that don't exist in the - incoming pod labels will - be ignored. The default - value is empty. The same - key is forbidden to exist - in both matchLabelKeys - and labelSelector. Also, - matchLabelKeys cannot - be set when labelSelector - isn't set. This is an - alpha field and requires - enabling MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys - is a set of pod label - keys to select which pods - will be taken into consideration. - The keys are used to lookup - values from the incoming - pod labels, those key-value - labels are merged with - `labelSelector` as `key - notin (value)` to select - the group of existing - pods which pods will be - taken into consideration - for the incoming pod's - pod (anti) affinity. Keys - that don't exist in the - incoming pod labels will - be ignored. The default - value is empty. The same - key is forbidden to exist - in both mismatchLabelKeys - and labelSelector. Also, - mismatchLabelKeys cannot - be set when labelSelector - isn't set. This is an - alpha field and requires - enabling MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query - over the set of namespaces - that the term applies - to. The term is applied - to the union of the namespaces - selected by this field - and the ones listed in - the namespaces field. - null selector and null - or empty namespaces list - means "this pod's namespace". - An empty selector ({}) - matches all namespaces. properties: matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements are - ANDed. items: - description: A label - selector requirement - is a selector that - contains values, - a key, and an operator - that relates the - key and values. properties: key: - description: key - is the label - key that the - selector applies - to. type: string operator: - description: operator - represents a - key's relationship - to a set of - values. Valid - operators are - In, NotIn, Exists - and DoesNotExist. type: string values: - description: values - is an array - of string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or - DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic - merge patch. items: type: string type: array @@ -22325,61 +7985,20 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels - map is equivalent - to an element of matchExpressions, - whose key field is - "key", the operator - is "In", and the values - array contains only - "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces - specifies a static list - of namespace names that - the term applies to. The - term is applied to the - union of the namespaces - listed in this field and - the ones selected by namespaceSelector. - null or empty namespaces - list and null namespaceSelector - means "this pod's namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: - description: This pod should - be co-located (affinity) - or not co-located (anti-affinity) - with the pods matching - the labelSelector in the - specified namespaces, - where co-located is defined - as running on a node whose - value of the label with - key topologyKey matches - that of any node on which - any of the selected pods - is running. Empty topologyKey - is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated - with matching the corresponding - podAffinityTerm, in the range - 1-100. format: int32 type: integer required: @@ -22389,81 +8008,18 @@ spec: type: array x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements - specified by this field are not - met at scheduling time, the pod - will not be scheduled onto the node. - If the affinity requirements specified - by this field cease to be met at - some point during pod execution - (e.g. due to a pod label update), - the system may or may not try to - eventually evict the pod from its - node. When there are multiple elements, - the lists of nodes corresponding - to each podAffinityTerm are intersected, - i.e. all terms must be satisfied. items: - description: Defines a set of pods - (namely those matching the labelSelector - relative to the given namespace(s)) - that this pod should be co-located - (affinity) or not co-located (anti-affinity) - with, where co-located is defined - as running on a node whose value - of the label with key - matches that of any node on which - a pod of the set of pods is running properties: labelSelector: - description: A label query over - a set of resources, in this - case pods. If it's null, this - PodAffinityTerm matches with - no Pods. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key - and values. properties: key: - description: key is - the label key that - the selector applies - to. type: string operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values - is an array of string - values. If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. This - array is replaced - during a strategic - merge patch. items: type: string type: array @@ -22477,136 +8033,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an element - of matchExpressions, whose - key field is "key", the - operator is "In", and - the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys - is a set of pod label keys - to select which pods will - be taken into consideration. - The keys are used to lookup - values from the incoming pod - labels, those key-value labels - are merged with `labelSelector` - as `key in (value)` to select - the group of existing pods - which pods will be taken into - consideration for the incoming - pod's pod (anti) affinity. - Keys that don't exist in the - incoming pod labels will be - ignored. The default value - is empty. The same key is - forbidden to exist in both - matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot - be set when labelSelector - isn't set. This is an alpha - field and requires enabling - MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys - is a set of pod label keys - to select which pods will - be taken into consideration. - The keys are used to lookup - values from the incoming pod - labels, those key-value labels - are merged with `labelSelector` - as `key notin (value)` to - select the group of existing - pods which pods will be taken - into consideration for the - incoming pod's pod (anti) - affinity. Keys that don't - exist in the incoming pod - labels will be ignored. The - default value is empty. The - same key is forbidden to exist - in both mismatchLabelKeys - and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector - isn't set. This is an alpha - field and requires enabling - MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over - the set of namespaces that - the term applies to. The term - is applied to the union of - the namespaces selected by - this field and the ones listed - in the namespaces field. null - selector and null or empty - namespaces list means "this - pod's namespace". An empty - selector ({}) matches all - namespaces. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key - and values. properties: key: - description: key is - the label key that - the selector applies - to. type: string operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values - is an array of string - values. If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. This - array is replaced - during a strategic - merge patch. items: type: string type: array @@ -22620,49 +8069,15 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an element - of matchExpressions, whose - key field is "key", the - operator is "In", and - the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies - a static list of namespace - names that the term applies - to. The term is applied to - the union of the namespaces - listed in this field and the - ones selected by namespaceSelector. - null or empty namespaces list - and null namespaceSelector - means "this pod's namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: - description: This pod should - be co-located (affinity) or - not co-located (anti-affinity) - with the pods matching the - labelSelector in the specified - namespaces, where co-located - is defined as running on a - node whose value of the label - with key topologyKey matches - that of any node on which - any of the selected pods is - running. Empty topologyKey - is not allowed. type: string required: - topologyKey @@ -22671,97 +8086,22 @@ spec: x-kubernetes-list-type: atomic type: object podAntiAffinity: - description: Describes pod anti-affinity - scheduling rules (e.g. avoid putting - this pod in the same node, zone, etc. - as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer - to schedule pods to nodes that satisfy - the anti-affinity expressions specified - by this field, but it may choose - a node that violates one or more - of the expressions. The node that - is most preferred is the one with - the greatest sum of weights, i.e. - for each node that meets all of - the scheduling requirements (resource - request, requiredDuringScheduling - anti-affinity expressions, etc.), - compute a sum by iterating through - the elements of this field and adding - "weight" to the sum if the node - has pods which matches the corresponding - podAffinityTerm; the node(s) with - the highest sum are the most preferred. items: - description: The weights of all - of the matched WeightedPodAffinityTerm - fields are added per-node to find - the most preferred node(s) properties: podAffinityTerm: - description: Required. A pod - affinity term, associated - with the corresponding weight. properties: labelSelector: - description: A label query - over a set of resources, - in this case pods. If - it's null, this PodAffinityTerm - matches with no Pods. properties: matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements are - ANDed. items: - description: A label - selector requirement - is a selector that - contains values, - a key, and an operator - that relates the - key and values. properties: key: - description: key - is the label - key that the - selector applies - to. type: string operator: - description: operator - represents a - key's relationship - to a set of - values. Valid - operators are - In, NotIn, Exists - and DoesNotExist. type: string values: - description: values - is an array - of string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or - DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic - merge patch. items: type: string type: array @@ -22775,151 +8115,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels - map is equivalent - to an element of matchExpressions, - whose key field is - "key", the operator - is "In", and the values - array contains only - "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys - is a set of pod label - keys to select which pods - will be taken into consideration. - The keys are used to lookup - values from the incoming - pod labels, those key-value - labels are merged with - `labelSelector` as `key - in (value)` to select - the group of existing - pods which pods will be - taken into consideration - for the incoming pod's - pod (anti) affinity. Keys - that don't exist in the - incoming pod labels will - be ignored. The default - value is empty. The same - key is forbidden to exist - in both matchLabelKeys - and labelSelector. Also, - matchLabelKeys cannot - be set when labelSelector - isn't set. This is an - alpha field and requires - enabling MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys - is a set of pod label - keys to select which pods - will be taken into consideration. - The keys are used to lookup - values from the incoming - pod labels, those key-value - labels are merged with - `labelSelector` as `key - notin (value)` to select - the group of existing - pods which pods will be - taken into consideration - for the incoming pod's - pod (anti) affinity. Keys - that don't exist in the - incoming pod labels will - be ignored. The default - value is empty. The same - key is forbidden to exist - in both mismatchLabelKeys - and labelSelector. Also, - mismatchLabelKeys cannot - be set when labelSelector - isn't set. This is an - alpha field and requires - enabling MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query - over the set of namespaces - that the term applies - to. The term is applied - to the union of the namespaces - selected by this field - and the ones listed in - the namespaces field. - null selector and null - or empty namespaces list - means "this pod's namespace". - An empty selector ({}) - matches all namespaces. properties: matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements are - ANDed. items: - description: A label - selector requirement - is a selector that - contains values, - a key, and an operator - that relates the - key and values. properties: key: - description: key - is the label - key that the - selector applies - to. type: string operator: - description: operator - represents a - key's relationship - to a set of - values. Valid - operators are - In, NotIn, Exists - and DoesNotExist. type: string values: - description: values - is an array - of string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or - DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic - merge patch. items: type: string type: array @@ -22933,61 +8151,20 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels - map is equivalent - to an element of matchExpressions, - whose key field is - "key", the operator - is "In", and the values - array contains only - "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces - specifies a static list - of namespace names that - the term applies to. The - term is applied to the - union of the namespaces - listed in this field and - the ones selected by namespaceSelector. - null or empty namespaces - list and null namespaceSelector - means "this pod's namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: - description: This pod should - be co-located (affinity) - or not co-located (anti-affinity) - with the pods matching - the labelSelector in the - specified namespaces, - where co-located is defined - as running on a node whose - value of the label with - key topologyKey matches - that of any node on which - any of the selected pods - is running. Empty topologyKey - is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated - with matching the corresponding - podAffinityTerm, in the range - 1-100. format: int32 type: integer required: @@ -22997,81 +8174,18 @@ spec: type: array x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity - requirements specified by this field - are not met at scheduling time, - the pod will not be scheduled onto - the node. If the anti-affinity requirements - specified by this field cease to - be met at some point during pod - execution (e.g. due to a pod label - update), the system may or may not - try to eventually evict the pod - from its node. When there are multiple - elements, the lists of nodes corresponding - to each podAffinityTerm are intersected, - i.e. all terms must be satisfied. items: - description: Defines a set of pods - (namely those matching the labelSelector - relative to the given namespace(s)) - that this pod should be co-located - (affinity) or not co-located (anti-affinity) - with, where co-located is defined - as running on a node whose value - of the label with key - matches that of any node on which - a pod of the set of pods is running properties: labelSelector: - description: A label query over - a set of resources, in this - case pods. If it's null, this - PodAffinityTerm matches with - no Pods. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key - and values. properties: key: - description: key is - the label key that - the selector applies - to. type: string operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values - is an array of string - values. If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. This - array is replaced - during a strategic - merge patch. items: type: string type: array @@ -23085,136 +8199,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an element - of matchExpressions, whose - key field is "key", the - operator is "In", and - the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys - is a set of pod label keys - to select which pods will - be taken into consideration. - The keys are used to lookup - values from the incoming pod - labels, those key-value labels - are merged with `labelSelector` - as `key in (value)` to select - the group of existing pods - which pods will be taken into - consideration for the incoming - pod's pod (anti) affinity. - Keys that don't exist in the - incoming pod labels will be - ignored. The default value - is empty. The same key is - forbidden to exist in both - matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot - be set when labelSelector - isn't set. This is an alpha - field and requires enabling - MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys - is a set of pod label keys - to select which pods will - be taken into consideration. - The keys are used to lookup - values from the incoming pod - labels, those key-value labels - are merged with `labelSelector` - as `key notin (value)` to - select the group of existing - pods which pods will be taken - into consideration for the - incoming pod's pod (anti) - affinity. Keys that don't - exist in the incoming pod - labels will be ignored. The - default value is empty. The - same key is forbidden to exist - in both mismatchLabelKeys - and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector - isn't set. This is an alpha - field and requires enabling - MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over - the set of namespaces that - the term applies to. The term - is applied to the union of - the namespaces selected by - this field and the ones listed - in the namespaces field. null - selector and null or empty - namespaces list means "this - pod's namespace". An empty - selector ({}) matches all - namespaces. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key - and values. properties: key: - description: key is - the label key that - the selector applies - to. type: string operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values - is an array of string - values. If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. This - array is replaced - during a strategic - merge patch. items: type: string type: array @@ -23228,49 +8235,15 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an element - of matchExpressions, whose - key field is "key", the - operator is "In", and - the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies - a static list of namespace - names that the term applies - to. The term is applied to - the union of the namespaces - listed in this field and the - ones selected by namespaceSelector. - null or empty namespaces list - and null namespaceSelector - means "this pod's namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: - description: This pod should - be co-located (affinity) or - not co-located (anti-affinity) - with the pods matching the - labelSelector in the specified - namespaces, where co-located - is defined as running on a - node whose value of the label - with key topologyKey matches - that of any node on which - any of the selected pods is - running. Empty topologyKey - is not allowed. type: string required: - topologyKey @@ -23280,332 +8253,106 @@ spec: type: object type: object automountServiceAccountToken: - description: AutomountServiceAccountToken - indicates whether a service account token - should be automatically mounted. type: boolean enableServiceLinks: - description: 'EnableServiceLinks indicates - whether information about services should - be injected into pod''s environment variables, - matching the syntax of Docker links. Optional: - Defaults to true.' type: boolean imagePullSecrets: - description: 'ImagePullSecrets is an optional - list of references to secrets in the same - namespace to use for pulling any of the - images used by this PodRuntimeSettings. - If specified, these secrets will be passed - to individual puller implementations for - them to use. For example, in the case of - docker, only DockerConfig type secrets are - honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' items: - description: LocalObjectReference contains - enough information to let you locate the - referenced object inside the same namespace. properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value here - are almost certainly wrong. TODO: - Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic type: array nodeName: - description: NodeName is a request to schedule - this pod onto a specific node. If it is - non-empty, the scheduler simply schedules - this pod onto that node, assuming that it - fits resource requirements. type: string nodeSelector: additionalProperties: type: string - description: 'NodeSelector is a selector which - must be true for the pod to fit on a node. - Selector which must match a node''s labels - for the pod to be scheduled on that node. - More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' type: object podAnnotations: additionalProperties: type: string - description: PodAnnotations are the annotations - that will be attached with the respective - Pod type: object podLabels: additionalProperties: type: string - description: PodLabels are the labels that - will be attached with the respective Pod type: object priority: - description: The priority value. Various system - components use this field to find the priority - of the pod. When Priority Admission Controller - is enabled, it prevents users from setting - this field. The admission controller populates - this field from PriorityClassName. The higher - the value, the higher the priority. format: int32 type: integer priorityClassName: - description: If specified, indicates the pod's - priority. "system-node-critical" and "system-cluster-critical" - are two special keywords which indicate - the highest priorities with the former being - the highest priority. Any other name must - be defined by creating a PriorityClass object - with that name. If not specified, the pod - priority will be default or zero if there - is no default. type: string readinessGates: - description: 'If specified, all readiness - gates will be evaluated for pod readiness. - A pod is ready when all its containers are - ready AND all conditions specified in the - readiness gates have status equal to "True" - More info: https://git.k8s.io/enhancements/keps/sig-network/0007-pod-ready%2B%2B.md' items: - description: PodReadinessGate contains the - reference to a pod condition properties: conditionType: - description: ConditionType refers to - a condition in the pod's condition - list with matching type. type: string required: - conditionType type: object type: array runtimeClassName: - description: 'RuntimeClassName refers to a - RuntimeClass object in the node.k8s.io group, - which should be used to run this pod. If - no RuntimeClass resource matches the named - class, the pod will not be run. If unset - or empty, the "legacy" RuntimeClass will - be used, which is an implicit class with - an empty definition that uses the default - runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md - This is an alpha feature and may change - in the future.' type: string schedulerName: - description: If specified, the pod will be - dispatched by specified scheduler. If not - specified, the pod will be dispatched by - default scheduler. type: string securityContext: - description: 'Security options the pod should - run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: appArmorProfile: - description: appArmorProfile is the AppArmor - options to use by the containers in - this pod. Note that this field cannot - be set when spec.os.name is windows. properties: localhostProfile: - description: localhostProfile indicates - a profile loaded on the node that - should be used. The profile must - be preconfigured on the node to - work. Must match the loaded name - of the profile. Must be set if and - only if type is "Localhost". type: string type: - description: 'type indicates which - kind of AppArmor profile will be - applied. Valid options are: Localhost - - a profile pre-loaded on the node. - RuntimeDefault - the container runtime''s - default profile. Unconfined - no - AppArmor enforcement.' type: string required: - type type: object fsGroup: - description: "A special supplemental group - that applies to all containers in a - pod. Some volume types allow the Kubelet - to change the ownership of that volume - to be owned by the pod: \n 1. The owning - GID will be the FSGroup 2. The setgid - bit is set (new files created in the - volume will be owned by FSGroup) 3. - The permission bits are OR'd with rw-rw---- - \n If unset, the Kubelet will not modify - the ownership and permissions of any - volume. Note that this field cannot - be set when spec.os.name is windows." format: int64 type: integer fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines - behavior of changing ownership and permission - of the volume before being exposed inside - Pod. This field will only apply to volume - types which support fsGroup based ownership(and - permissions). It will have no effect - on ephemeral volume types such as: secret, - configmaps and emptydir. Valid values - are "OnRootMismatch" and "Always". If - not specified, "Always" is used. Note - that this field cannot be set when spec.os.name - is windows.' type: string runAsGroup: - description: The GID to run the entrypoint - of the container process. Uses runtime - default if unset. May also be set in - SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified - in SecurityContext takes precedence - for that container. Note that this field - cannot be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: - description: Indicates that the container - must run as a non-root user. If true, - the Kubelet will validate the image - at runtime to ensure that it does not - run as UID 0 (root) and fail to start - the container if it does. If unset or - false, no such validation will be performed. - May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint - of the container process. Defaults to - user specified in image metadata if - unspecified. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence for that container. - Note that this field cannot be set when - spec.os.name is windows. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be - applied to all containers. If unspecified, - the container runtime will allocate - a random SELinux context for each container. May - also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence for that container. - Note that this field cannot be set when - spec.os.name is windows. properties: level: - description: Level is SELinux level - label that applies to the container. type: string role: - description: Role is a SELinux role - label that applies to the container. type: string type: - description: Type is a SELinux type - label that applies to the container. type: string user: - description: User is a SELinux user - label that applies to the container. type: string type: object seccompProfile: - description: The seccomp options to use - by the containers in this pod. Note - that this field cannot be set when spec.os.name - is windows. properties: localhostProfile: - description: localhostProfile indicates - a profile defined in a file on the - node should be used. The profile - must be preconfigured on the node - to work. Must be a descending path, - relative to the kubelet's configured - seccomp profile location. Must be - set if type is "Localhost". Must - NOT be set for any other type. type: string type: - description: "type indicates which - kind of seccomp profile will be - applied. Valid options are: \n Localhost - - a profile defined in a file on - the node should be used. RuntimeDefault - - the container runtime default - profile should be used. Unconfined - - no profile should be applied." type: string required: - type type: object supplementalGroups: - description: A list of groups applied - to the first process run in each container, - in addition to the container's primary - GID, the fsGroup (if specified), and - group memberships defined in the container - image for the uid of the container process. - If unspecified, no additional groups - are added to any container. Note that - group memberships defined in the container - image for the uid of the container process - are still effective, even if they are - not included in this list. Note that - this field cannot be set when spec.os.name - is windows. items: format: int64 type: integer type: array x-kubernetes-list-type: atomic sysctls: - description: Sysctls hold a list of namespaced - sysctls used for the pod. Pods with - unsupported sysctls (by the container - runtime) might fail to launch. Note - that this field cannot be set when spec.os.name - is windows. items: - description: Sysctl defines a kernel - parameter to be set properties: name: - description: Name of a property - to set type: string value: - description: Value of a property - to set type: string required: - name @@ -23614,168 +8361,52 @@ spec: type: array x-kubernetes-list-type: atomic windowsOptions: - description: The Windows specific settings - applied to all containers. If unspecified, - the options within a container's SecurityContext - will be used. If set in both SecurityContext - and PodSecurityContext, the value specified - in SecurityContext takes precedence. - Note that this field cannot be set when - spec.os.name is linux. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is - where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA - credential spec named by the GMSACredentialSpecName - field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName - is the name of the GMSA credential - spec to use. type: string hostProcess: - description: HostProcess determines - if a container should be run as - a 'Host Process' container. All - of a Pod's containers must have - the same effective HostProcess value - (it is not allowed to have a mix - of HostProcess containers and non-HostProcess - containers). In addition, if HostProcess - is true then HostNetwork must also - be set to true. type: boolean runAsUserName: - description: The UserName in Windows - to run the entrypoint of the container - process. Defaults to the user specified - in image metadata if unspecified. - May also be set in PodSecurityContext. - If set in both SecurityContext and - PodSecurityContext, the value specified - in SecurityContext takes precedence. type: string type: object type: object serviceAccountAnnotations: additionalProperties: type: string - description: ServiceAccountAnnotations are - the annotations that will be attached with - the respective ServiceAccount type: object serviceAccountName: - description: 'ServiceAccountName is the name - of the ServiceAccount to use to run this - pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' type: string tolerations: - description: If specified, the pod's tolerations. items: - description: The pod this Toleration is - attached to tolerates any taint that matches - the triple using the - matching operator . properties: effect: - description: Effect indicates the taint - effect to match. Empty means match - all taint effects. When specified, - allowed values are NoSchedule, PreferNoSchedule - and NoExecute. type: string key: - description: Key is the taint key that - the toleration applies to. Empty means - match all taint keys. If the key is - empty, operator must be Exists; this - combination means to match all values - and all keys. type: string operator: - description: Operator represents a key's - relationship to the value. Valid operators - are Exists and Equal. Defaults to - Equal. Exists is equivalent to wildcard - for value, so that a pod can tolerate - all taints of a particular category. type: string tolerationSeconds: - description: TolerationSeconds represents - the period of time the toleration - (which must be of effect NoExecute, - otherwise this field is ignored) tolerates - the taint. By default, it is not set, - which means tolerate the taint forever - (do not evict). Zero and negative - values will be treated as 0 (evict - immediately) by the system. format: int64 type: integer value: - description: Value is the taint value - the toleration matches to. If the - operator is Exists, the value should - be empty, otherwise just a regular - string. type: string type: object type: array topologySpreadConstraints: - description: TopologySpreadConstraints describes - how a group of pods ought to spread across - topology domains. Scheduler will schedule - pods in a way which abides by the constraints. - All topologySpreadConstraints are ANDed. items: - description: TopologySpreadConstraint specifies - how to spread matching pods among the - given topology. properties: labelSelector: - description: LabelSelector is used to - find matching pods. Pods that match - this label selector are counted to - determine the number of pods in their - corresponding topology domain. properties: matchExpressions: - description: matchExpressions is - a list of label selector requirements. - The requirements are ANDed. items: - description: A label selector - requirement is a selector that - contains values, a key, and - an operator that relates the - key and values. properties: key: - description: key is the label - key that the selector applies - to. type: string operator: - description: operator represents - a key's relationship to - a set of values. Valid operators - are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an - array of string values. - If the operator is In or - NotIn, the values array - must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be - empty. This array is replaced - during a strategic merge - patch. items: type: string type: array @@ -23789,183 +8420,27 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map - of {key,value} pairs. A single - {key,value} in the matchLabels - map is equivalent to an element - of matchExpressions, whose key - field is "key", the operator is - "In", and the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: "MatchLabelKeys is a set - of pod label keys to select the pods - over which spreading will be calculated. - The keys are used to lookup values - from the incoming pod labels, those - key-value labels are ANDed with labelSelector - to select the group of existing pods - over which spreading will be calculated - for the incoming pod. The same key - is forbidden to exist in both MatchLabelKeys - and LabelSelector. MatchLabelKeys - cannot be set when LabelSelector isn't - set. Keys that don't exist in the - incoming pod labels will be ignored. - A null or empty list means only match - against labelSelector. \n This is - a beta field and requires the MatchLabelKeysInPodTopologySpread - feature gate to be enabled (enabled - by default)." items: type: string type: array x-kubernetes-list-type: atomic maxSkew: - description: 'MaxSkew describes the - degree to which pods may be unevenly - distributed. When `whenUnsatisfiable=DoNotSchedule`, - it is the maximum permitted difference - between the number of matching pods - in the target topology and the global - minimum. The global minimum is the - minimum number of matching pods in - an eligible domain or zero if the - number of eligible domains is less - than MinDomains. For example, in a - 3-zone cluster, MaxSkew is set to - 1, and pods with the same labelSelector - spread as 2/2/1: In this case, the - global minimum is 1. | zone1 | zone2 - | zone3 | | P P | P P | P | - - if MaxSkew is 1, incoming pod can - only be scheduled to zone3 to become - 2/2/2; scheduling it onto zone1(zone2) - would make the ActualSkew(3-1) on - zone1(zone2) violate MaxSkew(1). - - if MaxSkew is 2, incoming pod can - be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, - it is used to give higher precedence - to topologies that satisfy it. It''s - a required field. Default value is - 1 and 0 is not allowed.' format: int32 type: integer minDomains: - description: "MinDomains indicates a - minimum number of eligible domains. - When the number of eligible domains - with matching topology keys is less - than minDomains, Pod Topology Spread - treats \"global minimum\" as 0, and - then the calculation of Skew is performed. - And when the number of eligible domains - with matching topology keys equals - or greater than minDomains, this value - has no effect on scheduling. As a - result, when the number of eligible - domains is less than minDomains, scheduler - won't schedule more than maxSkew Pods - to those domains. If value is nil, - the constraint behaves as if MinDomains - is equal to 1. Valid values are integers - greater than 0. When value is not - nil, WhenUnsatisfiable must be DoNotSchedule. - \n For example, in a 3-zone cluster, - MaxSkew is set to 2, MinDomains is - set to 5 and pods with the same labelSelector - spread as 2/2/2: | zone1 | zone2 | - zone3 | | P P | P P | P P | - The number of domains is less than - 5(MinDomains), so \"global minimum\" - is treated as 0. In this situation, - new pod with the same labelSelector - cannot be scheduled, because computed - skew will be 3(3 - 0) if new Pod is - scheduled to any of the three zones, - it will violate MaxSkew." format: int32 type: integer nodeAffinityPolicy: - description: "NodeAffinityPolicy indicates - how we will treat Pod's nodeAffinity/nodeSelector - when calculating pod topology spread - skew. Options are: - Honor: only nodes - matching nodeAffinity/nodeSelector - are included in the calculations. - - Ignore: nodeAffinity/nodeSelector - are ignored. All nodes are included - in the calculations. \n If this value - is nil, the behavior is equivalent - to the Honor policy. This is a beta-level - feature default enabled by the NodeInclusionPolicyInPodTopologySpread - feature flag." type: string nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates - how we will treat node taints when - calculating pod topology spread skew. - Options are: - Honor: nodes without - taints, along with tainted nodes for - which the incoming pod has a toleration, - are included. - Ignore: node taints - are ignored. All nodes are included. - \n If this value is nil, the behavior - is equivalent to the Ignore policy. - This is a beta-level feature default - enabled by the NodeInclusionPolicyInPodTopologySpread - feature flag." type: string topologyKey: - description: TopologyKey is the key - of node labels. Nodes that have a - label with this key and identical - values are considered to be in the - same topology. We consider each as a "bucket", and try to put - balanced number of pods into each - bucket. We define a domain as a particular - instance of a topology. Also, we define - an eligible domain as a domain whose - nodes meet the requirements of nodeAffinityPolicy - and nodeTaintsPolicy. e.g. If TopologyKey - is "kubernetes.io/hostname", each - Node is a domain of that topology. - And, if TopologyKey is "topology.kubernetes.io/zone", - each zone is a domain of that topology. - It's a required field. type: string whenUnsatisfiable: - description: 'WhenUnsatisfiable indicates - how to deal with a pod if it doesn''t - satisfy the spread constraint. - DoNotSchedule - (default) tells the scheduler not - to schedule it. - ScheduleAnyway tells - the scheduler to schedule the pod - in any location, but giving higher - precedence to topologies that would - help reduce the skew. A constraint - is considered "Unsatisfiable" for - an incoming pod if and only if every - possible node assignment for that - pod would violate "MaxSkew" on some - topology. For example, in a 3-zone - cluster, MaxSkew is set to 1, and - pods with the same labelSelector spread - as 3/1/1: | zone1 | zone2 | zone3 - | | P P P | P | P | If WhenUnsatisfiable - is set to DoNotSchedule, incoming - pod can only be scheduled to zone2(zone3) - to become 3/2/1(3/1/2) as ActualSkew(2-1) - on zone2(zone3) satisfies MaxSkew(1). - In other words, the cluster can still - be imbalanced, but scheduler won''t - make it *more* imbalanced. It''s a - required field.' type: string required: - maxSkew @@ -23980,143 +8455,63 @@ spec: type: object type: object timeout: - description: Timeout specifies a duration in seconds - that KubeStash should wait for the hook execution - to be completed. If the hook execution does not - finish within this time period, KubeStash will consider - this hook execution as failure. Then, it will be - re-tried according to MaxRetry policy. type: string variables: - description: Variables specifies a list of variables - and their sources that will be used to resolve the - HookTemplate. items: - description: EnvVar represents an environment variable - present in a Container. properties: name: - description: Name of the environment variable. - Must be a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) - are expanded using the previously defined - environment variables in the container and - any service environment variables. If a variable - cannot be resolved, the reference in the input - string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the - $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, - regardless of whether the variable exists - or not. Defaults to "".' type: string valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. properties: configMapKeyRef: - description: Selects a key of a ConfigMap. properties: key: - description: The key to select. type: string name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value here - are almost certainly wrong. TODO: - Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the ConfigMap - or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of the pod: - supports metadata.name, metadata.namespace, - `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, status.podIPs.' properties: apiVersion: - description: Version of the schema the - FieldPath is written in terms of, - defaults to "v1". type: string fieldPath: - description: Path of the field to select - in the specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource of the - container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, - requests.cpu, requests.memory and requests.ephemeral-storage) - are currently supported.' properties: containerName: - description: 'Container name: required - for volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output format - of the exposed resources, defaults - to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to - select' type: string required: - resource type: object x-kubernetes-map-type: atomic secretKeyRef: - description: Selects a key of a secret in - the pod's namespace properties: key: - description: The key of the secret to - select from. Must be a valid secret - key. type: string name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value here - are almost certainly wrong. TODO: - Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the Secret - or its key must be defined type: boolean required: - key @@ -24128,69 +8523,21 @@ spec: type: object type: array volumeMounts: - description: VolumeMounts specifies the mount for - the volumes specified in `Volumes` section Use this - field only for `Function` type hook executor. items: - description: VolumeMount describes a mounting of - a Volume within a container. properties: mountPath: - description: Path within the container at which - the volume should be mounted. Must not contain - ':'. type: string mountPropagation: - description: mountPropagation determines how - mounts are propagated from the host to container - and the other way around. When not set, MountPropagationNone - is used. This field is beta in 1.10. When - RecursiveReadOnly is set to IfPossible or - to Enabled, MountPropagation must be None - or unspecified (which defaults to None). type: string name: - description: This must match the Name of a Volume. type: string readOnly: - description: Mounted read-only if true, read-write - otherwise (false or unspecified). Defaults - to false. type: boolean recursiveReadOnly: - description: "RecursiveReadOnly specifies whether - read-only mounts should be handled recursively. - \n If ReadOnly is false, this field has no - meaning and must be unspecified. \n If ReadOnly - is true, and this field is set to Disabled, - the mount is not made recursively read-only. - \ If this field is set to IfPossible, the - mount is made recursively read-only, if it - is supported by the container runtime. If - this field is set to Enabled, the mount is - made recursively read-only if it is supported - by the container runtime, otherwise the pod - will not be started and an error will be generated - to indicate the reason. \n If this field is - set to IfPossible or Enabled, MountPropagation - must be set to None (or be unspecified, which - defaults to None). \n If this field is not - specified, it is treated as an equivalent - of Disabled." type: string subPath: - description: Path within the volume from which - the container's volume should be mounted. - Defaults to "" (volume's root). type: string subPathExpr: - description: Expanded path within the volume - from which the container's volume should be - mounted. Behaves similarly to SubPath but - environment variable references $(VAR_NAME) - are expanded using the container's environment. - Defaults to "" (volume's root). SubPathExpr - and SubPath are mutually exclusive. type: string required: - mountPath @@ -24198,284 +8545,109 @@ spec: type: object type: array volumes: - description: Volumes indicates the list of volumes - of targeted application that should be mounted on - the hook executor. Use this field only for `Function` - type hook executor. items: - description: Volume represents a named volume in - a pod that may be accessed by any container in - the pod. properties: awsElasticBlockStore: - description: 'awsElasticBlockStore represents - an AWS Disk resource that is attached to a - kubelet''s host machine and then exposed to - the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' properties: fsType: - description: 'fsType is the filesystem type - of the volume that you want to mount. - Tip: Ensure that the filesystem type is - supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the - filesystem from compromising the machine' type: string partition: - description: 'partition is the partition - in the volume that you want to mount. - If omitted, the default is to mount by - volume name. Examples: For volume /dev/sda1, - you specify the partition as "1". Similarly, - the volume partition for /dev/sda is "0" - (or you can leave the property empty).' format: int32 type: integer readOnly: - description: 'readOnly value true will force - the readOnly setting in VolumeMounts. - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: boolean volumeID: - description: 'volumeID is unique ID of the - persistent disk resource in AWS (Amazon - EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: string required: - volumeID type: object azureDisk: - description: azureDisk represents an Azure Data - Disk mount on the host and bind mount to the - pod. properties: cachingMode: - description: 'cachingMode is the Host Caching - mode: None, Read Only, Read Write.' type: string diskName: - description: diskName is the Name of the - data disk in the blob storage type: string diskURI: - description: diskURI is the URI of data - disk in the blob storage type: string fsType: - description: fsType is Filesystem type to - mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to - be "ext4" if unspecified. type: string kind: - description: 'kind expected values are Shared: - multiple blob disks per storage account Dedicated: - single blob disk per storage account Managed: - azure managed data disk (only in managed - availability set). defaults to shared' type: string readOnly: - description: readOnly Defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. type: boolean required: - diskName - diskURI type: object azureFile: - description: azureFile represents an Azure File - Service mount on the host and bind mount to - the pod. properties: readOnly: - description: readOnly defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. type: boolean secretName: - description: secretName is the name of - secret that contains Azure Storage Account - Name and Key type: string shareName: - description: shareName is the azure share - Name type: string required: - secretName - shareName type: object cephfs: - description: cephFS represents a Ceph FS mount - on the host that shares a pod's lifetime properties: monitors: - description: 'monitors is Required: Monitors - is a collection of Ceph monitors More - info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' items: type: string type: array x-kubernetes-list-type: atomic path: - description: 'path is Optional: Used as - the mounted root, rather than the full - Ceph tree, default is /' type: string readOnly: - description: 'readOnly is Optional: Defaults - to false (read/write). ReadOnly here will - force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: boolean secretFile: - description: 'secretFile is Optional: SecretFile - is the path to key ring for User, default - is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string secretRef: - description: 'secretRef is Optional: SecretRef - is reference to the authentication secret - for User, default is empty. More info: - https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value here - are almost certainly wrong. TODO: - Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is optional: User is - the rados user name, default is admin - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string required: - monitors type: object cinder: - description: 'cinder represents a cinder volume - attached and mounted on kubelets host machine. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' properties: fsType: - description: 'fsType is the filesystem type - to mount. Must be a filesystem type supported - by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred - to be "ext4" if unspecified. More info: - https://examples.k8s.io/mysql-cinder-pd/README.md' type: string readOnly: - description: 'readOnly defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: boolean secretRef: - description: 'secretRef is optional: points - to a secret object containing parameters - used to connect to OpenStack.' properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value here - are almost certainly wrong. TODO: - Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic volumeID: - description: 'volumeID used to identify - the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string required: - volumeID type: object configMap: - description: configMap represents a configMap - that should populate this volume properties: defaultMode: - description: 'defaultMode is optional: mode - bits used to set permissions on created - files by default. Must be an octal value - between 0000 and 0777 or a decimal value - between 0 and 511. YAML accepts both octal - and decimal values, JSON requires decimal - values for mode bits. Defaults to 0644. - Directories within the path are not affected - by this setting. This might be in conflict - with other options that affect the file - mode, like fsGroup, and the result can - be other mode bits set.' format: int32 type: integer items: - description: items if unspecified, each - key-value pair in the Data field of the - referenced ConfigMap will be projected - into the volume as a file whose name is - the key and content is the value. If specified, - the listed keys will be projected into - the specified paths, and unlisted keys - will not be present. If a key is specified - which is not present in the ConfigMap, - the volume setup will error unless it - is marked optional. Paths must be relative - and may not contain the '..' path or start - with '..'. items: - description: Maps a string key to a path - within a volume. properties: key: - description: key is the key to project. type: string mode: - description: 'mode is Optional: mode - bits used to set permissions on - this file. Must be an octal value - between 0000 and 0777 or a decimal - value between 0 and 511. YAML accepts - both octal and decimal values, JSON - requires decimal values for mode - bits. If not specified, the volume - defaultMode will be used. This might - be in conflict with other options - that affect the file mode, like - fsGroup, and the result can be other - mode bits set.' format: int32 type: integer path: - description: path is the relative - path of the file to map the key - to. May not be an absolute path. - May not contain the path element - '..'. May not start with the string - '..'. type: string required: - key @@ -24485,181 +8657,67 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of the referent. This - field is effectively required, but due - to backwards compatibility is allowed - to be empty. Instances of this type with - an empty value here are almost certainly - wrong. TODO: Add other useful fields. - apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional specify whether the - ConfigMap or its keys must be defined type: boolean type: object x-kubernetes-map-type: atomic csi: - description: csi (Container Storage Interface) - represents ephemeral storage that is handled - by certain external CSI drivers (Beta feature). properties: driver: - description: driver is the name of the CSI - driver that handles this volume. Consult - with your admin for the correct name as - registered in the cluster. type: string fsType: - description: fsType to mount. Ex. "ext4", - "xfs", "ntfs". If not provided, the empty - value is passed to the associated CSI - driver which will determine the default - filesystem to apply. type: string nodePublishSecretRef: - description: nodePublishSecretRef is a reference - to the secret object containing sensitive - information to pass to the CSI driver - to complete the CSI NodePublishVolume - and NodeUnpublishVolume calls. This field - is optional, and may be empty if no secret - is required. If the secret object contains - more than one secret, all secret references - are passed. properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value here - are almost certainly wrong. TODO: - Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic readOnly: - description: readOnly specifies a read-only - configuration for the volume. Defaults - to false (read/write). type: boolean volumeAttributes: additionalProperties: type: string - description: volumeAttributes stores driver-specific - properties that are passed to the CSI - driver. Consult your driver's documentation - for supported values. type: object required: - driver type: object downwardAPI: - description: downwardAPI represents downward - API about the pod that should populate this - volume properties: defaultMode: - description: 'Optional: mode bits to use - on created files by default. Must be a - Optional: mode bits used to set permissions - on created files by default. Must be an - octal value between 0000 and 0777 or a - decimal value between 0 and 511. YAML - accepts both octal and decimal values, - JSON requires decimal values for mode - bits. Defaults to 0644. Directories within - the path are not affected by this setting. - This might be in conflict with other options - that affect the file mode, like fsGroup, - and the result can be other mode bits - set.' format: int32 type: integer items: - description: Items is a list of downward - API volume file items: - description: DownwardAPIVolumeFile represents - information to create the file containing - the pod field properties: fieldRef: - description: 'Required: Selects a - field of the pod: only annotations, - labels, name, namespace and uid - are supported.' properties: apiVersion: - description: Version of the schema - the FieldPath is written in - terms of, defaults to "v1". type: string fieldPath: - description: Path of the field - to select in the specified API - version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: mode bits - used to set permissions on this - file, must be an octal value between - 0000 and 0777 or a decimal value - between 0 and 511. YAML accepts - both octal and decimal values, JSON - requires decimal values for mode - bits. If not specified, the volume - defaultMode will be used. This might - be in conflict with other options - that affect the file mode, like - fsGroup, and the result can be other - mode bits set.' format: int32 type: integer path: - description: 'Required: Path is the - relative path name of the file to - be created. Must not be absolute - or contain the ''..'' path. Must - be utf-8 encoded. The first item - of the relative path must not start - with ''..''' type: string resourceFieldRef: - description: 'Selects a resource of - the container: only resources limits - and requests (limits.cpu, limits.memory, - requests.cpu and requests.memory) - are currently supported.' properties: containerName: - description: 'Container name: - required for volumes, optional - for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output - format of the exposed resources, - defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource - to select' type: string required: - resource @@ -24672,229 +8730,50 @@ spec: x-kubernetes-list-type: atomic type: object emptyDir: - description: 'emptyDir represents a temporary - directory that shares a pod''s lifetime. More - info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' properties: medium: - description: 'medium represents what type - of storage medium should back this directory. - The default is "" which means to use the - node''s default medium. Must be an empty - string (default) or Memory. More info: - https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: anyOf: - type: integer - type: string - description: 'sizeLimit is the total amount - of local storage required for this EmptyDir - volume. The size limit is also applicable - for memory medium. The maximum usage on - memory medium EmptyDir would be the minimum - value between the SizeLimit specified - here and the sum of memory limits of all - containers in a pod. The default is nil - which means that the limit is undefined. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object ephemeral: - description: "ephemeral represents a volume - that is handled by a cluster storage driver. - The volume's lifecycle is tied to the pod - that defines it - it will be created before - the pod starts, and deleted when the pod is - removed. \n Use this if: a) the volume is - only needed while the pod runs, b) features - of normal volumes like restoring from snapshot - or capacity tracking are needed, c) the storage - driver is specified through a storage class, - and d) the storage driver supports dynamic - volume provisioning through a PersistentVolumeClaim - (see EphemeralVolumeSource for more information - on the connection between this volume type - and PersistentVolumeClaim). \n Use PersistentVolumeClaim - or one of the vendor-specific APIs for volumes - that persist for longer than the lifecycle - of an individual pod. \n Use CSI for light-weight - local ephemeral volumes if the CSI driver - is meant to be used that way - see the documentation - of the driver for more information. \n A pod - can use both types of ephemeral volumes and - persistent volumes at the same time." properties: volumeClaimTemplate: - description: "Will be used to create a stand-alone - PVC to provision the volume. The pod in - which this EphemeralVolumeSource is embedded - will be the owner of the PVC, i.e. the - PVC will be deleted together with the - pod. The name of the PVC will be `-` where `` - is the name from the `PodSpec.Volumes` - array entry. Pod validation will reject - the pod if the concatenated name is not - valid for a PVC (for example, too long). - \n An existing PVC with that name that - is not owned by the pod will *not* be - used for the pod to avoid using an unrelated - volume by mistake. Starting the pod is - then blocked until the unrelated PVC is - removed. If such a pre-created PVC is - meant to be used by the pod, the PVC has - to updated with an owner reference to - the pod once the pod exists. Normally - this should not be necessary, but it may - be useful when manually reconstructing - a broken cluster. \n This field is read-only - and no changes will be made by Kubernetes - to the PVC after it has been created. - \n Required, must not be nil." properties: metadata: - description: May contain labels and - annotations that will be copied into - the PVC when creating it. No other - fields are allowed and will be rejected - during validation. properties: annotations: additionalProperties: type: string - description: 'Annotations is an - unstructured key value map stored - with a resource that may be set - by external tools to store and - retrieve arbitrary metadata. They - are not queryable and should be - preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations' type: object generateName: - description: "GenerateName is an - optional prefix, used by the server, - to generate a unique name ONLY - IF the Name field has not been - provided. If this field is used, - the name returned to the client - will be different than the name - passed. This value will also be - combined with a unique suffix. - The provided value has the same - validation rules as the Name field, - and may be truncated by the length - of the suffix required to make - the value unique on the server. - \n If this field is specified - and the generated name exists, - the server will NOT return a 409 - - instead, it will either return - 201 Created or 500 with Reason - ServerTimeout indicating a unique - name could not be found in the - time allotted, and the client - should retry (optionally after - the time indicated in the Retry-After - header). \n Applied only if Name - is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" type: string labels: additionalProperties: type: string - description: 'Map of string keys - and values that can be used to - organize and categorize (scope - and select) objects. May match - selectors of replication controllers - and services. More info: http://kubernetes.io/docs/user-guide/labels' type: object name: - description: 'Name must be unique - within a namespace. Is required - when creating resources, although - some resources may allow a client - to request the generation of an - appropriate name automatically. - Name is primarily intended for - creation idempotence and configuration - definition. Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' type: string namespace: - description: "Namespace defines - the space within each name must - be unique. An empty namespace - is equivalent to the \"default\" - namespace, but \"default\" is - the canonical representation. - Not all objects are required to - be scoped to a namespace - the - value of this field for those - objects will be empty. \n Must - be a DNS_LABEL. Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/namespaces" type: string ownerReferences: - description: List of objects depended - by this object. If ALL objects - in the list have been deleted, - this object will be garbage collected. - If this object is managed by a - controller, then an entry in this - list will point to this controller, - with the controller field set - to true. There cannot be more - than one managing controller. items: - description: OwnerReference contains - enough information to let you - identify an owning object. An - owning object must be in the - same namespace as the dependent, - or be cluster-scoped, so there - is no namespace field. properties: apiVersion: - description: API version of - the referent. type: string blockOwnerDeletion: - description: If true, AND - if the owner has the "foregroundDeletion" - finalizer, then the owner - cannot be deleted from the - key-value store until this - reference is removed. See - https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion - for how the garbage collector - interacts with this field - and enforces the foreground - deletion. Defaults to false. - To set this field, a user - needs "delete" permission - of the owner, otherwise - 422 (Unprocessable Entity) - will be returned. type: boolean controller: - description: If true, this - reference points to the - managing controller. type: boolean kind: - description: 'Kind of the - referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: - description: 'UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -24906,57 +8785,19 @@ spec: type: array type: object spec: - description: The specification for the - PersistentVolumeClaim. The entire - content is copied unchanged into the - PVC that gets created from this template. - The same fields as in a PersistentVolumeClaim - are also valid here. properties: accessModes: - description: 'accessModes contains - the desired access modes the volume - should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array x-kubernetes-list-type: atomic dataSource: - description: 'dataSource field can - be used to specify either: * An - existing VolumeSnapshot object - (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an external - controller can support the specified - data source, it will create a - new volume based on the contents - of the specified data source. - When the AnyVolumeDataSource feature - gate is enabled, dataSource contents - will be copied to dataSourceRef, - and dataSourceRef contents will - be copied to dataSource when dataSourceRef.namespace - is not specified. If the namespace - is specified, then dataSourceRef - will not be copied to dataSource.' properties: apiGroup: - description: APIGroup is the - group for the resource being - referenced. If APIGroup is - not specified, the specified - Kind must be in the core API - group. For any other third-party - types, APIGroup is required. type: string kind: - description: Kind is the type - of resource being referenced type: string name: - description: Name is the name - of resource being referenced type: string required: - kind @@ -24964,98 +8805,20 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef specifies - the object from which to populate - the volume with data, if a non-empty - volume is desired. This may be - any object from a non-empty API - group (non core object) or a PersistentVolumeClaim - object. When this field is specified, - volume binding will only succeed - if the type of the specified object - matches some installed volume - populator or dynamic provisioner. - This field will replace the functionality - of the dataSource field and as - such if both fields are non-empty, - they must have the same value. - For backwards compatibility, when - namespace isn''t specified in - dataSourceRef, both fields (dataSource - and dataSourceRef) will be set - to the same value automatically - if one of them is empty and the - other is non-empty. When namespace - is specified in dataSourceRef, - dataSource isn''t set to the same - value and must be empty. There - are three important differences - between dataSource and dataSourceRef: - * While dataSource only allows - two specific types of objects, - dataSourceRef allows any non-core - object, as well as PersistentVolumeClaim - objects. * While dataSource ignores - disallowed values (dropping them), - dataSourceRef preserves all values, - and generates an error if a disallowed - value is specified. * While dataSource - only allows local objects, dataSourceRef - allows objects in any namespaces. - (Beta) Using this field requires - the AnyVolumeDataSource feature - gate to be enabled. (Alpha) Using - the namespace field of dataSourceRef - requires the CrossNamespaceVolumeDataSource - feature gate to be enabled.' properties: apiGroup: - description: APIGroup is the - group for the resource being - referenced. If APIGroup is - not specified, the specified - Kind must be in the core API - group. For any other third-party - types, APIGroup is required. type: string kind: - description: Kind is the type - of resource being referenced type: string name: - description: Name is the name - of resource being referenced type: string namespace: - description: Namespace is the - namespace of resource being - referenced Note that when - a namespace is specified, - a gateway.networking.k8s.io/ReferenceGrant - object is required in the - referent namespace to allow - that namespace's owner to - accept the reference. See - the ReferenceGrant documentation - for details. (Alpha) This - field requires the CrossNamespaceVolumeDataSource - feature gate to be enabled. type: string required: - kind - name type: object resources: - description: 'resources represents - the minimum resources the volume - should have. If RecoverVolumeExpansionFailure - feature is enabled users are allowed - to specify resource requirements - that are lower than previous value - but must still be higher than - capacity recorded in the status - field of the claim. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: @@ -25064,10 +8827,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes - the maximum amount of compute - resources allowed. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -25076,59 +8835,18 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes - the minimum amount of compute - resources required. If Requests - is omitted for a container, - it defaults to Limits if that - is explicitly specified, otherwise - to an implementation-defined - value. Requests cannot exceed - Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: - description: selector is a label - query over volumes to consider - for binding. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, a - key, and an operator that - relates the key and values. properties: key: - description: key is the - label key that the selector - applies to. type: string operator: - description: operator - represents a key's relationship - to a set of values. - Valid operators are - In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is - an array of string values. - If the operator is In - or NotIn, the values - array must be non-empty. - If the operator is Exists - or DoesNotExist, the - values array must be - empty. This array is - replaced during a strategic - merge patch. items: type: string type: array @@ -25142,64 +8860,16 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in the - matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName is - the name of the StorageClass required - by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeAttributesClassName: - description: 'volumeAttributesClassName - may be used to set the VolumeAttributesClass - used by this claim. If specified, - the CSI driver will create or - update the volume with the attributes - defined in the corresponding VolumeAttributesClass. - This has a different purpose than - storageClassName, it can be changed - after the claim is created. An - empty string value means that - no VolumeAttributesClass will - be applied to the claim but it''s - not allowed to reset this field - to empty string once it is set. - If unspecified and the PersistentVolumeClaim - is unbound, the default VolumeAttributesClass - will be set by the persistentvolume - controller if it exists. If the - resource referred to by volumeAttributesClass - does not exist, this PersistentVolumeClaim - will be set to a Pending state, - as reflected by the modifyVolumeStatus - field, until such as a resource - exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires - the VolumeAttributesClass feature - gate to be enabled.' type: string volumeMode: - description: volumeMode defines - what type of volume is required - by the claim. Value of Filesystem - is implied when not included in - claim spec. type: string volumeName: - description: volumeName is the binding - reference to the PersistentVolume - backing this claim. type: string type: object required: @@ -25207,94 +8877,41 @@ spec: type: object type: object fc: - description: fc represents a Fibre Channel resource - that is attached to a kubelet's host machine - and then exposed to the pod. properties: fsType: - description: 'fsType is the filesystem type - to mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to - be "ext4" if unspecified. TODO: how do - we prevent errors in the filesystem from - compromising the machine' type: string lun: - description: 'lun is Optional: FC target - lun number' format: int32 type: integer readOnly: - description: 'readOnly is Optional: Defaults - to false (read/write). ReadOnly here will - force the ReadOnly setting in VolumeMounts.' type: boolean targetWWNs: - description: 'targetWWNs is Optional: FC - target worldwide names (WWNs)' items: type: string type: array x-kubernetes-list-type: atomic wwids: - description: 'wwids Optional: FC volume - world wide identifiers (wwids) Either - wwids or combination of targetWWNs and - lun must be set, but not both simultaneously.' items: type: string type: array x-kubernetes-list-type: atomic type: object flexVolume: - description: flexVolume represents a generic - volume resource that is provisioned/attached - using an exec based plugin. properties: driver: - description: driver is the name of the driver - to use for this volume. type: string fsType: - description: fsType is the filesystem type - to mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". The default filesystem - depends on FlexVolume script. type: string options: additionalProperties: type: string - description: 'options is Optional: this - field holds extra command options if any.' type: object readOnly: - description: 'readOnly is Optional: defaults - to false (read/write). ReadOnly here will - force the ReadOnly setting in VolumeMounts.' type: boolean secretRef: - description: 'secretRef is Optional: secretRef - is reference to the secret object containing - sensitive information to pass to the plugin - scripts. This may be empty if no secret - object is specified. If the secret object - contains more than one secret, all secrets - are passed to the plugin scripts.' properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value here - are almost certainly wrong. TODO: - Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic @@ -25302,197 +8919,79 @@ spec: - driver type: object flocker: - description: flocker represents a Flocker volume - attached to a kubelet's host machine. This - depends on the Flocker control service being - running properties: datasetName: - description: datasetName is Name of the - dataset stored as metadata -> name on - the dataset for Flocker should be considered - as deprecated type: string datasetUUID: - description: datasetUUID is the UUID of - the dataset. This is unique identifier - of a Flocker dataset type: string type: object gcePersistentDisk: - description: 'gcePersistentDisk represents a - GCE Disk resource that is attached to a kubelet''s - host machine and then exposed to the pod. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' properties: fsType: - description: 'fsType is filesystem type - of the volume that you want to mount. - Tip: Ensure that the filesystem type is - supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the - filesystem from compromising the machine' type: string partition: - description: 'partition is the partition - in the volume that you want to mount. - If omitted, the default is to mount by - volume name. Examples: For volume /dev/sda1, - you specify the partition as "1". Similarly, - the volume partition for /dev/sda is "0" - (or you can leave the property empty). - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' format: int32 type: integer pdName: - description: 'pdName is unique name of the - PD resource in GCE. Used to identify the - disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: string readOnly: - description: 'readOnly here will force the - ReadOnly setting in VolumeMounts. Defaults - to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: boolean required: - pdName type: object glusterfs: - description: 'glusterfs represents a Glusterfs - mount on the host that shares a pod''s lifetime. - More info: https://examples.k8s.io/volumes/glusterfs/README.md' properties: endpoints: - description: 'endpoints is the endpoint - name that details Glusterfs topology. - More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string path: - description: 'path is the Glusterfs volume - path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string readOnly: - description: 'readOnly here will force the - Glusterfs volume to be mounted with read-only - permissions. Defaults to false. More info: - https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: boolean required: - endpoints - path type: object hostPath: - description: 'hostPath represents a pre-existing - file or directory on the host machine that - is directly exposed to the container. This - is generally used for system agents or other - privileged things that are allowed to see - the host machine. Most containers will NOT - need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict who - can use host directory mounts and who can/can - not mount host directories as read/write.' properties: path: - description: 'path of the directory on the - host. If the path is a symlink, it will - follow the link to the real path. More - info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string type: - description: 'type for HostPath Volume Defaults - to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string required: - path type: object iscsi: - description: 'iscsi represents an ISCSI Disk - resource that is attached to a kubelet''s - host machine and then exposed to the pod. - More info: https://examples.k8s.io/volumes/iscsi/README.md' properties: chapAuthDiscovery: - description: chapAuthDiscovery defines whether - support iSCSI Discovery CHAP authentication type: boolean chapAuthSession: - description: chapAuthSession defines whether - support iSCSI Session CHAP authentication type: boolean fsType: - description: 'fsType is the filesystem type - of the volume that you want to mount. - Tip: Ensure that the filesystem type is - supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the - filesystem from compromising the machine' type: string initiatorName: - description: initiatorName is the custom - iSCSI Initiator Name. If initiatorName - is specified with iscsiInterface simultaneously, - new iSCSI interface : will be created for the connection. type: string iqn: - description: iqn is the target iSCSI Qualified - Name. type: string iscsiInterface: - description: iscsiInterface is the interface - Name that uses an iSCSI transport. Defaults - to 'default' (tcp). type: string lun: - description: lun represents iSCSI Target - Lun number. format: int32 type: integer portals: - description: portals is the iSCSI Target - Portal List. The portal is either an IP - or ip_addr:port if the port is other than - default (typically TCP ports 860 and 3260). items: type: string type: array x-kubernetes-list-type: atomic readOnly: - description: readOnly here will force the - ReadOnly setting in VolumeMounts. Defaults - to false. type: boolean secretRef: - description: secretRef is the CHAP Secret - for iSCSI target and initiator authentication properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value here - are almost certainly wrong. TODO: - Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic targetPortal: - description: targetPortal is iSCSI Target - Portal. The Portal is either an IP or - ip_addr:port if the port is other than - default (typically TCP ports 860 and 3260). type: string required: - iqn @@ -25500,194 +8999,68 @@ spec: - targetPortal type: object name: - description: 'name of the volume. Must be a - DNS_LABEL and unique within the pod. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string nfs: - description: 'nfs represents an NFS mount on - the host that shares a pod''s lifetime More - info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' properties: path: - description: 'path that is exported by the - NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string readOnly: - description: 'readOnly here will force the - NFS export to be mounted with read-only - permissions. Defaults to false. More info: - https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: boolean server: - description: 'server is the hostname or - IP address of the NFS server. More info: - https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string required: - path - server type: object persistentVolumeClaim: - description: 'persistentVolumeClaimVolumeSource - represents a reference to a PersistentVolumeClaim - in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: claimName: - description: 'claimName is the name of a - PersistentVolumeClaim in the same namespace - as the pod using this volume. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' type: string readOnly: - description: readOnly Will force the ReadOnly - setting in VolumeMounts. Default false. type: boolean required: - claimName type: object photonPersistentDisk: - description: photonPersistentDisk represents - a PhotonController persistent disk attached - and mounted on kubelets host machine properties: fsType: - description: fsType is the filesystem type - to mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to - be "ext4" if unspecified. type: string pdID: - description: pdID is the ID that identifies - Photon Controller persistent disk type: string required: - pdID type: object portworxVolume: - description: portworxVolume represents a portworx - volume attached and mounted on kubelets host - machine properties: fsType: - description: fSType represents the filesystem - type to mount Must be a filesystem type - supported by the host operating system. - Ex. "ext4", "xfs". Implicitly inferred - to be "ext4" if unspecified. type: string readOnly: - description: readOnly defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. type: boolean volumeID: - description: volumeID uniquely identifies - a Portworx volume type: string required: - volumeID type: object projected: - description: projected items for all in one - resources secrets, configmaps, and downward - API properties: defaultMode: - description: defaultMode are the mode bits - used to set permissions on created files - by default. Must be an octal value between - 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and - decimal values, JSON requires decimal - values for mode bits. Directories within - the path are not affected by this setting. - This might be in conflict with other options - that affect the file mode, like fsGroup, - and the result can be other mode bits - set. format: int32 type: integer sources: - description: sources is the list of volume - projections items: - description: Projection that may be projected - along with other supported volume types properties: clusterTrustBundle: - description: "ClusterTrustBundle allows - a pod to access the `.spec.trustBundle` - field of ClusterTrustBundle objects - in an auto-updating file. \n Alpha, - gated by the ClusterTrustBundleProjection - feature gate. \n ClusterTrustBundle - objects can either be selected by - name, or by the combination of signer - name and a label selector. \n Kubelet - performs aggressive normalization - of the PEM contents written into - the pod filesystem. Esoteric PEM - features such as inter-block comments - and block headers are stripped. - \ Certificates are deduplicated. - The ordering of certificates within - the file is arbitrary, and Kubelet - may change the order over time." properties: labelSelector: - description: Select all ClusterTrustBundles - that match this label selector. Only - has effect if signerName is - set. Mutually-exclusive with - name. If unset, interpreted - as "match nothing". If set - but empty, interpreted as "match - everything". properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key and - values. properties: key: - description: key is - the label key that - the selector applies - to. type: string operator: - description: operator - represents a key's - relationship to a - set of values. Valid - operators are In, - NotIn, Exists and - DoesNotExist. type: string values: - description: values - is an array of string - values. If the operator - is In or NotIn, the - values array must - be non-empty. If the - operator is Exists - or DoesNotExist, the - values array must - be empty. This array - is replaced during - a strategic merge - patch. items: type: string type: array @@ -25701,110 +9074,31 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in - the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic name: - description: Select a single ClusterTrustBundle - by object name. Mutually-exclusive - with signerName and labelSelector. type: string optional: - description: If true, don't block - pod startup if the referenced - ClusterTrustBundle(s) aren't - available. If using name, then - the named ClusterTrustBundle - is allowed not to exist. If - using signerName, then the combination - of signerName and labelSelector - is allowed to match zero ClusterTrustBundles. type: boolean path: - description: Relative path from - the volume root to write the - bundle. type: string signerName: - description: Select all ClusterTrustBundles - that match this signer name. - Mutually-exclusive with name. The - contents of all selected ClusterTrustBundles - will be unified and deduplicated. type: string required: - path type: object configMap: - description: configMap information - about the configMap data to project properties: items: - description: items if unspecified, - each key-value pair in the Data - field of the referenced ConfigMap - will be projected into the volume - as a file whose name is the - key and content is the value. - If specified, the listed keys - will be projected into the specified - paths, and unlisted keys will - not be present. If a key is - specified which is not present - in the ConfigMap, the volume - setup will error unless it is - marked optional. Paths must - be relative and may not contain - the '..' path or start with - '..'. items: - description: Maps a string key - to a path within a volume. properties: key: - description: key is the - key to project. type: string mode: - description: 'mode is Optional: - mode bits used to set - permissions on this file. - Must be an octal value - between 0000 and 0777 - or a decimal value between - 0 and 511. YAML accepts - both octal and decimal - values, JSON requires - decimal values for mode - bits. If not specified, - the volume defaultMode - will be used. This might - be in conflict with other - options that affect the - file mode, like fsGroup, - and the result can be - other mode bits set.' format: int32 type: integer path: - description: path is the - relative path of the file - to map the key to. May - not be an absolute path. - May not contain the path - element '..'. May not - start with the string - '..'. type: string required: - key @@ -25814,124 +9108,42 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional specify - whether the ConfigMap or its - keys must be defined type: boolean type: object x-kubernetes-map-type: atomic downwardAPI: - description: downwardAPI information - about the downwardAPI data to project properties: items: - description: Items is a list of - DownwardAPIVolume file items: - description: DownwardAPIVolumeFile - represents information to - create the file containing - the pod field properties: fieldRef: - description: 'Required: - Selects a field of the - pod: only annotations, - labels, name, namespace - and uid are supported.' properties: apiVersion: - description: Version - of the schema the - FieldPath is written - in terms of, defaults - to "v1". type: string fieldPath: - description: Path of - the field to select - in the specified API - version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: - mode bits used to set - permissions on this file, - must be an octal value - between 0000 and 0777 - or a decimal value between - 0 and 511. YAML accepts - both octal and decimal - values, JSON requires - decimal values for mode - bits. If not specified, - the volume defaultMode - will be used. This might - be in conflict with other - options that affect the - file mode, like fsGroup, - and the result can be - other mode bits set.' format: int32 type: integer path: - description: 'Required: - Path is the relative - path name of the file - to be created. Must not - be absolute or contain - the ''..'' path. Must - be utf-8 encoded. The - first item of the relative - path must not start with - ''..''' type: string resourceFieldRef: - description: 'Selects a - resource of the container: - only resources limits - and requests (limits.cpu, - limits.memory, requests.cpu - and requests.memory) are - currently supported.' properties: containerName: - description: 'Container - name: required for - volumes, optional - for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies - the output format - of the exposed resources, - defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: - resource to select' type: string required: - resource @@ -25944,64 +9156,16 @@ spec: x-kubernetes-list-type: atomic type: object secret: - description: secret information about - the secret data to project properties: items: - description: items if unspecified, - each key-value pair in the Data - field of the referenced Secret - will be projected into the volume - as a file whose name is the - key and content is the value. - If specified, the listed keys - will be projected into the specified - paths, and unlisted keys will - not be present. If a key is - specified which is not present - in the Secret, the volume setup - will error unless it is marked - optional. Paths must be relative - and may not contain the '..' - path or start with '..'. items: - description: Maps a string key - to a path within a volume. properties: key: - description: key is the - key to project. type: string mode: - description: 'mode is Optional: - mode bits used to set - permissions on this file. - Must be an octal value - between 0000 and 0777 - or a decimal value between - 0 and 511. YAML accepts - both octal and decimal - values, JSON requires - decimal values for mode - bits. If not specified, - the volume defaultMode - will be used. This might - be in conflict with other - options that affect the - file mode, like fsGroup, - and the result can be - other mode bits set.' format: int32 type: integer path: - description: path is the - relative path of the file - to map the key to. May - not be an absolute path. - May not contain the path - element '..'. May not - start with the string - '..'. type: string required: - key @@ -26011,63 +9175,19 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional field specify - whether the Secret or its key - must be defined type: boolean type: object x-kubernetes-map-type: atomic serviceAccountToken: - description: serviceAccountToken is - information about the serviceAccountToken - data to project properties: audience: - description: audience is the intended - audience of the token. A recipient - of a token must identify itself - with an identifier specified - in the audience of the token, - and otherwise should reject - the token. The audience defaults - to the identifier of the apiserver. type: string expirationSeconds: - description: expirationSeconds - is the requested duration of - validity of the service account - token. As the token approaches - expiration, the kubelet volume - plugin will proactively rotate - the service account token. The - kubelet will start trying to - rotate the token if the token - is older than 80 percent of - its time to live or if the token - is older than 24 hours.Defaults - to 1 hour and must be at least - 10 minutes. format: int64 type: integer path: - description: path is the path - relative to the mount point - of the file to project the token - into. type: string required: - path @@ -26077,183 +9197,79 @@ spec: x-kubernetes-list-type: atomic type: object quobyte: - description: quobyte represents a Quobyte mount - on the host that shares a pod's lifetime properties: group: - description: group to map volume access - to Default is no group type: string readOnly: - description: readOnly here will force the - Quobyte volume to be mounted with read-only - permissions. Defaults to false. type: boolean registry: - description: registry represents a single - or multiple Quobyte Registry services - specified as a string as host:port pair - (multiple entries are separated with commas) - which acts as the central registry for - volumes type: string tenant: - description: tenant owning the given Quobyte - volume in the Backend Used with dynamically - provisioned Quobyte volumes, value is - set by the plugin type: string user: - description: user to map volume access to - Defaults to serivceaccount user type: string volume: - description: volume is a string that references - an already created Quobyte volume by name. type: string required: - registry - volume type: object rbd: - description: 'rbd represents a Rados Block Device - mount on the host that shares a pod''s lifetime. - More info: https://examples.k8s.io/volumes/rbd/README.md' properties: fsType: - description: 'fsType is the filesystem type - of the volume that you want to mount. - Tip: Ensure that the filesystem type is - supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the - filesystem from compromising the machine' type: string image: - description: 'image is the rados image name. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string keyring: - description: 'keyring is the path to key - ring for RBDUser. Default is /etc/ceph/keyring. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string monitors: - description: 'monitors is a collection of - Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' items: type: string type: array x-kubernetes-list-type: atomic pool: - description: 'pool is the rados pool name. - Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string readOnly: - description: 'readOnly here will force the - ReadOnly setting in VolumeMounts. Defaults - to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: boolean secretRef: - description: 'secretRef is name of the authentication - secret for RBDUser. If provided overrides - keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value here - are almost certainly wrong. TODO: - Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is the rados user name. - Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string required: - image - monitors type: object scaleIO: - description: scaleIO represents a ScaleIO persistent - volume attached and mounted on Kubernetes - nodes. properties: fsType: - description: fsType is the filesystem type - to mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Default is "xfs". type: string gateway: - description: gateway is the host address - of the ScaleIO API Gateway. type: string protectionDomain: - description: protectionDomain is the name - of the ScaleIO Protection Domain for the - configured storage. type: string readOnly: - description: readOnly Defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: secretRef references to the - secret for ScaleIO user and other sensitive - information. If this is not provided, - Login operation will fail. properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value here - are almost certainly wrong. TODO: - Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic sslEnabled: - description: sslEnabled Flag enable/disable - SSL communication with Gateway, default - false type: boolean storageMode: - description: storageMode indicates whether - the storage for a volume should be ThickProvisioned - or ThinProvisioned. Default is ThinProvisioned. type: string storagePool: - description: storagePool is the ScaleIO - Storage Pool associated with the protection - domain. type: string system: - description: system is the name of the storage - system as configured in ScaleIO. type: string volumeName: - description: volumeName is the name of a - volume already created in the ScaleIO - system that is associated with this volume - source. type: string required: - gateway @@ -26261,68 +9277,19 @@ spec: - system type: object secret: - description: 'secret represents a secret that - should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' properties: defaultMode: - description: 'defaultMode is Optional: mode - bits used to set permissions on created - files by default. Must be an octal value - between 0000 and 0777 or a decimal value - between 0 and 511. YAML accepts both octal - and decimal values, JSON requires decimal - values for mode bits. Defaults to 0644. - Directories within the path are not affected - by this setting. This might be in conflict - with other options that affect the file - mode, like fsGroup, and the result can - be other mode bits set.' format: int32 type: integer items: - description: items If unspecified, each - key-value pair in the Data field of the - referenced Secret will be projected into - the volume as a file whose name is the - key and content is the value. If specified, - the listed keys will be projected into - the specified paths, and unlisted keys - will not be present. If a key is specified - which is not present in the Secret, the - volume setup will error unless it is marked - optional. Paths must be relative and may - not contain the '..' path or start with - '..'. items: - description: Maps a string key to a path - within a volume. properties: key: - description: key is the key to project. type: string mode: - description: 'mode is Optional: mode - bits used to set permissions on - this file. Must be an octal value - between 0000 and 0777 or a decimal - value between 0 and 511. YAML accepts - both octal and decimal values, JSON - requires decimal values for mode - bits. If not specified, the volume - defaultMode will be used. This might - be in conflict with other options - that affect the file mode, like - fsGroup, and the result can be other - mode bits set.' format: int32 type: integer path: - description: path is the relative - path of the file to map the key - to. May not be an absolute path. - May not contain the path element - '..'. May not start with the string - '..'. type: string required: - key @@ -26331,97 +9298,37 @@ spec: type: array x-kubernetes-list-type: atomic optional: - description: optional field specify whether - the Secret or its keys must be defined type: boolean secretName: - description: 'secretName is the name of - the secret in the pod''s namespace to - use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' type: string type: object storageos: - description: storageOS represents a StorageOS - volume attached and mounted on Kubernetes - nodes. properties: fsType: - description: fsType is the filesystem type - to mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to - be "ext4" if unspecified. type: string readOnly: - description: readOnly defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: secretRef specifies the secret - to use for obtaining the StorageOS API - credentials. If not specified, default - values will be attempted. properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value here - are almost certainly wrong. TODO: - Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic volumeName: - description: volumeName is the human-readable - name of the StorageOS volume. Volume - names are only unique within a namespace. type: string volumeNamespace: - description: volumeNamespace specifies the - scope of the volume within StorageOS. If - no namespace is specified then the Pod's - namespace will be used. This allows the - Kubernetes name scoping to be mirrored - within StorageOS for tighter integration. - Set VolumeName to any name to override - the default behaviour. Set to "default" - if you are not using namespaces within - StorageOS. Namespaces that do not pre-exist - within StorageOS will be created. type: string type: object vsphereVolume: - description: vsphereVolume represents a vSphere - volume attached and mounted on kubelets host - machine properties: fsType: - description: fsType is filesystem type to - mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to - be "ext4" if unspecified. type: string storagePolicyID: - description: storagePolicyID is the storage - Policy Based Management (SPBM) profile - ID associated with the StoragePolicyName. type: string storagePolicyName: - description: storagePolicyName is the storage - Policy Based Management (SPBM) profile - name. type: string volumePath: - description: volumePath is the path that - identifies vSphere volume vmdk type: string required: - volumePath @@ -26434,302 +9341,119 @@ spec: type: array type: object name: - description: Name specifies the name of the session type: string repositories: - description: Repositories specifies a list of repository information - where the backed up data will be stored. KubeStash will create - the respective Repository CRs using this information. items: - description: RepositoryInfo specifies information about the - repository where the backed up data will be stored. KubeStash - will create the respective Repository CR from this information. properties: backend: - description: Backend specifies the name of the backend - where this repository will be initialized. This should - point to a backend name specified in `.spec.backends` - section. For using a default backend, keep this field - empty. type: string + backupVerifier: + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object deletionPolicy: - description: DeletionPolicy specifies what to do when - you delete a Repository CR. enum: - Delete - WipeOut type: string directory: - description: Directory specifies the path inside the backend - where the backed up data will be stored. type: string encryptionSecret: - description: EncryptionSecret refers to the Secret containing - the encryption key which will be used to encode/decode - the backed up dta. You can refer to a Secret of a different - namespace. If you don't provide the namespace field, - KubeStash will look for the Secret in the same namespace - as the BackupConfiguration / BackupBatch. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string required: - name type: object name: - description: Name specifies the name of the Repository type: string type: object type: array retryConfig: - description: RetryConfig specifies the behavior of retry in - case of a backup failure. properties: delay: - description: 'The amount of time to wait before next retry. - If you don''t specify this field, KubeStash will retry - immediately. Format: 30s, 2m, 1h etc.' type: string maxRetry: default: 1 - description: MaxRetry specifies the maximum number of times - KubeStash should retry the backup/restore process. By - default, KubeStash will retry only 1 time. format: int32 minimum: 1 type: integer type: object scheduler: - description: Scheduler specifies the configuration for backup - triggering CronJob properties: concurrencyPolicy: - description: 'Specifies how to treat concurrent executions - of a Job. Valid values are: - "Allow" (default): allows - CronJobs to run concurrently; - "Forbid": forbids concurrent - runs, skipping next run if previous run hasn''t finished - yet; - "Replace": cancels currently running job and replaces - it with a new one' type: string failedJobsHistoryLimit: - description: The number of failed finished jobs to retain. - Value must be non-negative integer. Defaults to 1. format: int32 type: integer jobTemplate: - description: Specifies the job that will be created when - executing a CronJob. properties: activeDeadlineSeconds: - description: Specifies the duration in seconds relative - to the startTime that the job may be continuously - active before the system tries to terminate it; value - must be positive integer. If a Job is suspended (at - creation or through an update), this timer will effectively - be stopped and reset when the Job is resumed again. format: int64 type: integer backoffLimit: - description: Specifies the number of retries before - marking this job failed. Defaults to 6 format: int32 type: integer completionMode: - description: "CompletionMode specifies how Pod completions - are tracked. It can be `NonIndexed` (default) or `Indexed`. - \n `NonIndexed` means that the Job is considered complete - when there have been .spec.completions successfully - completed Pods. Each Pod completion is homologous - to each other. \n `Indexed` means that the Pods of - a Job get an associated completion index from 0 to - (.spec.completions - 1), available in the annotation - batch.kubernetes.io/job-completion-index. The Job - is considered complete when there is one successfully - completed Pod for each index. When value is `Indexed`, - .spec.completions must be specified and `.spec.parallelism` - must be less than or equal to 10^5. \n This field - is alpha-level and is only honored by servers that - enable the IndexedJob feature gate. More completion - modes can be added in the future. If the Job controller - observes a mode that it doesn't recognize, the controller - skips updates for the Job." type: string completions: - description: 'Specifies the desired number of successfully - finished pods the job should be run with. Setting - to nil means that the success of any pod signals the - success of all pods, and allows parallelism to have - any positive value. Setting to 1 means that parallelism - is limited to 1 and the success of that pod signals - the success of the job. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/' format: int32 type: integer parallelism: - description: 'Specifies the maximum desired number of - pods the job should run at any given time. The actual - number of pods running in steady state will be less - than this number when ((.spec.completions - .status.successful) - < .spec.parallelism), i.e. when the work left to do - is less than max parallelism. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/' format: int32 type: integer suspend: - description: Suspend specifies whether the Job controller - should create Pods or not. If a Job is created with - suspend set to true, no Pods are created by the Job - controller. If a Job is suspended after creation (i.e. - the flag goes from false to true), the Job controller - will delete all active Pods associated with this Job. - Users must design their workload to gracefully handle - this. Suspending a Job will reset the StartTime field - of the Job, effectively resetting the ActiveDeadlineSeconds - timer too. This is an alpha field and requires the - SuspendJob feature gate to be enabled; otherwise this - field may not be set to true. Defaults to false. type: boolean template: - description: Describes the pod that will be created - when executing a job. properties: controller: - description: 'Workload controller''s metadata. More - info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' properties: annotations: additionalProperties: type: string - description: 'Annotations is an unstructured - key value map stored with a resource that - may be set by external tools to store and - retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying - objects. More info: http://kubernetes.io/docs/user-guide/annotations' type: object labels: additionalProperties: type: string - description: 'Map of string keys and values - that can be used to organize and categorize - (scope and select) objects. May match selectors - of replication controllers and services. More - info: http://kubernetes.io/docs/user-guide/labels' type: object type: object metadata: - description: 'Standard object''s metadata. More - info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' properties: annotations: additionalProperties: type: string - description: 'Annotations is an unstructured - key value map stored with a resource that - may be set by external tools to store and - retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying - objects. More info: http://kubernetes.io/docs/user-guide/annotations' type: object labels: additionalProperties: type: string - description: 'Map of string keys and values - that can be used to organize and categorize - (scope and select) objects. May match selectors - of replication controllers and services. More - info: http://kubernetes.io/docs/user-guide/labels' type: object type: object spec: - description: 'Specification of the desired behavior - of the pod. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status' properties: affinity: - description: If specified, the pod's scheduling - constraints properties: nodeAffinity: - description: Describes node affinity scheduling - rules for the pod. properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer - to schedule pods to nodes that satisfy - the affinity expressions specified - by this field, but it may choose a - node that violates one or more of - the expressions. The node that is - most preferred is the one with the - greatest sum of weights, i.e. for - each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute - a sum by iterating through the elements - of this field and adding "weight" - to the sum if the node matches the - corresponding matchExpressions; the - node(s) with the highest sum are the - most preferred. items: - description: An empty preferred scheduling - term matches all objects with implicit - weight 0 (i.e. it's a no-op). A - null preferred scheduling term matches - no objects (i.e. is also a no-op). properties: preference: - description: A node selector term, - associated with the corresponding - weight. properties: matchExpressions: - description: A list of node - selector requirements by - node's labels. items: - description: A node selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key and - values. properties: key: - description: The label - key that the selector - applies to. type: string operator: - description: Represents - a key's relationship - to a set of values. - Valid operators are - In, NotIn, Exists, - DoesNotExist. Gt, - and Lt. type: string values: - description: An array - of string values. - If the operator is - In or NotIn, the values - array must be non-empty. - If the operator is - Exists or DoesNotExist, - the values array must - be empty. If the operator - is Gt or Lt, the values - array must have a - single element, which - will be interpreted - as an integer. This - array is replaced - during a strategic - merge patch. items: type: string type: array @@ -26741,49 +9465,13 @@ spec: type: array x-kubernetes-list-type: atomic matchFields: - description: A list of node - selector requirements by - node's fields. items: - description: A node selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key and - values. properties: key: - description: The label - key that the selector - applies to. type: string operator: - description: Represents - a key's relationship - to a set of values. - Valid operators are - In, NotIn, Exists, - DoesNotExist. Gt, - and Lt. type: string values: - description: An array - of string values. - If the operator is - In or NotIn, the values - array must be non-empty. - If the operator is - Exists or DoesNotExist, - the values array must - be empty. If the operator - is Gt or Lt, the values - array must have a - single element, which - will be interpreted - as an integer. This - array is replaced - during a strategic - merge patch. items: type: string type: array @@ -26797,10 +9485,6 @@ spec: type: object x-kubernetes-map-type: atomic weight: - description: Weight associated - with matching the corresponding - nodeSelectorTerm, in the range - 1-100. format: int32 type: integer required: @@ -26810,73 +9494,18 @@ spec: type: array x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements - specified by this field are not met - at scheduling time, the pod will not - be scheduled onto the node. If the - affinity requirements specified by - this field cease to be met at some - point during pod execution (e.g. due - to an update), the system may or may - not try to eventually evict the pod - from its node. properties: nodeSelectorTerms: - description: Required. A list of - node selector terms. The terms - are ORed. items: - description: A null or empty node - selector term matches no objects. - The requirements of them are - ANDed. The TopologySelectorTerm - type implements a subset of - the NodeSelectorTerm. properties: matchExpressions: - description: A list of node - selector requirements by - node's labels. items: - description: A node selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key and - values. properties: key: - description: The label - key that the selector - applies to. type: string operator: - description: Represents - a key's relationship - to a set of values. - Valid operators are - In, NotIn, Exists, - DoesNotExist. Gt, - and Lt. type: string values: - description: An array - of string values. - If the operator is - In or NotIn, the values - array must be non-empty. - If the operator is - Exists or DoesNotExist, - the values array must - be empty. If the operator - is Gt or Lt, the values - array must have a - single element, which - will be interpreted - as an integer. This - array is replaced - during a strategic - merge patch. items: type: string type: array @@ -26888,49 +9517,13 @@ spec: type: array x-kubernetes-list-type: atomic matchFields: - description: A list of node - selector requirements by - node's fields. items: - description: A node selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key and - values. properties: key: - description: The label - key that the selector - applies to. type: string operator: - description: Represents - a key's relationship - to a set of values. - Valid operators are - In, NotIn, Exists, - DoesNotExist. Gt, - and Lt. type: string values: - description: An array - of string values. - If the operator is - In or NotIn, the values - array must be non-empty. - If the operator is - Exists or DoesNotExist, - the values array must - be empty. If the operator - is Gt or Lt, the values - array must have a - single element, which - will be interpreted - as an integer. This - array is replaced - during a strategic - merge patch. items: type: string type: array @@ -26951,91 +9544,22 @@ spec: x-kubernetes-map-type: atomic type: object podAffinity: - description: Describes pod affinity scheduling - rules (e.g. co-locate this pod in the - same node, zone, etc. as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer - to schedule pods to nodes that satisfy - the affinity expressions specified - by this field, but it may choose a - node that violates one or more of - the expressions. The node that is - most preferred is the one with the - greatest sum of weights, i.e. for - each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute - a sum by iterating through the elements - of this field and adding "weight" - to the sum if the node has pods which - matches the corresponding podAffinityTerm; - the node(s) with the highest sum are - the most preferred. items: - description: The weights of all of - the matched WeightedPodAffinityTerm - fields are added per-node to find - the most preferred node(s) properties: podAffinityTerm: - description: Required. A pod affinity - term, associated with the corresponding - weight. properties: labelSelector: - description: A label query - over a set of resources, - in this case pods. If it's - null, this PodAffinityTerm - matches with no Pods. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. properties: key: - description: key - is the label key - that the selector - applies to. type: string operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. items: type: string type: array @@ -27049,141 +9573,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys - is a set of pod label keys - to select which pods will - be taken into consideration. - The keys are used to lookup - values from the incoming - pod labels, those key-value - labels are merged with `labelSelector` - as `key in (value)` to select - the group of existing pods - which pods will be taken - into consideration for the - incoming pod's pod (anti) - affinity. Keys that don't - exist in the incoming pod - labels will be ignored. - The default value is empty. - The same key is forbidden - to exist in both matchLabelKeys - and labelSelector. Also, - matchLabelKeys cannot be - set when labelSelector isn't - set. This is an alpha field - and requires enabling MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys - is a set of pod label keys - to select which pods will - be taken into consideration. - The keys are used to lookup - values from the incoming - pod labels, those key-value - labels are merged with `labelSelector` - as `key notin (value)` to - select the group of existing - pods which pods will be - taken into consideration - for the incoming pod's pod - (anti) affinity. Keys that - don't exist in the incoming - pod labels will be ignored. - The default value is empty. - The same key is forbidden - to exist in both mismatchLabelKeys - and labelSelector. Also, - mismatchLabelKeys cannot - be set when labelSelector - isn't set. This is an alpha - field and requires enabling - MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query - over the set of namespaces - that the term applies to. - The term is applied to the - union of the namespaces - selected by this field and - the ones listed in the namespaces - field. null selector and - null or empty namespaces - list means "this pod's namespace". - An empty selector ({}) matches - all namespaces. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. properties: key: - description: key - is the label key - that the selector - applies to. type: string operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. items: type: string type: array @@ -27197,59 +9609,20 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies - a static list of namespace - names that the term applies - to. The term is applied - to the union of the namespaces - listed in this field and - the ones selected by namespaceSelector. - null or empty namespaces - list and null namespaceSelector - means "this pod's namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: - description: This pod should - be co-located (affinity) - or not co-located (anti-affinity) - with the pods matching the - labelSelector in the specified - namespaces, where co-located - is defined as running on - a node whose value of the - label with key topologyKey - matches that of any node - on which any of the selected - pods is running. Empty topologyKey - is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated - with matching the corresponding - podAffinityTerm, in the range - 1-100. format: int32 type: integer required: @@ -27259,81 +9632,18 @@ spec: type: array x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements - specified by this field are not met - at scheduling time, the pod will not - be scheduled onto the node. If the - affinity requirements specified by - this field cease to be met at some - point during pod execution (e.g. due - to a pod label update), the system - may or may not try to eventually evict - the pod from its node. When there - are multiple elements, the lists of - nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must - be satisfied. items: - description: Defines a set of pods - (namely those matching the labelSelector - relative to the given namespace(s)) - that this pod should be co-located - (affinity) or not co-located (anti-affinity) - with, where co-located is defined - as running on a node whose value - of the label with key - matches that of any node on which - a pod of the set of pods is running properties: labelSelector: - description: A label query over - a set of resources, in this - case pods. If it's null, this - PodAffinityTerm matches with - no Pods. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key and - values. properties: key: - description: key is - the label key that - the selector applies - to. type: string operator: - description: operator - represents a key's - relationship to a - set of values. Valid - operators are In, - NotIn, Exists and - DoesNotExist. type: string values: - description: values - is an array of string - values. If the operator - is In or NotIn, the - values array must - be non-empty. If the - operator is Exists - or DoesNotExist, the - values array must - be empty. This array - is replaced during - a strategic merge - patch. items: type: string type: array @@ -27347,129 +9657,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in - the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is - a set of pod label keys to select - which pods will be taken into - consideration. The keys are - used to lookup values from the - incoming pod labels, those key-value - labels are merged with `labelSelector` - as `key in (value)` to select - the group of existing pods which - pods will be taken into consideration - for the incoming pod's pod (anti) - affinity. Keys that don't exist - in the incoming pod labels will - be ignored. The default value - is empty. The same key is forbidden - to exist in both matchLabelKeys - and labelSelector. Also, matchLabelKeys - cannot be set when labelSelector - isn't set. This is an alpha - field and requires enabling - MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys - is a set of pod label keys to - select which pods will be taken - into consideration. The keys - are used to lookup values from - the incoming pod labels, those - key-value labels are merged - with `labelSelector` as `key - notin (value)` to select the - group of existing pods which - pods will be taken into consideration - for the incoming pod's pod (anti) - affinity. Keys that don't exist - in the incoming pod labels will - be ignored. The default value - is empty. The same key is forbidden - to exist in both mismatchLabelKeys - and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector - isn't set. This is an alpha - field and requires enabling - MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over - the set of namespaces that the - term applies to. The term is - applied to the union of the - namespaces selected by this - field and the ones listed in - the namespaces field. null selector - and null or empty namespaces - list means "this pod's namespace". - An empty selector ({}) matches - all namespaces. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key and - values. properties: key: - description: key is - the label key that - the selector applies - to. type: string operator: - description: operator - represents a key's - relationship to a - set of values. Valid - operators are In, - NotIn, Exists and - DoesNotExist. type: string values: - description: values - is an array of string - values. If the operator - is In or NotIn, the - values array must - be non-empty. If the - operator is Exists - or DoesNotExist, the - values array must - be empty. This array - is replaced during - a strategic merge - patch. items: type: string type: array @@ -27483,47 +9693,15 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in - the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies - a static list of namespace names - that the term applies to. The - term is applied to the union - of the namespaces listed in - this field and the ones selected - by namespaceSelector. null or - empty namespaces list and null - namespaceSelector means "this - pod's namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: - description: This pod should be - co-located (affinity) or not - co-located (anti-affinity) with - the pods matching the labelSelector - in the specified namespaces, - where co-located is defined - as running on a node whose value - of the label with key topologyKey - matches that of any node on - which any of the selected pods - is running. Empty topologyKey - is not allowed. type: string required: - topologyKey @@ -27532,92 +9710,22 @@ spec: x-kubernetes-list-type: atomic type: object podAntiAffinity: - description: Describes pod anti-affinity - scheduling rules (e.g. avoid putting this - pod in the same node, zone, etc. as some - other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer - to schedule pods to nodes that satisfy - the anti-affinity expressions specified - by this field, but it may choose a - node that violates one or more of - the expressions. The node that is - most preferred is the one with the - greatest sum of weights, i.e. for - each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - anti-affinity expressions, etc.), - compute a sum by iterating through - the elements of this field and adding - "weight" to the sum if the node has - pods which matches the corresponding - podAffinityTerm; the node(s) with - the highest sum are the most preferred. items: - description: The weights of all of - the matched WeightedPodAffinityTerm - fields are added per-node to find - the most preferred node(s) properties: podAffinityTerm: - description: Required. A pod affinity - term, associated with the corresponding - weight. properties: labelSelector: - description: A label query - over a set of resources, - in this case pods. If it's - null, this PodAffinityTerm - matches with no Pods. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. properties: key: - description: key - is the label key - that the selector - applies to. type: string operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. items: type: string type: array @@ -27631,141 +9739,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys - is a set of pod label keys - to select which pods will - be taken into consideration. - The keys are used to lookup - values from the incoming - pod labels, those key-value - labels are merged with `labelSelector` - as `key in (value)` to select - the group of existing pods - which pods will be taken - into consideration for the - incoming pod's pod (anti) - affinity. Keys that don't - exist in the incoming pod - labels will be ignored. - The default value is empty. - The same key is forbidden - to exist in both matchLabelKeys - and labelSelector. Also, - matchLabelKeys cannot be - set when labelSelector isn't - set. This is an alpha field - and requires enabling MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys - is a set of pod label keys - to select which pods will - be taken into consideration. - The keys are used to lookup - values from the incoming - pod labels, those key-value - labels are merged with `labelSelector` - as `key notin (value)` to - select the group of existing - pods which pods will be - taken into consideration - for the incoming pod's pod - (anti) affinity. Keys that - don't exist in the incoming - pod labels will be ignored. - The default value is empty. - The same key is forbidden - to exist in both mismatchLabelKeys - and labelSelector. Also, - mismatchLabelKeys cannot - be set when labelSelector - isn't set. This is an alpha - field and requires enabling - MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query - over the set of namespaces - that the term applies to. - The term is applied to the - union of the namespaces - selected by this field and - the ones listed in the namespaces - field. null selector and - null or empty namespaces - list means "this pod's namespace". - An empty selector ({}) matches - all namespaces. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. properties: key: - description: key - is the label key - that the selector - applies to. type: string operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. items: type: string type: array @@ -27779,59 +9775,20 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies - a static list of namespace - names that the term applies - to. The term is applied - to the union of the namespaces - listed in this field and - the ones selected by namespaceSelector. - null or empty namespaces - list and null namespaceSelector - means "this pod's namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: - description: This pod should - be co-located (affinity) - or not co-located (anti-affinity) - with the pods matching the - labelSelector in the specified - namespaces, where co-located - is defined as running on - a node whose value of the - label with key topologyKey - matches that of any node - on which any of the selected - pods is running. Empty topologyKey - is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated - with matching the corresponding - podAffinityTerm, in the range - 1-100. format: int32 type: integer required: @@ -27841,81 +9798,18 @@ spec: type: array x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements - specified by this field are not met - at scheduling time, the pod will not - be scheduled onto the node. If the - anti-affinity requirements specified - by this field cease to be met at some - point during pod execution (e.g. due - to a pod label update), the system - may or may not try to eventually evict - the pod from its node. When there - are multiple elements, the lists of - nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must - be satisfied. items: - description: Defines a set of pods - (namely those matching the labelSelector - relative to the given namespace(s)) - that this pod should be co-located - (affinity) or not co-located (anti-affinity) - with, where co-located is defined - as running on a node whose value - of the label with key - matches that of any node on which - a pod of the set of pods is running properties: labelSelector: - description: A label query over - a set of resources, in this - case pods. If it's null, this - PodAffinityTerm matches with - no Pods. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key and - values. properties: key: - description: key is - the label key that - the selector applies - to. type: string operator: - description: operator - represents a key's - relationship to a - set of values. Valid - operators are In, - NotIn, Exists and - DoesNotExist. type: string values: - description: values - is an array of string - values. If the operator - is In or NotIn, the - values array must - be non-empty. If the - operator is Exists - or DoesNotExist, the - values array must - be empty. This array - is replaced during - a strategic merge - patch. items: type: string type: array @@ -27929,129 +9823,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in - the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is - a set of pod label keys to select - which pods will be taken into - consideration. The keys are - used to lookup values from the - incoming pod labels, those key-value - labels are merged with `labelSelector` - as `key in (value)` to select - the group of existing pods which - pods will be taken into consideration - for the incoming pod's pod (anti) - affinity. Keys that don't exist - in the incoming pod labels will - be ignored. The default value - is empty. The same key is forbidden - to exist in both matchLabelKeys - and labelSelector. Also, matchLabelKeys - cannot be set when labelSelector - isn't set. This is an alpha - field and requires enabling - MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys - is a set of pod label keys to - select which pods will be taken - into consideration. The keys - are used to lookup values from - the incoming pod labels, those - key-value labels are merged - with `labelSelector` as `key - notin (value)` to select the - group of existing pods which - pods will be taken into consideration - for the incoming pod's pod (anti) - affinity. Keys that don't exist - in the incoming pod labels will - be ignored. The default value - is empty. The same key is forbidden - to exist in both mismatchLabelKeys - and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector - isn't set. This is an alpha - field and requires enabling - MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over - the set of namespaces that the - term applies to. The term is - applied to the union of the - namespaces selected by this - field and the ones listed in - the namespaces field. null selector - and null or empty namespaces - list means "this pod's namespace". - An empty selector ({}) matches - all namespaces. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key and - values. properties: key: - description: key is - the label key that - the selector applies - to. type: string operator: - description: operator - represents a key's - relationship to a - set of values. Valid - operators are In, - NotIn, Exists and - DoesNotExist. type: string values: - description: values - is an array of string - values. If the operator - is In or NotIn, the - values array must - be non-empty. If the - operator is Exists - or DoesNotExist, the - values array must - be empty. This array - is replaced during - a strategic merge - patch. items: type: string type: array @@ -28065,47 +9859,15 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in - the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies - a static list of namespace names - that the term applies to. The - term is applied to the union - of the namespaces listed in - this field and the ones selected - by namespaceSelector. null or - empty namespaces list and null - namespaceSelector means "this - pod's namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: - description: This pod should be - co-located (affinity) or not - co-located (anti-affinity) with - the pods matching the labelSelector - in the specified namespaces, - where co-located is defined - as running on a node whose value - of the label with key topologyKey - matches that of any node on - which any of the selected pods - is running. Empty topologyKey - is not allowed. type: string required: - topologyKey @@ -28115,281 +9877,92 @@ spec: type: object type: object args: - description: 'Arguments to the entrypoint. The - docker image''s CMD is used if this is not - provided. Variable references $(VAR_NAME) - are expanded using the container''s environment. - If a variable cannot be resolved, the reference - in the input string will be unchanged. The - $(VAR_NAME) syntax can be escaped with a double - $$, ie: $$(VAR_NAME). Escaped references will - never be expanded, regardless of whether the - variable exists or not. Cannot be updated. - More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array containerSecurityContext: - description: 'Security options the pod should - run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls - whether a process can gain more privileges - than its parent process. This bool directly - controls if the no_new_privs flag will - be set on the container process. AllowPrivilegeEscalation - is true always when the container is: - 1) run as Privileged 2) has CAP_SYS_ADMIN - Note that this field cannot be set when - spec.os.name is windows.' type: boolean appArmorProfile: - description: appArmorProfile is the AppArmor - options to use by this container. If set, - this profile overrides the pod's appArmorProfile. - Note that this field cannot be set when - spec.os.name is windows. properties: localhostProfile: - description: localhostProfile indicates - a profile loaded on the node that - should be used. The profile must be - preconfigured on the node to work. - Must match the loaded name of the - profile. Must be set if and only if - type is "Localhost". type: string type: - description: 'type indicates which kind - of AppArmor profile will be applied. - Valid options are: Localhost - a profile - pre-loaded on the node. RuntimeDefault - - the container runtime''s default - profile. Unconfined - no AppArmor - enforcement.' type: string required: - type type: object capabilities: - description: The capabilities to add/drop - when running containers. Defaults to the - default set of capabilities granted by - the container runtime. Note that this - field cannot be set when spec.os.name - is windows. properties: add: - description: Added capabilities items: - description: Capability represent - POSIX capabilities type type: string type: array x-kubernetes-list-type: atomic drop: - description: Removed capabilities items: - description: Capability represent - POSIX capabilities type type: string type: array x-kubernetes-list-type: atomic type: object privileged: - description: Run container in privileged - mode. Processes in privileged containers - are essentially equivalent to root on - the host. Defaults to false. Note that - this field cannot be set when spec.os.name - is windows. type: boolean procMount: - description: procMount denotes the type - of proc mount to use for the containers. - The default is DefaultProcMount which - uses the container runtime defaults for - readonly paths and masked paths. This - requires the ProcMountType feature flag - to be enabled. Note that this field cannot - be set when spec.os.name is windows. type: string readOnlyRootFilesystem: - description: Whether this container has - a read-only root filesystem. Default is - false. Note that this field cannot be - set when spec.os.name is windows. type: boolean runAsGroup: - description: The GID to run the entrypoint - of the container process. Uses runtime - default if unset. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this field - cannot be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: - description: Indicates that the container - must run as a non-root user. If true, - the Kubelet will validate the image at - runtime to ensure that it does not run - as UID 0 (root) and fail to start the - container if it does. If unset or false, - no such validation will be performed. - May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint - of the container process. Defaults to - user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this field - cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be applied - to the container. If unspecified, the - container runtime will allocate a random - SELinux context for each container. May - also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this field - cannot be set when spec.os.name is windows. properties: level: - description: Level is SELinux level - label that applies to the container. type: string role: - description: Role is a SELinux role - label that applies to the container. type: string type: - description: Type is a SELinux type - label that applies to the container. type: string user: - description: User is a SELinux user - label that applies to the container. type: string type: object seccompProfile: - description: The seccomp options to use - by this container. If seccomp options - are provided at both the pod & container - level, the container options override - the pod options. Note that this field - cannot be set when spec.os.name is windows. properties: localhostProfile: - description: localhostProfile indicates - a profile defined in a file on the - node should be used. The profile must - be preconfigured on the node to work. - Must be a descending path, relative - to the kubelet's configured seccomp - profile location. Must be set if type - is "Localhost". Must NOT be set for - any other type. type: string type: - description: "type indicates which kind - of seccomp profile will be applied. - Valid options are: \n Localhost - - a profile defined in a file on the - node should be used. RuntimeDefault - - the container runtime default profile - should be used. Unconfined - no profile - should be applied." type: string required: - type type: object windowsOptions: - description: The Windows specific settings - applied to all containers. If unspecified, - the options from the PodSecurityContext - will be used. If set in both SecurityContext - and PodSecurityContext, the value specified - in SecurityContext takes precedence. Note - that this field cannot be set when spec.os.name - is linux. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is where - the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential - spec named by the GMSACredentialSpecName - field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName - is the name of the GMSA credential - spec to use. type: string hostProcess: - description: HostProcess determines - if a container should be run as a - 'Host Process' container. All of a - Pod's containers must have the same - effective HostProcess value (it is - not allowed to have a mix of HostProcess - containers and non-HostProcess containers). - In addition, if HostProcess is true - then HostNetwork must also be set - to true. type: boolean runAsUserName: - description: The UserName in Windows - to run the entrypoint of the container - process. Defaults to the user specified - in image metadata if unspecified. - May also be set in PodSecurityContext. - If set in both SecurityContext and - PodSecurityContext, the value specified - in SecurityContext takes precedence. type: string type: object type: object dnsConfig: - description: Specifies the DNS parameters of - a pod. Parameters specified here will be merged - to the generated DNS configuration based on - DNSPolicy. properties: nameservers: - description: A list of DNS name server IP - addresses. This will be appended to the - base nameservers generated from DNSPolicy. - Duplicated nameservers will be removed. items: type: string type: array x-kubernetes-list-type: atomic options: - description: A list of DNS resolver options. - This will be merged with the base options - generated from DNSPolicy. Duplicated entries - will be removed. Resolution options given - in Options will override those that appear - in the base DNSPolicy. items: - description: PodDNSConfigOption defines - DNS resolver options of a pod. properties: name: - description: Required. type: string value: type: string @@ -28397,171 +9970,71 @@ spec: type: array x-kubernetes-list-type: atomic searches: - description: A list of DNS search domains - for host-name lookup. This will be appended - to the base search paths generated from - DNSPolicy. Duplicated search paths will - be removed. items: type: string type: array x-kubernetes-list-type: atomic type: object dnsPolicy: - description: Set DNS policy for the pod. Defaults - to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', - 'ClusterFirst', 'Default' or 'None'. DNS parameters - given in DNSConfig will be merged with the - policy selected with DNSPolicy. To have DNS - options set along with hostNetwork, you have - to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. type: string enableServiceLinks: - description: 'EnableServiceLinks indicates whether - information about services should be injected - into pod''s environment variables, matching - the syntax of Docker links. Optional: Defaults - to true.' type: boolean env: - description: List of environment variables to - set in the container. Cannot be updated. items: - description: EnvVar represents an environment - variable present in a Container. properties: name: - description: Name of the environment variable. - Must be a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) - are expanded using the previously defined - environment variables in the container - and any service environment variables. - If a variable cannot be resolved, the - reference in the input string will be - unchanged. Double $$ are reduced to - a single $, which allows for escaping - the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" - will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, - regardless of whether the variable exists - or not. Defaults to "".' type: string valueFrom: - description: Source for the environment - variable's value. Cannot be used if - value is not empty. properties: configMapKeyRef: - description: Selects a key of a ConfigMap. properties: key: - description: The key to select. type: string name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the - ConfigMap or its key must be - defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of the - pod: supports metadata.name, metadata.namespace, - `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, status.podIPs.' properties: apiVersion: - description: Version of the schema - the FieldPath is written in - terms of, defaults to "v1". type: string fieldPath: - description: Path of the field - to select in the specified API - version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource of - the container: only resources limits - and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' properties: containerName: - description: 'Container name: - required for volumes, optional - for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output - format of the exposed resources, - defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource - to select' type: string required: - resource type: object x-kubernetes-map-type: atomic secretKeyRef: - description: Selects a key of a secret - in the pod's namespace properties: key: - description: The key of the secret - to select from. Must be a valid - secret key. type: string name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the - Secret or its key must be defined type: boolean required: - key @@ -28573,264 +10046,89 @@ spec: type: object type: array hostIPC: - description: 'Use the host''s ipc namespace. - Optional: Default to false.' type: boolean hostNetwork: - description: Host networking requested for this - pod. Use the host's network namespace. If - this option is set, the ports that will be - used must be specified. Default to false. type: boolean hostPID: - description: 'Use the host''s pid namespace. - Optional: Default to false.' type: boolean imagePullSecrets: - description: 'ImagePullSecrets is an optional - list of references to secrets in the same - namespace to use for pulling any of the images - used by this PodSpec. If specified, these - secrets will be passed to individual puller - implementations for them to use. More info: - https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' items: - description: LocalObjectReference contains - enough information to let you locate the - referenced object inside the same namespace. properties: name: default: "" - description: 'Name of the referent. This - field is effectively required, but due - to backwards compatibility is allowed - to be empty. Instances of this type - with an empty value here are almost - certainly wrong. TODO: Add other useful - fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic type: array initContainers: - description: 'List of initialization containers - belonging to the pod. Init containers are - executed in order prior to containers being - started. If any init container fails, the - pod is considered to have failed and is handled - according to its restartPolicy. The name for - an init container or normal container must - be unique among all containers. Init containers - may not have Lifecycle actions, Readiness - probes, or Liveness probes. The resourceRequirements - of an init container are taken into account - during scheduling by finding the highest request/limit - for each resource type, and then using the - max of of that value or the sum of the normal - containers. Limits are applied to init containers - in a similar fashion. Init containers cannot - currently be added or removed. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' items: - description: A single application container - that you want to run within a pod. properties: args: - description: 'Arguments to the entrypoint. - The container image''s CMD is used if - this is not provided. Variable references - $(VAR_NAME) are expanded using the container''s - environment. If a variable cannot be - resolved, the reference in the input - string will be unchanged. Double $$ - are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: - i.e. "$$(VAR_NAME)" will produce the - string literal "$(VAR_NAME)". Escaped - references will never be expanded, regardless - of whether the variable exists or not. - Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array x-kubernetes-list-type: atomic command: - description: 'Entrypoint array. Not executed - within a shell. The container image''s - ENTRYPOINT is used if this is not provided. - Variable references $(VAR_NAME) are - expanded using the container''s environment. - If a variable cannot be resolved, the - reference in the input string will be - unchanged. Double $$ are reduced to - a single $, which allows for escaping - the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" - will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, - regardless of whether the variable exists - or not. Cannot be updated. More info: - https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array x-kubernetes-list-type: atomic env: - description: List of environment variables - to set in the container. Cannot be updated. items: - description: EnvVar represents an environment - variable present in a Container. properties: name: - description: Name of the environment - variable. Must be a C_IDENTIFIER. type: string value: - description: 'Variable references - $(VAR_NAME) are expanded using - the previously defined environment - variables in the container and - any service environment variables. - If a variable cannot be resolved, - the reference in the input string - will be unchanged. Double $$ are - reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: - i.e. "$$(VAR_NAME)" will produce - the string literal "$(VAR_NAME)". - Escaped references will never - be expanded, regardless of whether - the variable exists or not. Defaults - to "".' type: string valueFrom: - description: Source for the environment - variable's value. Cannot be used - if value is not empty. properties: configMapKeyRef: - description: Selects a key of - a ConfigMap. properties: key: - description: The key to - select. type: string name: default: "" - description: 'Name of the - referent. This field is - effectively required, - but due to backwards compatibility - is allowed to be empty. - Instances of this type - with an empty value here - are almost certainly wrong. - TODO: Add other useful - fields. apiVersion, kind, - uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether - the ConfigMap or its key - must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field - of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, - status.podIPs.' properties: apiVersion: - description: Version of - the schema the FieldPath - is written in terms of, - defaults to "v1". type: string fieldPath: - description: Path of the - field to select in the - specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource - of the container: only resources - limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, - requests.cpu, requests.memory - and requests.ephemeral-storage) - are currently supported.' properties: containerName: - description: 'Container - name: required for volumes, - optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the - output format of the exposed - resources, defaults to - "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: - resource to select' type: string required: - resource type: object x-kubernetes-map-type: atomic secretKeyRef: - description: Selects a key of - a secret in the pod's namespace properties: key: - description: The key of - the secret to select from. Must - be a valid secret key. type: string name: default: "" - description: 'Name of the - referent. This field is - effectively required, - but due to backwards compatibility - is allowed to be empty. - Instances of this type - with an empty value here - are almost certainly wrong. - TODO: Add other useful - fields. apiVersion, kind, - uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether - the Secret or its key - must be defined type: boolean required: - key @@ -28845,75 +10143,25 @@ spec: - name x-kubernetes-list-type: map envFrom: - description: List of sources to populate - environment variables in the container. - The keys defined within a source must - be a C_IDENTIFIER. All invalid keys - will be reported as an event when the - container is starting. When a key exists - in multiple sources, the value associated - with the last source will take precedence. - Values defined by an Env with a duplicate - key will take precedence. Cannot be - updated. items: - description: EnvFromSource represents - the source of a set of ConfigMaps properties: configMapRef: - description: The ConfigMap to select - from properties: name: default: "" - description: 'Name of the referent. - This field is effectively - required, but due to backwards - compatibility is allowed to - be empty. Instances of this - type with an empty value here - are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether - the ConfigMap must be defined type: boolean type: object x-kubernetes-map-type: atomic prefix: - description: An optional identifier - to prepend to each key in the - ConfigMap. Must be a C_IDENTIFIER. type: string secretRef: - description: The Secret to select - from properties: name: default: "" - description: 'Name of the referent. - This field is effectively - required, but due to backwards - compatibility is allowed to - be empty. Instances of this - type with an empty value here - are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether - the Secret must be defined type: boolean type: object x-kubernetes-map-type: atomic @@ -28921,91 +10169,31 @@ spec: type: array x-kubernetes-list-type: atomic image: - description: 'Container image name. More - info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher - level config management to default or - override container images in workload - controllers like Deployments and StatefulSets.' type: string imagePullPolicy: - description: 'Image pull policy. One of - Always, Never, IfNotPresent. Defaults - to Always if :latest tag is specified, - or IfNotPresent otherwise. Cannot be - updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' type: string lifecycle: - description: Actions that the management - system should take in response to container - lifecycle events. Cannot be updated. properties: postStart: - description: 'PostStart is called - immediately after a container is - created. If the handler fails, the - container is terminated and restarted - according to its restart policy. - Other management of the container - blocks until the hook completes. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: Exec specifies the - action to take. properties: command: - description: Command is the - command line to execute - inside the container, the - working directory for the - command is root ('/') in - the container's filesystem. - The command is simply exec'd, - it is not run inside a shell, - so traditional shell instructions - ('|', etc) won't work. To - use a shell, you need to - explicitly call out to that - shell. Exit status of 0 - is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies - the http request to perform. properties: host: - description: Host name to - connect to, defaults to - the pod IP. You probably - want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. items: - description: HTTPHeader - describes a custom header - to be used in HTTP probes properties: name: - description: The header - field name. This will - be canonicalized upon - output, so case-variant - names will be understood - as the same header. type: string value: - description: The header - field value type: string required: - name @@ -29014,144 +10202,58 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access - on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use - for connecting to the host. - Defaults to HTTP. type: string required: - port type: object sleep: - description: Sleep represents - the duration that the container - should sleep before being terminated. properties: seconds: - description: Seconds is the - number of seconds to sleep. format: int64 type: integer required: - seconds type: object tcpSocket: - description: Deprecated. TCPSocket - is NOT supported as a LifecycleHandler - and kept for the backward compatibility. - There are no validation of this - field and lifecycle hooks will - fail in runtime when tcp handler - is specified. properties: host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: - description: 'PreStop is called immediately - before a container is terminated - due to an API request or management - event such as liveness/startup probe - failure, preemption, resource contention, - etc. The handler is not called if - the container crashes or exits. - The Pod''s termination grace period - countdown begins before the PreStop - hook is executed. Regardless of - the outcome of the handler, the - container will eventually terminate - within the Pod''s termination grace - period (unless delayed by finalizers). - Other management of the container - blocks until the hook completes - or until the termination grace period - is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: Exec specifies the - action to take. properties: command: - description: Command is the - command line to execute - inside the container, the - working directory for the - command is root ('/') in - the container's filesystem. - The command is simply exec'd, - it is not run inside a shell, - so traditional shell instructions - ('|', etc) won't work. To - use a shell, you need to - explicitly call out to that - shell. Exit status of 0 - is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies - the http request to perform. properties: host: - description: Host name to - connect to, defaults to - the pod IP. You probably - want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. items: - description: HTTPHeader - describes a custom header - to be used in HTTP probes properties: name: - description: The header - field name. This will - be canonicalized upon - output, so case-variant - names will be understood - as the same header. type: string value: - description: The header - field value type: string required: - name @@ -29160,63 +10262,33 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access - on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use - for connecting to the host. - Defaults to HTTP. type: string required: - port type: object sleep: - description: Sleep represents - the duration that the container - should sleep before being terminated. properties: seconds: - description: Seconds is the - number of seconds to sleep. format: int64 type: integer required: - seconds type: object tcpSocket: - description: Deprecated. TCPSocket - is NOT supported as a LifecycleHandler - and kept for the backward compatibility. - There are no validation of this - field and lifecycle hooks will - fail in runtime when tcp handler - is specified. properties: host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -29224,93 +10296,38 @@ spec: type: object type: object livenessProbe: - description: 'Periodic probe of container - liveness. Container will be restarted - if the probe fails. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action - to take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the - command is root ('/') in the - container's filesystem. The - command is simply exec'd, it - is not run inside a shell, so - traditional shell instructions - ('|', etc) won't work. To use - a shell, you need to explicitly - call out to that shell. Exit - status of 0 is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults - to 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action - involving a GRPC port. properties: port: - description: Port number of the - gRPC service. Number must be - in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name - of the service to place in the - gRPC HealthCheckRequest (see - https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, - the default behavior is defined - by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the - http request to perform. properties: host: - description: Host name to connect - to, defaults to the pod IP. - You probably want to set "Host" - in httpHeaders instead. type: string httpHeaders: - description: Custom headers to - set in the request. HTTP allows - repeated headers. items: - description: HTTPHeader describes - a custom header to be used - in HTTP probes properties: name: - description: The header - field name. This will - be canonicalized upon - output, so case-variant - names will be understood - as the same header. type: string value: - description: The header - field value type: string required: - name @@ -29319,157 +10336,62 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on - the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for - connecting to the host. Defaults - to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after - the container has started before - liveness probes are initiated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) - to perform the probe. Default to - 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to - 1. Must be 1 for liveness and startup. - Minimum value is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an - action involving a TCP port. properties: host: - description: 'Optional: Host name - to connect to, defaults to the - pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in - seconds the pod needs to terminate - gracefully upon probe failure. The - grace period is the duration in - seconds after the processes running - in the pod are sent a termination - signal and the time when the processes - are forcibly halted with a kill - signal. Set this value longer than - the expected cleanup time for your - process. If this value is nil, the - pod's terminationGracePeriodSeconds - will be used. Otherwise, this value - overrides the value provided by - the pod spec. Value must be non-negative - integer. The value zero indicates - stop immediately via the kill signal - (no opportunity to shut down). This - is a beta field and requires enabling - ProbeTerminationGracePeriod feature - gate. Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after - which the probe times out. Defaults - to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object name: - description: Name of the container specified - as a DNS_LABEL. Each container in a - pod must have a unique name (DNS_LABEL). - Cannot be updated. type: string ports: - description: List of ports to expose from - the container. Not specifying a port - here DOES NOT prevent that port from - being exposed. Any port which is listening - on the default "0.0.0.0" address inside - a container will be accessible from - the network. Modifying this array with - strategic merge patch may corrupt the - data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. - Cannot be updated. items: - description: ContainerPort represents - a network port in a single container. properties: containerPort: - description: Number of port to expose - on the pod's IP address. This - must be a valid port number, 0 - < x < 65536. format: int32 type: integer hostIP: - description: What host IP to bind - the external port to. type: string hostPort: - description: Number of port to expose - on the host. If specified, this - must be a valid port number, 0 - < x < 65536. If HostNetwork is - specified, this must match ContainerPort. - Most containers do not need this. format: int32 type: integer name: - description: If specified, this - must be an IANA_SVC_NAME and unique - within the pod. Each named port - in a pod must have a unique name. - Name for the port that can be - referred to by services. type: string protocol: default: TCP - description: Protocol for port. - Must be UDP, TCP, or SCTP. Defaults - to "TCP". type: string required: - containerPort @@ -29480,94 +10402,38 @@ spec: - protocol x-kubernetes-list-type: map readinessProbe: - description: 'Periodic probe of container - service readiness. Container will be - removed from service endpoints if the - probe fails. Cannot be updated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action - to take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the - command is root ('/') in the - container's filesystem. The - command is simply exec'd, it - is not run inside a shell, so - traditional shell instructions - ('|', etc) won't work. To use - a shell, you need to explicitly - call out to that shell. Exit - status of 0 is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults - to 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action - involving a GRPC port. properties: port: - description: Port number of the - gRPC service. Number must be - in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name - of the service to place in the - gRPC HealthCheckRequest (see - https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, - the default behavior is defined - by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the - http request to perform. properties: host: - description: Host name to connect - to, defaults to the pod IP. - You probably want to set "Host" - in httpHeaders instead. type: string httpHeaders: - description: Custom headers to - set in the request. HTTP allows - repeated headers. items: - description: HTTPHeader describes - a custom header to be used - in HTTP probes properties: name: - description: The header - field name. This will - be canonicalized upon - output, so case-variant - names will be understood - as the same header. type: string value: - description: The header - field value type: string required: - name @@ -29576,121 +10442,51 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on - the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for - connecting to the host. Defaults - to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after - the container has started before - liveness probes are initiated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) - to perform the probe. Default to - 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to - 1. Must be 1 for liveness and startup. - Minimum value is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an - action involving a TCP port. properties: host: - description: 'Optional: Host name - to connect to, defaults to the - pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in - seconds the pod needs to terminate - gracefully upon probe failure. The - grace period is the duration in - seconds after the processes running - in the pod are sent a termination - signal and the time when the processes - are forcibly halted with a kill - signal. Set this value longer than - the expected cleanup time for your - process. If this value is nil, the - pod's terminationGracePeriodSeconds - will be used. Otherwise, this value - overrides the value provided by - the pod spec. Value must be non-negative - integer. The value zero indicates - stop immediately via the kill signal - (no opportunity to shut down). This - is a beta field and requires enabling - ProbeTerminationGracePeriod feature - gate. Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after - which the probe times out. Defaults - to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object resizePolicy: - description: Resources resize policy for - the container. items: - description: ContainerResizePolicy represents - resource resize policy for the container. properties: resourceName: - description: 'Name of the resource - to which this resource resize - policy applies. Supported values: - cpu, memory.' type: string restartPolicy: - description: Restart policy to apply - when specified resource is resized. - If not specified, it defaults - to NotRequired. type: string required: - resourceName @@ -29699,28 +10495,11 @@ spec: type: array x-kubernetes-list-type: atomic resources: - description: 'Compute Resources required - by this container. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' properties: claims: - description: "Claims lists the names - of resources, defined in spec.resourceClaims, - that are used by this container. - \n This is an alpha field and requires - enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. - It can only be set for containers." items: - description: ResourceClaim references - one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match - the name of one entry in pod.spec.resourceClaims - of the Pod where this field - is used. It makes that resource - available inside a container. type: string required: - name @@ -29736,9 +10515,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the - maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -29747,402 +10523,115 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the - minimum amount of compute resources - required. If Requests is omitted - for a container, it defaults to - Limits if that is explicitly specified, - otherwise to an implementation-defined - value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object restartPolicy: - description: 'RestartPolicy defines the - restart behavior of individual containers - in a pod. This field may only be set - for init containers, and the only allowed - value is "Always". For non-init containers - or when this field is not specified, - the restart behavior is defined by the - Pod''s restart policy and the container - type. Setting the RestartPolicy as "Always" - for the init container will have the - following effect: this init container - will be continually restarted on exit - until all regular containers have terminated. - Once all regular containers have completed, - all init containers with restartPolicy - "Always" will be shut down. This lifecycle - differs from normal init containers - and is often referred to as a "sidecar" - container. Although this init container - still starts in the init container sequence, - it does not wait for the container to - complete before proceeding to the next - init container. Instead, the next init - container starts immediately after this - init container is started, or after - any startupProbe has successfully completed.' type: string securityContext: - description: 'SecurityContext defines - the security options the container should - be run with. If set, the fields of SecurityContext - override the equivalent fields of PodSecurityContext. - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation - controls whether a process can gain - more privileges than its parent - process. This bool directly controls - if the no_new_privs flag will be - set on the container process. AllowPrivilegeEscalation - is true always when the container - is: 1) run as Privileged 2) has - CAP_SYS_ADMIN Note that this field - cannot be set when spec.os.name - is windows.' type: boolean appArmorProfile: - description: appArmorProfile is the - AppArmor options to use by this - container. If set, this profile - overrides the pod's appArmorProfile. - Note that this field cannot be set - when spec.os.name is windows. properties: localhostProfile: - description: localhostProfile - indicates a profile loaded on - the node that should be used. - The profile must be preconfigured - on the node to work. Must match - the loaded name of the profile. - Must be set if and only if type - is "Localhost". type: string type: - description: 'type indicates which - kind of AppArmor profile will - be applied. Valid options are: - Localhost - a profile pre-loaded - on the node. RuntimeDefault - - the container runtime''s default - profile. Unconfined - no AppArmor - enforcement.' type: string required: - type type: object capabilities: - description: The capabilities to add/drop - when running containers. Defaults - to the default set of capabilities - granted by the container runtime. - Note that this field cannot be set - when spec.os.name is windows. properties: add: - description: Added capabilities items: - description: Capability represent - POSIX capabilities type type: string type: array x-kubernetes-list-type: atomic drop: - description: Removed capabilities items: - description: Capability represent - POSIX capabilities type type: string type: array x-kubernetes-list-type: atomic type: object privileged: - description: Run container in privileged - mode. Processes in privileged containers - are essentially equivalent to root - on the host. Defaults to false. - Note that this field cannot be set - when spec.os.name is windows. type: boolean procMount: - description: procMount denotes the - type of proc mount to use for the - containers. The default is DefaultProcMount - which uses the container runtime - defaults for readonly paths and - masked paths. This requires the - ProcMountType feature flag to be - enabled. Note that this field cannot - be set when spec.os.name is windows. type: string readOnlyRootFilesystem: - description: Whether this container - has a read-only root filesystem. - Default is false. Note that this - field cannot be set when spec.os.name - is windows. type: boolean runAsGroup: - description: The GID to run the entrypoint - of the container process. Uses runtime - default if unset. May also be set - in PodSecurityContext. If set in - both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this - field cannot be set when spec.os.name - is windows. format: int64 type: integer runAsNonRoot: - description: Indicates that the container - must run as a non-root user. If - true, the Kubelet will validate - the image at runtime to ensure that - it does not run as UID 0 (root) - and fail to start the container - if it does. If unset or false, no - such validation will be performed. - May also be set in PodSecurityContext. If - set in both SecurityContext and - PodSecurityContext, the value specified - in SecurityContext takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint - of the container process. Defaults - to user specified in image metadata - if unspecified. May also be set - in PodSecurityContext. If set in - both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this - field cannot be set when spec.os.name - is windows. format: int64 type: integer seLinuxOptions: - description: The SELinux context to - be applied to the container. If - unspecified, the container runtime - will allocate a random SELinux context - for each container. May also be - set in PodSecurityContext. If set - in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this - field cannot be set when spec.os.name - is windows. properties: level: - description: Level is SELinux - level label that applies to - the container. type: string role: - description: Role is a SELinux - role label that applies to the - container. type: string type: - description: Type is a SELinux - type label that applies to the - container. type: string user: - description: User is a SELinux - user label that applies to the - container. type: string type: object seccompProfile: - description: The seccomp options to - use by this container. If seccomp - options are provided at both the - pod & container level, the container - options override the pod options. - Note that this field cannot be set - when spec.os.name is windows. properties: localhostProfile: - description: localhostProfile - indicates a profile defined - in a file on the node should - be used. The profile must be - preconfigured on the node to - work. Must be a descending path, - relative to the kubelet's configured - seccomp profile location. Must - be set if type is "Localhost". - Must NOT be set for any other - type. type: string type: - description: "type indicates which - kind of seccomp profile will - be applied. Valid options are: - \n Localhost - a profile defined - in a file on the node should - be used. RuntimeDefault - the - container runtime default profile - should be used. Unconfined - - no profile should be applied." type: string required: - type type: object windowsOptions: - description: The Windows specific - settings applied to all containers. - If unspecified, the options from - the PodSecurityContext will be used. - If set in both SecurityContext and - PodSecurityContext, the value specified - in SecurityContext takes precedence. - Note that this field cannot be set - when spec.os.name is linux. properties: gmsaCredentialSpec: - description: GMSACredentialSpec - is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the - GMSA credential spec named by - the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName - is the name of the GMSA credential - spec to use. type: string hostProcess: - description: HostProcess determines - if a container should be run - as a 'Host Process' container. - All of a Pod's containers must - have the same effective HostProcess - value (it is not allowed to - have a mix of HostProcess containers - and non-HostProcess containers). - In addition, if HostProcess - is true then HostNetwork must - also be set to true. type: boolean runAsUserName: - description: The UserName in Windows - to run the entrypoint of the - container process. Defaults - to the user specified in image - metadata if unspecified. May - also be set in PodSecurityContext. - If set in both SecurityContext - and PodSecurityContext, the - value specified in SecurityContext - takes precedence. type: string type: object type: object startupProbe: - description: 'StartupProbe indicates that - the Pod has successfully initialized. - If specified, no other probes are executed - until this completes successfully. If - this probe fails, the Pod will be restarted, - just as if the livenessProbe failed. - This can be used to provide different - probe parameters at the beginning of - a Pod''s lifecycle, when it might take - a long time to load data or warm a cache, - than during steady-state operation. - This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action - to take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the - command is root ('/') in the - container's filesystem. The - command is simply exec'd, it - is not run inside a shell, so - traditional shell instructions - ('|', etc) won't work. To use - a shell, you need to explicitly - call out to that shell. Exit - status of 0 is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults - to 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action - involving a GRPC port. properties: port: - description: Port number of the - gRPC service. Number must be - in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name - of the service to place in the - gRPC HealthCheckRequest (see - https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, - the default behavior is defined - by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the - http request to perform. properties: host: - description: Host name to connect - to, defaults to the pod IP. - You probably want to set "Host" - in httpHeaders instead. type: string httpHeaders: - description: Custom headers to - set in the request. HTTP allows - repeated headers. items: - description: HTTPHeader describes - a custom header to be used - in HTTP probes properties: name: - description: The header - field name. This will - be canonicalized upon - output, so case-variant - names will be understood - as the same header. type: string value: - description: The header - field value type: string required: - name @@ -30151,176 +10640,61 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on - the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for - connecting to the host. Defaults - to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after - the container has started before - liveness probes are initiated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) - to perform the probe. Default to - 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to - 1. Must be 1 for liveness and startup. - Minimum value is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an - action involving a TCP port. properties: host: - description: 'Optional: Host name - to connect to, defaults to the - pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in - seconds the pod needs to terminate - gracefully upon probe failure. The - grace period is the duration in - seconds after the processes running - in the pod are sent a termination - signal and the time when the processes - are forcibly halted with a kill - signal. Set this value longer than - the expected cleanup time for your - process. If this value is nil, the - pod's terminationGracePeriodSeconds - will be used. Otherwise, this value - overrides the value provided by - the pod spec. Value must be non-negative - integer. The value zero indicates - stop immediately via the kill signal - (no opportunity to shut down). This - is a beta field and requires enabling - ProbeTerminationGracePeriod feature - gate. Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after - which the probe times out. Defaults - to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object stdin: - description: Whether this container should - allocate a buffer for stdin in the container - runtime. If this is not set, reads from - stdin in the container will always result - in EOF. Default is false. type: boolean stdinOnce: - description: Whether the container runtime - should close the stdin channel after - it has been opened by a single attach. - When stdin is true the stdin stream - will remain open across multiple attach - sessions. If stdinOnce is set to true, - stdin is opened on container start, - is empty until the first client attaches - to stdin, and then remains open and - accepts data until the client disconnects, - at which time stdin is closed and remains - closed until the container is restarted. - If this flag is false, a container processes - that reads from stdin will never receive - an EOF. Default is false type: boolean terminationMessagePath: - description: 'Optional: Path at which - the file to which the container''s termination - message will be written is mounted into - the container''s filesystem. Message - written is intended to be brief final - status, such as an assertion failure - message. Will be truncated by the node - if greater than 4096 bytes. The total - message length across all containers - will be limited to 12kb. Defaults to - /dev/termination-log. Cannot be updated.' type: string terminationMessagePolicy: - description: Indicate how the termination - message should be populated. File will - use the contents of terminationMessagePath - to populate the container status message - on both success and failure. FallbackToLogsOnError - will use the last chunk of container - log output if the termination message - file is empty and the container exited - with an error. The log output is limited - to 2048 bytes or 80 lines, whichever - is smaller. Defaults to File. Cannot - be updated. type: string tty: - description: Whether this container should - allocate a TTY for itself, also requires - 'stdin' to be true. Default is false. type: boolean volumeDevices: - description: volumeDevices is the list - of block devices to be used by the container. items: - description: volumeDevice describes - a mapping of a raw block device within - a container. properties: devicePath: - description: devicePath is the path - inside of the container that the - device will be mapped to. type: string name: - description: name must match the - name of a persistentVolumeClaim - in the pod type: string required: - devicePath @@ -30331,84 +10705,21 @@ spec: - devicePath x-kubernetes-list-type: map volumeMounts: - description: Pod volumes to mount into - the container's filesystem. Cannot be - updated. items: - description: VolumeMount describes a - mounting of a Volume within a container. properties: mountPath: - description: Path within the container - at which the volume should be - mounted. Must not contain ':'. type: string mountPropagation: - description: mountPropagation determines - how mounts are propagated from - the host to container and the - other way around. When not set, - MountPropagationNone is used. - This field is beta in 1.10. When - RecursiveReadOnly is set to IfPossible - or to Enabled, MountPropagation - must be None or unspecified (which - defaults to None). type: string name: - description: This must match the - Name of a Volume. type: string readOnly: - description: Mounted read-only if - true, read-write otherwise (false - or unspecified). Defaults to false. type: boolean recursiveReadOnly: - description: "RecursiveReadOnly - specifies whether read-only mounts - should be handled recursively. - \n If ReadOnly is false, this - field has no meaning and must - be unspecified. \n If ReadOnly - is true, and this field is set - to Disabled, the mount is not - made recursively read-only. If - this field is set to IfPossible, - the mount is made recursively - read-only, if it is supported - by the container runtime. If - this field is set to Enabled, - the mount is made recursively - read-only if it is supported by - the container runtime, otherwise - the pod will not be started and - an error will be generated to - indicate the reason. \n If this - field is set to IfPossible or - Enabled, MountPropagation must - be set to None (or be unspecified, - which defaults to None). \n If - this field is not specified, it - is treated as an equivalent of - Disabled." type: string subPath: - description: Path within the volume - from which the container's volume - should be mounted. Defaults to - "" (volume's root). type: string subPathExpr: - description: Expanded path within - the volume from which the container's - volume should be mounted. Behaves - similarly to SubPath but environment - variable references $(VAR_NAME) - are expanded using the container's - environment. Defaults to "" (volume's - root). SubPathExpr and SubPath - are mutually exclusive. type: string required: - mountPath @@ -30419,81 +10730,33 @@ spec: - mountPath x-kubernetes-list-type: map workingDir: - description: Container's working directory. - If not specified, the container runtime's - default will be used, which might be - configured in the container image. Cannot - be updated. type: string required: - name type: object type: array lifecycle: - description: Actions that the management system - should take in response to container lifecycle - events. Cannot be updated. properties: postStart: - description: 'PostStart is called immediately - after a container is created. If the handler - fails, the container is terminated and - restarted according to its restart policy. - Other management of the container blocks - until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: Exec specifies the action - to take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the - command is root ('/') in the - container's filesystem. The command - is simply exec'd, it is not run - inside a shell, so traditional - shell instructions ('|', etc) - won't work. To use a shell, you - need to explicitly call out to - that shell. Exit status of 0 is - treated as live/healthy and non-zero - is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the http - request to perform. properties: host: - description: Host name to connect - to, defaults to the pod IP. You - probably want to set "Host" in - httpHeaders instead. type: string httpHeaders: - description: Custom headers to set - in the request. HTTP allows repeated - headers. items: - description: HTTPHeader describes - a custom header to be used in - HTTP probes properties: name: - description: The header field - name. This will be canonicalized - upon output, so case-variant - names will be understood - as the same header. type: string value: - description: The header field - value type: string required: - name @@ -30502,134 +10765,58 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the - HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the - port to access on the container. - Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. type: string required: - port type: object sleep: - description: Sleep represents the duration - that the container should sleep before - being terminated. properties: seconds: - description: Seconds is the number - of seconds to sleep. format: int64 type: integer required: - seconds type: object tcpSocket: - description: Deprecated. TCPSocket is - NOT supported as a LifecycleHandler - and kept for the backward compatibility. - There are no validation of this field - and lifecycle hooks will fail in runtime - when tcp handler is specified. properties: host: - description: 'Optional: Host name - to connect to, defaults to the - pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the - port to access on the container. - Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: - description: 'PreStop is called immediately - before a container is terminated due to - an API request or management event such - as liveness/startup probe failure, preemption, - resource contention, etc. The handler - is not called if the container crashes - or exits. The Pod''s termination grace - period countdown begins before the PreStop - hook is executed. Regardless of the outcome - of the handler, the container will eventually - terminate within the Pod''s termination - grace period (unless delayed by finalizers). - Other management of the container blocks - until the hook completes or until the - termination grace period is reached. More - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: Exec specifies the action - to take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the - command is root ('/') in the - container's filesystem. The command - is simply exec'd, it is not run - inside a shell, so traditional - shell instructions ('|', etc) - won't work. To use a shell, you - need to explicitly call out to - that shell. Exit status of 0 is - treated as live/healthy and non-zero - is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the http - request to perform. properties: host: - description: Host name to connect - to, defaults to the pod IP. You - probably want to set "Host" in - httpHeaders instead. type: string httpHeaders: - description: Custom headers to set - in the request. HTTP allows repeated - headers. items: - description: HTTPHeader describes - a custom header to be used in - HTTP probes properties: name: - description: The header field - name. This will be canonicalized - upon output, so case-variant - names will be understood - as the same header. type: string value: - description: The header field - value type: string required: - name @@ -30638,59 +10825,33 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the - HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the - port to access on the container. - Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. type: string required: - port type: object sleep: - description: Sleep represents the duration - that the container should sleep before - being terminated. properties: seconds: - description: Seconds is the number - of seconds to sleep. format: int64 type: integer required: - seconds type: object tcpSocket: - description: Deprecated. TCPSocket is - NOT supported as a LifecycleHandler - and kept for the backward compatibility. - There are no validation of this field - and lifecycle hooks will fail in runtime - when tcp handler is specified. properties: host: - description: 'Optional: Host name - to connect to, defaults to the - pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the - port to access on the container. - Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -30698,90 +10859,38 @@ spec: type: object type: object livenessProbe: - description: 'Periodic probe of container liveness. - Container will be restarted if the probe fails. - Controllers may set default LivenessProbe - if no liveness probe is provided. To ignore - defaulting, set the value to empty LivenessProbe - "{}". Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action to - take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it is - not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to - explicitly call out to that shell. - Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults to 3. - Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action involving - a GRPC port. properties: port: - description: Port number of the gRPC - service. Number must be in the range - 1 to 65535. format: int32 type: integer service: - description: "Service is the name of - the service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default - behavior is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http - request to perform. properties: host: - description: Host name to connect to, - defaults to the pod IP. You probably - want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers to set in - the request. HTTP allows repeated - headers. items: - description: HTTPHeader describes - a custom header to be used in HTTP - probes properties: name: - description: The header field - name. This will be canonicalized - upon output, so case-variant - names will be understood as - the same header. type: string value: - description: The header field - value type: string required: - name @@ -30790,228 +10899,95 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the HTTP - server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the - container has started before liveness - probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform - the probe. Default to 10 seconds. Minimum - value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to 1. Must - be 1 for liveness and startup. Minimum - value is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action - involving a TCP port. properties: host: - description: 'Optional: Host name to - connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds - the pod needs to terminate gracefully - upon probe failure. The grace period is - the duration in seconds after the processes - running in the pod are sent a termination - signal and the time when the processes - are forcibly halted with a kill signal. - Set this value longer than the expected - cleanup time for your process. If this - value is nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this value overrides - the value provided by the pod spec. Value - must be non-negative integer. The value - zero indicates stop immediately via the - kill signal (no opportunity to shut down). - This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which - the probe times out. Defaults to 1 second. - Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object nodeSelector: additionalProperties: type: string - description: 'NodeSelector is a selector which - must be true for the pod to fit on a node. - Selector which must match a node''s labels - for the pod to be scheduled on that node. - More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' type: object x-kubernetes-map-type: atomic podPlacementPolicy: - description: PodPlacementPolicy is the reference - of the podPlacementPolicy properties: name: default: "" - description: 'Name of the referent. This - field is effectively required, but due - to backwards compatibility is allowed - to be empty. Instances of this type with - an empty value here are almost certainly - wrong. TODO: Add other useful fields. - apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic priority: - description: The priority value. Various system - components use this field to find the priority - of the pod. When Priority Admission Controller - is enabled, it prevents users from setting - this field. The admission controller populates - this field from PriorityClassName. The higher - the value, the higher the priority. format: int32 type: integer priorityClassName: - description: If specified, indicates the pod's - priority. "system-node-critical" and "system-cluster-critical" - are two special keywords which indicate the - highest priorities with the former being the - highest priority. Any other name must be defined - by creating a PriorityClass object with that - name. If not specified, the pod priority will - be default or zero if there is no default. type: string readinessProbe: - description: 'Periodic probe of container service - readiness. Container will be removed from - service endpoints if the probe fails. Cannot - be updated. Controllers may set default ReadinessProbe - if no readyness probe is provided. To ignore - defaulting, set the value to empty ReadynessProbe - "{}". More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action to - take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it is - not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to - explicitly call out to that shell. - Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults to 3. - Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action involving - a GRPC port. properties: port: - description: Port number of the gRPC - service. Number must be in the range - 1 to 65535. format: int32 type: integer service: - description: "Service is the name of - the service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default - behavior is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http - request to perform. properties: host: - description: Host name to connect to, - defaults to the pod IP. You probably - want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers to set in - the request. HTTP allows repeated - headers. items: - description: HTTPHeader describes - a custom header to be used in HTTP - probes properties: name: - description: The header field - name. This will be canonicalized - upon output, so case-variant - names will be understood as - the same header. type: string value: - description: The header field - value type: string required: - name @@ -31020,116 +10996,51 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the HTTP - server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the - container has started before liveness - probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform - the probe. Default to 10 seconds. Minimum - value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to 1. Must - be 1 for liveness and startup. Minimum - value is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action - involving a TCP port. properties: host: - description: 'Optional: Host name to - connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds - the pod needs to terminate gracefully - upon probe failure. The grace period is - the duration in seconds after the processes - running in the pod are sent a termination - signal and the time when the processes - are forcibly halted with a kill signal. - Set this value longer than the expected - cleanup time for your process. If this - value is nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this value overrides - the value provided by the pod spec. Value - must be non-negative integer. The value - zero indicates stop immediately via the - kill signal (no opportunity to shut down). - This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which - the probe times out. Defaults to 1 second. - Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object resources: - description: Compute Resources required by the - sidecar container. properties: claims: - description: "Claims lists the names of - resources, defined in spec.resourceClaims, - that are used by this container. \n This - is an alpha field and requires enabling - the DynamicResourceAllocation feature - gate. \n This field is immutable. It can - only be set for containers." items: - description: ResourceClaim references - one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name - of one entry in pod.spec.resourceClaims - of the Pod where this field is used. - It makes that resource available - inside a container. type: string required: - name @@ -31145,9 +11056,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum - amount of compute resources allowed. More - info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -31156,225 +11064,68 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum - amount of compute resources required. - If Requests is omitted for a container, - it defaults to Limits if that is explicitly - specified, otherwise to an implementation-defined - value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object runtimeClassName: - description: 'RuntimeClassName refers to a RuntimeClass - object in the node.k8s.io group, which should - be used to run this pod. If no RuntimeClass - resource matches the named class, the pod - will not be run. If unset or empty, the "legacy" - RuntimeClass will be used, which is an implicit - class with an empty definition that uses the - default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class' type: string schedulerName: - description: If specified, the pod will be dispatched - by specified scheduler. If not specified, - the pod will be dispatched by default scheduler. type: string securityContext: - description: 'SecurityContext holds pod-level - security attributes and common container settings. - Optional: Defaults to empty. See type description - for default values of each field.' properties: appArmorProfile: - description: appArmorProfile is the AppArmor - options to use by the containers in this - pod. Note that this field cannot be set - when spec.os.name is windows. properties: localhostProfile: - description: localhostProfile indicates - a profile loaded on the node that - should be used. The profile must be - preconfigured on the node to work. - Must match the loaded name of the - profile. Must be set if and only if - type is "Localhost". type: string type: - description: 'type indicates which kind - of AppArmor profile will be applied. - Valid options are: Localhost - a profile - pre-loaded on the node. RuntimeDefault - - the container runtime''s default - profile. Unconfined - no AppArmor - enforcement.' type: string required: - type type: object fsGroup: - description: "A special supplemental group - that applies to all containers in a pod. - Some volume types allow the Kubelet to - change the ownership of that volume to - be owned by the pod: \n 1. The owning - GID will be the FSGroup 2. The setgid - bit is set (new files created in the volume - will be owned by FSGroup) 3. The permission - bits are OR'd with rw-rw---- \n If unset, - the Kubelet will not modify the ownership - and permissions of any volume. Note that - this field cannot be set when spec.os.name - is windows." format: int64 type: integer fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines - behavior of changing ownership and permission - of the volume before being exposed inside - Pod. This field will only apply to volume - types which support fsGroup based ownership(and - permissions). It will have no effect on - ephemeral volume types such as: secret, - configmaps and emptydir. Valid values - are "OnRootMismatch" and "Always". If - not specified, "Always" is used. Note - that this field cannot be set when spec.os.name - is windows.' type: string runAsGroup: - description: The GID to run the entrypoint - of the container process. Uses runtime - default if unset. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence for that container. Note - that this field cannot be set when spec.os.name - is windows. format: int64 type: integer runAsNonRoot: - description: Indicates that the container - must run as a non-root user. If true, - the Kubelet will validate the image at - runtime to ensure that it does not run - as UID 0 (root) and fail to start the - container if it does. If unset or false, - no such validation will be performed. - May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint - of the container process. Defaults to - user specified in image metadata if unspecified. - May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence for that container. Note - that this field cannot be set when spec.os.name - is windows. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be applied - to all containers. If unspecified, the - container runtime will allocate a random - SELinux context for each container. May - also be set in SecurityContext. If set - in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence for that container. Note - that this field cannot be set when spec.os.name - is windows. properties: level: - description: Level is SELinux level - label that applies to the container. type: string role: - description: Role is a SELinux role - label that applies to the container. type: string type: - description: Type is a SELinux type - label that applies to the container. type: string user: - description: User is a SELinux user - label that applies to the container. type: string type: object seccompProfile: - description: The seccomp options to use - by the containers in this pod. Note that - this field cannot be set when spec.os.name - is windows. properties: localhostProfile: - description: localhostProfile indicates - a profile defined in a file on the - node should be used. The profile must - be preconfigured on the node to work. - Must be a descending path, relative - to the kubelet's configured seccomp - profile location. Must be set if type - is "Localhost". Must NOT be set for - any other type. type: string type: - description: "type indicates which kind - of seccomp profile will be applied. - Valid options are: \n Localhost - - a profile defined in a file on the - node should be used. RuntimeDefault - - the container runtime default profile - should be used. Unconfined - no profile - should be applied." type: string required: - type type: object supplementalGroups: - description: A list of groups applied to - the first process run in each container, - in addition to the container's primary - GID, the fsGroup (if specified), and group - memberships defined in the container image - for the uid of the container process. - If unspecified, no additional groups are - added to any container. Note that group - memberships defined in the container image - for the uid of the container process are - still effective, even if they are not - included in this list. Note that this - field cannot be set when spec.os.name - is windows. items: format: int64 type: integer type: array x-kubernetes-list-type: atomic sysctls: - description: Sysctls hold a list of namespaced - sysctls used for the pod. Pods with unsupported - sysctls (by the container runtime) might - fail to launch. Note that this field cannot - be set when spec.os.name is windows. items: - description: Sysctl defines a kernel parameter - to be set properties: name: - description: Name of a property to - set type: string value: - description: Value of a property to - set type: string required: - name @@ -31383,183 +11134,53 @@ spec: type: array x-kubernetes-list-type: atomic windowsOptions: - description: The Windows specific settings - applied to all containers. If unspecified, - the options within a container's SecurityContext - will be used. If set in both SecurityContext - and PodSecurityContext, the value specified - in SecurityContext takes precedence. Note - that this field cannot be set when spec.os.name - is linux. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is where - the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential - spec named by the GMSACredentialSpecName - field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName - is the name of the GMSA credential - spec to use. type: string hostProcess: - description: HostProcess determines - if a container should be run as a - 'Host Process' container. All of a - Pod's containers must have the same - effective HostProcess value (it is - not allowed to have a mix of HostProcess - containers and non-HostProcess containers). - In addition, if HostProcess is true - then HostNetwork must also be set - to true. type: boolean runAsUserName: - description: The UserName in Windows - to run the entrypoint of the container - process. Defaults to the user specified - in image metadata if unspecified. - May also be set in PodSecurityContext. - If set in both SecurityContext and - PodSecurityContext, the value specified - in SecurityContext takes precedence. type: string type: object type: object serviceAccountName: - description: 'ServiceAccountName is the name - of the ServiceAccount to use to run this pod. - More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' type: string shareProcessNamespace: - description: 'Share a single process namespace - between all of the containers in a pod. When - this is set containers will be able to view - and signal processes from other containers - in the same pod, and the first process in - each container will not be assigned PID 1. - HostPID and ShareProcessNamespace cannot both - be set. Optional: Default to false.' type: boolean terminationGracePeriodSeconds: - description: Optional duration in seconds the - pod needs to terminate gracefully. May be - decreased in delete request. Value must be - non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity - to shut down). If this value is nil, the default - grace period will be used instead. The grace - period is the duration in seconds after the - processes running in the pod are sent a termination - signal and the time when the processes are - forcibly halted with a kill signal. Set this - value longer than the expected cleanup time - for your process. Defaults to 30 seconds. format: int64 type: integer tolerations: - description: If specified, the pod's tolerations. items: - description: The pod this Toleration is attached - to tolerates any taint that matches the - triple using the matching - operator . properties: effect: - description: Effect indicates the taint - effect to match. Empty means match all - taint effects. When specified, allowed - values are NoSchedule, PreferNoSchedule - and NoExecute. type: string key: - description: Key is the taint key that - the toleration applies to. Empty means - match all taint keys. If the key is - empty, operator must be Exists; this - combination means to match all values - and all keys. type: string operator: - description: Operator represents a key's - relationship to the value. Valid operators - are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for - value, so that a pod can tolerate all - taints of a particular category. type: string tolerationSeconds: - description: TolerationSeconds represents - the period of time the toleration (which - must be of effect NoExecute, otherwise - this field is ignored) tolerates the - taint. By default, it is not set, which - means tolerate the taint forever (do - not evict). Zero and negative values - will be treated as 0 (evict immediately) - by the system. format: int64 type: integer value: - description: Value is the taint value - the toleration matches to. If the operator - is Exists, the value should be empty, - otherwise just a regular string. type: string type: object type: array topologySpreadConstraints: - description: TopologySpreadConstraints describes - how a group of pods ought to spread across - topology domains. Scheduler will schedule - pods in a way which abides by the constraints. - All topologySpreadConstraints are ANDed. items: - description: TopologySpreadConstraint specifies - how to spread matching pods among the given - topology. properties: labelSelector: - description: LabelSelector is used to - find matching pods. Pods that match - this label selector are counted to determine - the number of pods in their corresponding - topology domain. properties: matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. properties: key: - description: key is the label - key that the selector applies - to. type: string operator: - description: operator represents - a key's relationship to a - set of values. Valid operators - are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an array - of string values. If the operator - is In or NotIn, the values - array must be non-empty. If - the operator is Exists or - DoesNotExist, the values array - must be empty. This array - is replaced during a strategic - merge patch. items: type: string type: array @@ -31573,176 +11194,27 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map - of {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are - ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: "MatchLabelKeys is a set - of pod label keys to select the pods - over which spreading will be calculated. - The keys are used to lookup values from - the incoming pod labels, those key-value - labels are ANDed with labelSelector - to select the group of existing pods - over which spreading will be calculated - for the incoming pod. The same key is - forbidden to exist in both MatchLabelKeys - and LabelSelector. MatchLabelKeys cannot - be set when LabelSelector isn't set. - Keys that don't exist in the incoming - pod labels will be ignored. A null or - empty list means only match against - labelSelector. \n This is a beta field - and requires the MatchLabelKeysInPodTopologySpread - feature gate to be enabled (enabled - by default)." items: type: string type: array x-kubernetes-list-type: atomic maxSkew: - description: 'MaxSkew describes the degree - to which pods may be unevenly distributed. - When `whenUnsatisfiable=DoNotSchedule`, - it is the maximum permitted difference - between the number of matching pods - in the target topology and the global - minimum. The global minimum is the minimum - number of matching pods in an eligible - domain or zero if the number of eligible - domains is less than MinDomains. For - example, in a 3-zone cluster, MaxSkew - is set to 1, and pods with the same - labelSelector spread as 2/2/1: In this - case, the global minimum is 1. | zone1 - | zone2 | zone3 | | P P | P P | P | - - if MaxSkew is 1, incoming pod can - only be scheduled to zone3 to become - 2/2/2; scheduling it onto zone1(zone2) - would make the ActualSkew(3-1) on zone1(zone2) - violate MaxSkew(1). - if MaxSkew is - 2, incoming pod can be scheduled onto - any zone. When `whenUnsatisfiable=ScheduleAnyway`, - it is used to give higher precedence - to topologies that satisfy it. It''s - a required field. Default value is 1 - and 0 is not allowed.' format: int32 type: integer minDomains: - description: "MinDomains indicates a minimum - number of eligible domains. When the - number of eligible domains with matching - topology keys is less than minDomains, - Pod Topology Spread treats \"global - minimum\" as 0, and then the calculation - of Skew is performed. And when the number - of eligible domains with matching topology - keys equals or greater than minDomains, - this value has no effect on scheduling. - As a result, when the number of eligible - domains is less than minDomains, scheduler - won't schedule more than maxSkew Pods - to those domains. If value is nil, the - constraint behaves as if MinDomains - is equal to 1. Valid values are integers - greater than 0. When value is not nil, - WhenUnsatisfiable must be DoNotSchedule. - \n For example, in a 3-zone cluster, - MaxSkew is set to 2, MinDomains is set - to 5 and pods with the same labelSelector - spread as 2/2/2: | zone1 | zone2 | zone3 - | | P P | P P | P P | The number - of domains is less than 5(MinDomains), - so \"global minimum\" is treated as - 0. In this situation, new pod with the - same labelSelector cannot be scheduled, - because computed skew will be 3(3 - - 0) if new Pod is scheduled to any of - the three zones, it will violate MaxSkew." format: int32 type: integer nodeAffinityPolicy: - description: "NodeAffinityPolicy indicates - how we will treat Pod's nodeAffinity/nodeSelector - when calculating pod topology spread - skew. Options are: - Honor: only nodes - matching nodeAffinity/nodeSelector are - included in the calculations. - Ignore: - nodeAffinity/nodeSelector are ignored. - All nodes are included in the calculations. - \n If this value is nil, the behavior - is equivalent to the Honor policy. This - is a beta-level feature default enabled - by the NodeInclusionPolicyInPodTopologySpread - feature flag." type: string nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates - how we will treat node taints when calculating - pod topology spread skew. Options are: - - Honor: nodes without taints, along - with tainted nodes for which the incoming - pod has a toleration, are included. - - Ignore: node taints are ignored. All - nodes are included. \n If this value - is nil, the behavior is equivalent to - the Ignore policy. This is a beta-level - feature default enabled by the NodeInclusionPolicyInPodTopologySpread - feature flag." type: string topologyKey: - description: TopologyKey is the key of - node labels. Nodes that have a label - with this key and identical values are - considered to be in the same topology. - We consider each as a "bucket", - and try to put balanced number of pods - into each bucket. We define a domain - as a particular instance of a topology. - Also, we define an eligible domain as - a domain whose nodes meet the requirements - of nodeAffinityPolicy and nodeTaintsPolicy. - e.g. If TopologyKey is "kubernetes.io/hostname", - each Node is a domain of that topology. - And, if TopologyKey is "topology.kubernetes.io/zone", - each zone is a domain of that topology. - It's a required field. type: string whenUnsatisfiable: - description: 'WhenUnsatisfiable indicates - how to deal with a pod if it doesn''t - satisfy the spread constraint. - DoNotSchedule - (default) tells the scheduler not to - schedule it. - ScheduleAnyway tells - the scheduler to schedule the pod in - any location, but giving higher precedence - to topologies that would help reduce - the skew. A constraint is considered - "Unsatisfiable" for an incoming pod - if and only if every possible node assignment - for that pod would violate "MaxSkew" - on some topology. For example, in a - 3-zone cluster, MaxSkew is set to 1, - and pods with the same labelSelector - spread as 3/1/1: | zone1 | zone2 | zone3 - | | P P P | P | P | If WhenUnsatisfiable - is set to DoNotSchedule, incoming pod - can only be scheduled to zone2(zone3) - to become 3/2/1(3/1/2) as ActualSkew(2-1) - on zone2(zone3) satisfies MaxSkew(1). - In other words, the cluster can still - be imbalanced, but scheduler won''t - make it *more* imbalanced. It''s a required - field.' type: string required: - maxSkew @@ -31755,75 +11227,21 @@ spec: - whenUnsatisfiable x-kubernetes-list-type: map volumeMounts: - description: Pod volumes to mount into the container's - filesystem. Cannot be updated. items: - description: VolumeMount describes a mounting - of a Volume within a container. properties: mountPath: - description: Path within the container - at which the volume should be mounted. Must - not contain ':'. type: string mountPropagation: - description: mountPropagation determines - how mounts are propagated from the host - to container and the other way around. - When not set, MountPropagationNone is - used. This field is beta in 1.10. When - RecursiveReadOnly is set to IfPossible - or to Enabled, MountPropagation must - be None or unspecified (which defaults - to None). type: string name: - description: This must match the Name - of a Volume. type: string readOnly: - description: Mounted read-only if true, - read-write otherwise (false or unspecified). - Defaults to false. type: boolean recursiveReadOnly: - description: "RecursiveReadOnly specifies - whether read-only mounts should be handled - recursively. \n If ReadOnly is false, - this field has no meaning and must be - unspecified. \n If ReadOnly is true, - and this field is set to Disabled, the - mount is not made recursively read-only. - \ If this field is set to IfPossible, - the mount is made recursively read-only, - if it is supported by the container - runtime. If this field is set to Enabled, - the mount is made recursively read-only - if it is supported by the container - runtime, otherwise the pod will not - be started and an error will be generated - to indicate the reason. \n If this field - is set to IfPossible or Enabled, MountPropagation - must be set to None (or be unspecified, - which defaults to None). \n If this - field is not specified, it is treated - as an equivalent of Disabled." type: string subPath: - description: Path within the volume from - which the container's volume should - be mounted. Defaults to "" (volume's - root). type: string subPathExpr: - description: Expanded path within the - volume from which the container's volume - should be mounted. Behaves similarly - to SubPath but environment variable - references $(VAR_NAME) are expanded - using the container's environment. Defaults - to "" (volume's root). SubPathExpr and - SubPath are mutually exclusive. type: string required: - mountPath @@ -31831,309 +11249,109 @@ spec: type: object type: array volumes: - description: 'List of volumes that can be mounted - by containers belonging to the pod. More info: - https://kubernetes.io/docs/concepts/storage/volumes' items: - description: Volume represents a named volume - in a pod that may be accessed by any container - in the pod. properties: awsElasticBlockStore: - description: 'awsElasticBlockStore represents - an AWS Disk resource that is attached - to a kubelet''s host machine and then - exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' properties: fsType: - description: 'fsType is the filesystem - type of the volume that you want - to mount. Tip: Ensure that the filesystem - type is supported by the host operating - system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be - "ext4" if unspecified. More info: - https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in - the filesystem from compromising - the machine' type: string partition: - description: 'partition is the partition - in the volume that you want to mount. - If omitted, the default is to mount - by volume name. Examples: For volume - /dev/sda1, you specify the partition - as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can - leave the property empty).' format: int32 type: integer readOnly: - description: 'readOnly value true - will force the readOnly setting - in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: boolean volumeID: - description: 'volumeID is unique ID - of the persistent disk resource - in AWS (Amazon EBS volume). More - info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: string required: - volumeID type: object azureDisk: - description: azureDisk represents an Azure - Data Disk mount on the host and bind - mount to the pod. properties: cachingMode: - description: 'cachingMode is the Host - Caching mode: None, Read Only, Read - Write.' type: string diskName: - description: diskName is the Name - of the data disk in the blob storage type: string diskURI: - description: diskURI is the URI of - data disk in the blob storage type: string fsType: - description: fsType is Filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. type: string kind: - description: 'kind expected values - are Shared: multiple blob disks - per storage account Dedicated: - single blob disk per storage account Managed: - azure managed data disk (only in - managed availability set). defaults - to shared' type: string readOnly: - description: readOnly Defaults to - false (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. type: boolean required: - diskName - diskURI type: object azureFile: - description: azureFile represents an Azure - File Service mount on the host and bind - mount to the pod. properties: readOnly: - description: readOnly defaults to - false (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. type: boolean secretName: - description: secretName is the name - of secret that contains Azure Storage - Account Name and Key type: string shareName: - description: shareName is the azure - share Name type: string required: - secretName - shareName type: object cephfs: - description: cephFS represents a Ceph - FS mount on the host that shares a pod's - lifetime properties: monitors: - description: 'monitors is Required: - Monitors is a collection of Ceph - monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' items: type: string type: array x-kubernetes-list-type: atomic path: - description: 'path is Optional: Used - as the mounted root, rather than - the full Ceph tree, default is /' type: string readOnly: - description: 'readOnly is Optional: - Defaults to false (read/write). - ReadOnly here will force the ReadOnly - setting in VolumeMounts. More info: - https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: boolean secretFile: - description: 'secretFile is Optional: - SecretFile is the path to key ring - for User, default is /etc/ceph/user.secret - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string secretRef: - description: 'secretRef is Optional: - SecretRef is reference to the authentication - secret for User, default is empty. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is optional: User - is the rados user name, default - is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string required: - monitors type: object cinder: - description: 'cinder represents a cinder - volume attached and mounted on kubelets - host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' properties: fsType: - description: 'fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be - "ext4" if unspecified. More info: - https://examples.k8s.io/mysql-cinder-pd/README.md' type: string readOnly: - description: 'readOnly defaults to - false (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: boolean secretRef: - description: 'secretRef is optional: - points to a secret object containing - parameters used to connect to OpenStack.' properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic volumeID: - description: 'volumeID used to identify - the volume in cinder. More info: - https://examples.k8s.io/mysql-cinder-pd/README.md' type: string required: - volumeID type: object configMap: - description: configMap represents a configMap - that should populate this volume properties: defaultMode: - description: 'defaultMode is optional: - mode bits used to set permissions - on created files by default. Must - be an octal value between 0000 and - 0777 or a decimal value between - 0 and 511. YAML accepts both octal - and decimal values, JSON requires - decimal values for mode bits. Defaults - to 0644. Directories within the - path are not affected by this setting. - This might be in conflict with other - options that affect the file mode, - like fsGroup, and the result can - be other mode bits set.' format: int32 type: integer items: - description: items if unspecified, - each key-value pair in the Data - field of the referenced ConfigMap - will be projected into the volume - as a file whose name is the key - and content is the value. If specified, - the listed keys will be projected - into the specified paths, and unlisted - keys will not be present. If a key - is specified which is not present - in the ConfigMap, the volume setup - will error unless it is marked optional. - Paths must be relative and may not - contain the '..' path or start with - '..'. items: - description: Maps a string key to - a path within a volume. properties: key: - description: key is the key - to project. type: string mode: - description: 'mode is Optional: - mode bits used to set permissions - on this file. Must be an octal - value between 0000 and 0777 - or a decimal value between - 0 and 511. YAML accepts both - octal and decimal values, - JSON requires decimal values - for mode bits. If not specified, - the volume defaultMode will - be used. This might be in - conflict with other options - that affect the file mode, - like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer path: - description: path is the relative - path of the file to map the - key to. May not be an absolute - path. May not contain the - path element '..'. May not - start with the string '..'. type: string required: - key @@ -32143,199 +11361,67 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional specify whether - the ConfigMap or its keys must be - defined type: boolean type: object x-kubernetes-map-type: atomic csi: - description: csi (Container Storage Interface) - represents ephemeral storage that is - handled by certain external CSI drivers - (Beta feature). properties: driver: - description: driver is the name of - the CSI driver that handles this - volume. Consult with your admin - for the correct name as registered - in the cluster. type: string fsType: - description: fsType to mount. Ex. - "ext4", "xfs", "ntfs". If not provided, - the empty value is passed to the - associated CSI driver which will - determine the default filesystem - to apply. type: string nodePublishSecretRef: - description: nodePublishSecretRef - is a reference to the secret object - containing sensitive information - to pass to the CSI driver to complete - the CSI NodePublishVolume and NodeUnpublishVolume - calls. This field is optional, and may - be empty if no secret is required. - If the secret object contains more - than one secret, all secret references - are passed. properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic readOnly: - description: readOnly specifies a - read-only configuration for the - volume. Defaults to false (read/write). type: boolean volumeAttributes: additionalProperties: type: string - description: volumeAttributes stores - driver-specific properties that - are passed to the CSI driver. Consult - your driver's documentation for - supported values. type: object required: - driver type: object downwardAPI: - description: downwardAPI represents downward - API about the pod that should populate - this volume properties: defaultMode: - description: 'Optional: mode bits - to use on created files by default. - Must be a Optional: mode bits used - to set permissions on created files - by default. Must be an octal value - between 0000 and 0777 or a decimal - value between 0 and 511. YAML accepts - both octal and decimal values, JSON - requires decimal values for mode - bits. Defaults to 0644. Directories - within the path are not affected - by this setting. This might be in - conflict with other options that - affect the file mode, like fsGroup, - and the result can be other mode - bits set.' format: int32 type: integer items: - description: Items is a list of downward - API volume file items: - description: DownwardAPIVolumeFile - represents information to create - the file containing the pod field properties: fieldRef: - description: 'Required: Selects - a field of the pod: only annotations, - labels, name, namespace and - uid are supported.' properties: apiVersion: - description: Version of - the schema the FieldPath - is written in terms of, - defaults to "v1". type: string fieldPath: - description: Path of the - field to select in the - specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: mode - bits used to set permissions - on this file, must be an octal - value between 0000 and 0777 - or a decimal value between - 0 and 511. YAML accepts both - octal and decimal values, - JSON requires decimal values - for mode bits. If not specified, - the volume defaultMode will - be used. This might be in - conflict with other options - that affect the file mode, - like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer path: - description: 'Required: Path - is the relative path name - of the file to be created. - Must not be absolute or contain - the ''..'' path. Must be utf-8 - encoded. The first item of - the relative path must not - start with ''..''' type: string resourceFieldRef: - description: 'Selects a resource - of the container: only resources - limits and requests (limits.cpu, - limits.memory, requests.cpu - and requests.memory) are currently - supported.' properties: containerName: - description: 'Container - name: required for volumes, - optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the - output format of the exposed - resources, defaults to - "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: - resource to select' type: string required: - resource @@ -32348,265 +11434,50 @@ spec: x-kubernetes-list-type: atomic type: object emptyDir: - description: 'emptyDir represents a temporary - directory that shares a pod''s lifetime. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' properties: medium: - description: 'medium represents what - type of storage medium should back - this directory. The default is "" - which means to use the node''s default - medium. Must be an empty string - (default) or Memory. More info: - https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: anyOf: - type: integer - type: string - description: 'sizeLimit is the total - amount of local storage required - for this EmptyDir volume. The size - limit is also applicable for memory - medium. The maximum usage on memory - medium EmptyDir would be the minimum - value between the SizeLimit specified - here and the sum of memory limits - of all containers in a pod. The - default is nil which means that - the limit is undefined. More info: - https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object ephemeral: - description: "ephemeral represents a volume - that is handled by a cluster storage - driver. The volume's lifecycle is tied - to the pod that defines it - it will - be created before the pod starts, and - deleted when the pod is removed. \n - Use this if: a) the volume is only needed - while the pod runs, b) features of normal - volumes like restoring from snapshot - or capacity tracking are needed, c) - the storage driver is specified through - a storage class, and d) the storage - driver supports dynamic volume provisioning - through a PersistentVolumeClaim (see - EphemeralVolumeSource for more information - on the connection between this volume - type and PersistentVolumeClaim). \n - Use PersistentVolumeClaim or one of - the vendor-specific APIs for volumes - that persist for longer than the lifecycle - of an individual pod. \n Use CSI for - light-weight local ephemeral volumes - if the CSI driver is meant to be used - that way - see the documentation of - the driver for more information. \n - A pod can use both types of ephemeral - volumes and persistent volumes at the - same time." properties: volumeClaimTemplate: - description: "Will be used to create - a stand-alone PVC to provision the - volume. The pod in which this EphemeralVolumeSource - is embedded will be the owner of - the PVC, i.e. the PVC will be deleted - together with the pod. The name - of the PVC will be `-` where `` is - the name from the `PodSpec.Volumes` - array entry. Pod validation will - reject the pod if the concatenated - name is not valid for a PVC (for - example, too long). \n An existing - PVC with that name that is not owned - by the pod will *not* be used for - the pod to avoid using an unrelated - volume by mistake. Starting the - pod is then blocked until the unrelated - PVC is removed. If such a pre-created - PVC is meant to be used by the pod, - the PVC has to updated with an owner - reference to the pod once the pod - exists. Normally this should not - be necessary, but it may be useful - when manually reconstructing a broken - cluster. \n This field is read-only - and no changes will be made by Kubernetes - to the PVC after it has been created. - \n Required, must not be nil." properties: metadata: - description: May contain labels - and annotations that will be - copied into the PVC when creating - it. No other fields are allowed - and will be rejected during - validation. properties: annotations: additionalProperties: type: string - description: 'Annotations - is an unstructured key value - map stored with a resource - that may be set by external - tools to store and retrieve - arbitrary metadata. They - are not queryable and should - be preserved when modifying - objects. More info: http://kubernetes.io/docs/user-guide/annotations' type: object generateName: - description: "GenerateName - is an optional prefix, used - by the server, to generate - a unique name ONLY IF the - Name field has not been - provided. If this field - is used, the name returned - to the client will be different - than the name passed. This - value will also be combined - with a unique suffix. The - provided value has the same - validation rules as the - Name field, and may be truncated - by the length of the suffix - required to make the value - unique on the server. \n - If this field is specified - and the generated name exists, - the server will NOT return - a 409 - instead, it will - either return 201 Created - or 500 with Reason ServerTimeout - indicating a unique name - could not be found in the - time allotted, and the client - should retry (optionally - after the time indicated - in the Retry-After header). - \n Applied only if Name - is not specified. More info: - https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" type: string labels: additionalProperties: type: string - description: 'Map of string - keys and values that can - be used to organize and - categorize (scope and select) - objects. May match selectors - of replication controllers - and services. More info: - http://kubernetes.io/docs/user-guide/labels' type: object name: - description: 'Name must be - unique within a namespace. - Is required when creating - resources, although some - resources may allow a client - to request the generation - of an appropriate name automatically. - Name is primarily intended - for creation idempotence - and configuration definition. - Cannot be updated. More - info: http://kubernetes.io/docs/user-guide/identifiers#names' type: string namespace: - description: "Namespace defines - the space within each name - must be unique. An empty - namespace is equivalent - to the \"default\" namespace, - but \"default\" is the canonical - representation. Not all - objects are required to - be scoped to a namespace - - the value of this field - for those objects will be - empty. \n Must be a DNS_LABEL. - Cannot be updated. More - info: http://kubernetes.io/docs/user-guide/namespaces" type: string ownerReferences: - description: List of objects - depended by this object. - If ALL objects in the list - have been deleted, this - object will be garbage collected. - If this object is managed - by a controller, then an - entry in this list will - point to this controller, - with the controller field - set to true. There cannot - be more than one managing - controller. items: - description: OwnerReference - contains enough information - to let you identify an - owning object. An owning - object must be in the - same namespace as the - dependent, or be cluster-scoped, - so there is no namespace - field. properties: apiVersion: - description: API version - of the referent. type: string blockOwnerDeletion: - description: If true, - AND if the owner has - the "foregroundDeletion" - finalizer, then the - owner cannot be deleted - from the key-value - store until this reference - is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion - for how the garbage - collector interacts - with this field and - enforces the foreground - deletion. Defaults - to false. To set this - field, a user needs - "delete" permission - of the owner, otherwise - 422 (Unprocessable - Entity) will be returned. type: boolean controller: - description: If true, - this reference points - to the managing controller. type: boolean kind: - description: 'Kind of - the referent. More - info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string name: - description: 'Name of - the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: - description: 'UID of - the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -32618,66 +11489,19 @@ spec: type: array type: object spec: - description: The specification - for the PersistentVolumeClaim. - The entire content is copied - unchanged into the PVC that - gets created from this template. - The same fields as in a PersistentVolumeClaim - are also valid here. properties: accessModes: - description: 'accessModes - contains the desired access - modes the volume should - have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array x-kubernetes-list-type: atomic dataSource: - description: 'dataSource field - can be used to specify either: - * An existing VolumeSnapshot - object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an - external controller can - support the specified data - source, it will create a - new volume based on the - contents of the specified - data source. When the AnyVolumeDataSource - feature gate is enabled, - dataSource contents will - be copied to dataSourceRef, - and dataSourceRef contents - will be copied to dataSource - when dataSourceRef.namespace - is not specified. If the - namespace is specified, - then dataSourceRef will - not be copied to dataSource.' properties: apiGroup: - description: APIGroup - is the group for the - resource being referenced. - If APIGroup is not specified, - the specified Kind must - be in the core API group. - For any other third-party - types, APIGroup is required. type: string kind: - description: Kind is the - type of resource being - referenced type: string name: - description: Name is the - name of resource being - referenced type: string required: - kind @@ -32685,114 +11509,20 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef - specifies the object from - which to populate the volume - with data, if a non-empty - volume is desired. This - may be any object from a - non-empty API group (non - core object) or a PersistentVolumeClaim - object. When this field - is specified, volume binding - will only succeed if the - type of the specified object - matches some installed volume - populator or dynamic provisioner. - This field will replace - the functionality of the - dataSource field and as - such if both fields are - non-empty, they must have - the same value. For backwards - compatibility, when namespace - isn''t specified in dataSourceRef, - both fields (dataSource - and dataSourceRef) will - be set to the same value - automatically if one of - them is empty and the other - is non-empty. When namespace - is specified in dataSourceRef, - dataSource isn''t set to - the same value and must - be empty. There are three - important differences between - dataSource and dataSourceRef: - * While dataSource only - allows two specific types - of objects, dataSourceRef - allows any non-core object, - as well as PersistentVolumeClaim - objects. * While dataSource - ignores disallowed values - (dropping them), dataSourceRef - preserves all values, and - generates an error if a - disallowed value is specified. - * While dataSource only - allows local objects, dataSourceRef - allows objects in any namespaces. - (Beta) Using this field - requires the AnyVolumeDataSource - feature gate to be enabled. - (Alpha) Using the namespace - field of dataSourceRef requires - the CrossNamespaceVolumeDataSource - feature gate to be enabled.' properties: apiGroup: - description: APIGroup - is the group for the - resource being referenced. - If APIGroup is not specified, - the specified Kind must - be in the core API group. - For any other third-party - types, APIGroup is required. type: string kind: - description: Kind is the - type of resource being - referenced type: string name: - description: Name is the - name of resource being - referenced type: string namespace: - description: Namespace - is the namespace of - resource being referenced - Note that when a namespace - is specified, a gateway.networking.k8s.io/ReferenceGrant - object is required in - the referent namespace - to allow that namespace's - owner to accept the - reference. See the ReferenceGrant - documentation for details. - (Alpha) This field requires - the CrossNamespaceVolumeDataSource - feature gate to be enabled. type: string required: - kind - name type: object resources: - description: 'resources represents - the minimum resources the - volume should have. If RecoverVolumeExpansionFailure - feature is enabled users - are allowed to specify resource - requirements that are lower - than previous value but - must still be higher than - capacity recorded in the - status field of the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: @@ -32801,10 +11531,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes - the maximum amount of - compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -32813,70 +11539,18 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests - describes the minimum - amount of compute resources - required. If Requests - is omitted for a container, - it defaults to Limits - if that is explicitly - specified, otherwise - to an implementation-defined - value. Requests cannot - exceed Limits. More - info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: - description: selector is a - label query over volumes - to consider for binding. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. properties: key: - description: key - is the label key - that the selector - applies to. type: string operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. items: type: string type: array @@ -32890,74 +11564,16 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName - is the name of the StorageClass - required by the claim. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeAttributesClassName: - description: 'volumeAttributesClassName - may be used to set the VolumeAttributesClass - used by this claim. If specified, - the CSI driver will create - or update the volume with - the attributes defined in - the corresponding VolumeAttributesClass. - This has a different purpose - than storageClassName, it - can be changed after the - claim is created. An empty - string value means that - no VolumeAttributesClass - will be applied to the claim - but it''s not allowed to - reset this field to empty - string once it is set. If - unspecified and the PersistentVolumeClaim - is unbound, the default - VolumeAttributesClass will - be set by the persistentvolume - controller if it exists. - If the resource referred - to by volumeAttributesClass - does not exist, this PersistentVolumeClaim - will be set to a Pending - state, as reflected by the - modifyVolumeStatus field, - until such as a resource - exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field - requires the VolumeAttributesClass - feature gate to be enabled.' type: string volumeMode: - description: volumeMode defines - what type of volume is required - by the claim. Value of Filesystem - is implied when not included - in claim spec. type: string volumeName: - description: volumeName is - the binding reference to - the PersistentVolume backing - this claim. type: string type: object required: @@ -32965,105 +11581,41 @@ spec: type: object type: object fc: - description: fc represents a Fibre Channel - resource that is attached to a kubelet's - host machine and then exposed to the - pod. properties: fsType: - description: 'fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. TODO: how do we - prevent errors in the filesystem - from compromising the machine' type: string lun: - description: 'lun is Optional: FC - target lun number' format: int32 type: integer readOnly: - description: 'readOnly is Optional: - Defaults to false (read/write). - ReadOnly here will force the ReadOnly - setting in VolumeMounts.' type: boolean targetWWNs: - description: 'targetWWNs is Optional: - FC target worldwide names (WWNs)' items: type: string type: array x-kubernetes-list-type: atomic wwids: - description: 'wwids Optional: FC volume - world wide identifiers (wwids) Either - wwids or combination of targetWWNs - and lun must be set, but not both - simultaneously.' items: type: string type: array x-kubernetes-list-type: atomic type: object flexVolume: - description: flexVolume represents a generic - volume resource that is provisioned/attached - using an exec based plugin. properties: driver: - description: driver is the name of - the driver to use for this volume. type: string fsType: - description: fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - The default filesystem depends on - FlexVolume script. type: string options: additionalProperties: type: string - description: 'options is Optional: - this field holds extra command options - if any.' type: object readOnly: - description: 'readOnly is Optional: - defaults to false (read/write). - ReadOnly here will force the ReadOnly - setting in VolumeMounts.' type: boolean secretRef: - description: 'secretRef is Optional: - secretRef is reference to the secret - object containing sensitive information - to pass to the plugin scripts. This - may be empty if no secret object - is specified. If the secret object - contains more than one secret, all - secrets are passed to the plugin - scripts.' properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic @@ -33071,214 +11623,79 @@ spec: - driver type: object flocker: - description: flocker represents a Flocker - volume attached to a kubelet's host - machine. This depends on the Flocker - control service being running properties: datasetName: - description: datasetName is Name of - the dataset stored as metadata -> - name on the dataset for Flocker - should be considered as deprecated type: string datasetUUID: - description: datasetUUID is the UUID - of the dataset. This is unique identifier - of a Flocker dataset type: string type: object gcePersistentDisk: - description: 'gcePersistentDisk represents - a GCE Disk resource that is attached - to a kubelet''s host machine and then - exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' properties: fsType: - description: 'fsType is filesystem - type of the volume that you want - to mount. Tip: Ensure that the filesystem - type is supported by the host operating - system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be - "ext4" if unspecified. More info: - https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in - the filesystem from compromising - the machine' type: string partition: - description: 'partition is the partition - in the volume that you want to mount. - If omitted, the default is to mount - by volume name. Examples: For volume - /dev/sda1, you specify the partition - as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can - leave the property empty). More - info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' format: int32 type: integer pdName: - description: 'pdName is unique name - of the PD resource in GCE. Used - to identify the disk in GCE. More - info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: string readOnly: - description: 'readOnly here will force - the ReadOnly setting in VolumeMounts. - Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: boolean required: - pdName type: object glusterfs: - description: 'glusterfs represents a Glusterfs - mount on the host that shares a pod''s - lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' properties: endpoints: - description: 'endpoints is the endpoint - name that details Glusterfs topology. - More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string path: - description: 'path is the Glusterfs - volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string readOnly: - description: 'readOnly here will force - the Glusterfs volume to be mounted - with read-only permissions. Defaults - to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: boolean required: - endpoints - path type: object hostPath: - description: 'hostPath represents a pre-existing - file or directory on the host machine - that is directly exposed to the container. - This is generally used for system agents - or other privileged things that are - allowed to see the host machine. Most - containers will NOT need this. More - info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict - who can use host directory mounts and - who can/can not mount host directories - as read/write.' properties: path: - description: 'path of the directory - on the host. If the path is a symlink, - it will follow the link to the real - path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string type: - description: 'type for HostPath Volume - Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string required: - path type: object iscsi: - description: 'iscsi represents an ISCSI - Disk resource that is attached to a - kubelet''s host machine and then exposed - to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' properties: chapAuthDiscovery: - description: chapAuthDiscovery defines - whether support iSCSI Discovery - CHAP authentication type: boolean chapAuthSession: - description: chapAuthSession defines - whether support iSCSI Session CHAP - authentication type: boolean fsType: - description: 'fsType is the filesystem - type of the volume that you want - to mount. Tip: Ensure that the filesystem - type is supported by the host operating - system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be - "ext4" if unspecified. More info: - https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in - the filesystem from compromising - the machine' type: string initiatorName: - description: initiatorName is the - custom iSCSI Initiator Name. If - initiatorName is specified with - iscsiInterface simultaneously, new - iSCSI interface : will be created for the connection. type: string iqn: - description: iqn is the target iSCSI - Qualified Name. type: string iscsiInterface: - description: iscsiInterface is the - interface Name that uses an iSCSI - transport. Defaults to 'default' - (tcp). type: string lun: - description: lun represents iSCSI - Target Lun number. format: int32 type: integer portals: - description: portals is the iSCSI - Target Portal List. The portal is - either an IP or ip_addr:port if - the port is other than default (typically - TCP ports 860 and 3260). items: type: string type: array x-kubernetes-list-type: atomic readOnly: - description: readOnly here will force - the ReadOnly setting in VolumeMounts. - Defaults to false. type: boolean secretRef: - description: secretRef is the CHAP - Secret for iSCSI target and initiator - authentication properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic targetPortal: - description: targetPortal is iSCSI - Target Portal. The Portal is either - an IP or ip_addr:port if the port - is other than default (typically - TCP ports 860 and 3260). type: string required: - iqn @@ -33286,214 +11703,68 @@ spec: - targetPortal type: object name: - description: 'name of the volume. Must - be a DNS_LABEL and unique within the - pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string nfs: - description: 'nfs represents an NFS mount - on the host that shares a pod''s lifetime - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' properties: path: - description: 'path that is exported - by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string readOnly: - description: 'readOnly here will force - the NFS export to be mounted with - read-only permissions. Defaults - to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: boolean server: - description: 'server is the hostname - or IP address of the NFS server. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string required: - path - server type: object persistentVolumeClaim: - description: 'persistentVolumeClaimVolumeSource - represents a reference to a PersistentVolumeClaim - in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: claimName: - description: 'claimName is the name - of a PersistentVolumeClaim in the - same namespace as the pod using - this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' type: string readOnly: - description: readOnly Will force the - ReadOnly setting in VolumeMounts. - Default false. type: boolean required: - claimName type: object photonPersistentDisk: - description: photonPersistentDisk represents - a PhotonController persistent disk attached - and mounted on kubelets host machine properties: fsType: - description: fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. type: string pdID: - description: pdID is the ID that identifies - Photon Controller persistent disk type: string required: - pdID type: object portworxVolume: - description: portworxVolume represents - a portworx volume attached and mounted - on kubelets host machine properties: fsType: - description: fSType represents the - filesystem type to mount Must be - a filesystem type supported by the - host operating system. Ex. "ext4", - "xfs". Implicitly inferred to be - "ext4" if unspecified. type: string readOnly: - description: readOnly defaults to - false (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. type: boolean volumeID: - description: volumeID uniquely identifies - a Portworx volume type: string required: - volumeID type: object projected: - description: projected items for all in - one resources secrets, configmaps, and - downward API properties: defaultMode: - description: defaultMode are the mode - bits used to set permissions on - created files by default. Must be - an octal value between 0000 and - 0777 or a decimal value between - 0 and 511. YAML accepts both octal - and decimal values, JSON requires - decimal values for mode bits. Directories - within the path are not affected - by this setting. This might be in - conflict with other options that - affect the file mode, like fsGroup, - and the result can be other mode - bits set. format: int32 type: integer sources: - description: sources is the list of - volume projections items: - description: Projection that may - be projected along with other - supported volume types properties: clusterTrustBundle: - description: "ClusterTrustBundle - allows a pod to access the - `.spec.trustBundle` field - of ClusterTrustBundle objects - in an auto-updating file. - \n Alpha, gated by the ClusterTrustBundleProjection - feature gate. \n ClusterTrustBundle - objects can either be selected - by name, or by the combination - of signer name and a label - selector. \n Kubelet performs - aggressive normalization of - the PEM contents written into - the pod filesystem. Esoteric - PEM features such as inter-block - comments and block headers - are stripped. Certificates - are deduplicated. The ordering - of certificates within the - file is arbitrary, and Kubelet - may change the order over - time." properties: labelSelector: - description: Select all - ClusterTrustBundles that - match this label selector. Only - has effect if signerName - is set. Mutually-exclusive - with name. If unset, - interpreted as "match - nothing". If set but - empty, interpreted as - "match everything". properties: matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements are - ANDed. items: - description: A label - selector requirement - is a selector that - contains values, - a key, and an operator - that relates the - key and values. properties: key: - description: key - is the label - key that the - selector applies - to. type: string operator: - description: operator - represents a - key's relationship - to a set of - values. Valid - operators are - In, NotIn, Exists - and DoesNotExist. type: string values: - description: values - is an array - of string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or - DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic - merge patch. items: type: string type: array @@ -33507,131 +11778,31 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels - map is equivalent - to an element of matchExpressions, - whose key field is - "key", the operator - is "In", and the values - array contains only - "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic name: - description: Select a single - ClusterTrustBundle by - object name. Mutually-exclusive - with signerName and labelSelector. type: string optional: - description: If true, don't - block pod startup if the - referenced ClusterTrustBundle(s) - aren't available. If - using name, then the named - ClusterTrustBundle is - allowed not to exist. If - using signerName, then - the combination of signerName - and labelSelector is allowed - to match zero ClusterTrustBundles. type: boolean path: - description: Relative path - from the volume root to - write the bundle. type: string signerName: - description: Select all - ClusterTrustBundles that - match this signer name. - Mutually-exclusive with - name. The contents of - all selected ClusterTrustBundles - will be unified and deduplicated. type: string required: - path type: object configMap: - description: configMap information - about the configMap data to - project properties: items: - description: items if unspecified, - each key-value pair in - the Data field of the - referenced ConfigMap will - be projected into the - volume as a file whose - name is the key and content - is the value. If specified, - the listed keys will be - projected into the specified - paths, and unlisted keys - will not be present. If - a key is specified which - is not present in the - ConfigMap, the volume - setup will error unless - it is marked optional. - Paths must be relative - and may not contain the - '..' path or start with - '..'. items: - description: Maps a string - key to a path within - a volume. properties: key: - description: key is - the key to project. type: string mode: - description: 'mode - is Optional: mode - bits used to set - permissions on this - file. Must be an - octal value between - 0000 and 0777 or - a decimal value - between 0 and 511. - YAML accepts both - octal and decimal - values, JSON requires - decimal values for - mode bits. If not - specified, the volume - defaultMode will - be used. This might - be in conflict with - other options that - affect the file - mode, like fsGroup, - and the result can - be other mode bits - set.' format: int32 type: integer path: - description: path - is the relative - path of the file - to map the key to. - May not be an absolute - path. May not contain - the path element - '..'. May not start - with the string - '..'. type: string required: - key @@ -33641,141 +11812,42 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of the - referent. This field is - effectively required, - but due to backwards compatibility - is allowed to be empty. - Instances of this type - with an empty value here - are almost certainly wrong. - TODO: Add other useful - fields. apiVersion, kind, - uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional specify - whether the ConfigMap - or its keys must be defined type: boolean type: object x-kubernetes-map-type: atomic downwardAPI: - description: downwardAPI information - about the downwardAPI data - to project properties: items: - description: Items is a - list of DownwardAPIVolume - file items: - description: DownwardAPIVolumeFile - represents information - to create the file containing - the pod field properties: fieldRef: - description: 'Required: - Selects a field - of the pod: only - annotations, labels, - name, namespace - and uid are supported.' properties: apiVersion: - description: Version - of the schema - the FieldPath - is written in - terms of, defaults - to "v1". type: string fieldPath: - description: Path - of the field - to select in - the specified - API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: - mode bits used to - set permissions - on this file, must - be an octal value - between 0000 and - 0777 or a decimal - value between 0 - and 511. YAML accepts - both octal and decimal - values, JSON requires - decimal values for - mode bits. If not - specified, the volume - defaultMode will - be used. This might - be in conflict with - other options that - affect the file - mode, like fsGroup, - and the result can - be other mode bits - set.' format: int32 type: integer path: - description: 'Required: - Path is the relative - path name of the - file to be created. - Must not be absolute - or contain the ''..'' - path. Must be utf-8 - encoded. The first - item of the relative - path must not start - with ''..''' type: string resourceFieldRef: - description: 'Selects - a resource of the - container: only - resources limits - and requests (limits.cpu, - limits.memory, requests.cpu - and requests.memory) - are currently supported.' properties: containerName: - description: 'Container - name: required - for volumes, - optional for - env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies - the output format - of the exposed - resources, defaults - to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: - resource to - select' type: string required: - resource @@ -33788,77 +11860,16 @@ spec: x-kubernetes-list-type: atomic type: object secret: - description: secret information - about the secret data to project properties: items: - description: items if unspecified, - each key-value pair in - the Data field of the - referenced Secret will - be projected into the - volume as a file whose - name is the key and content - is the value. If specified, - the listed keys will be - projected into the specified - paths, and unlisted keys - will not be present. If - a key is specified which - is not present in the - Secret, the volume setup - will error unless it is - marked optional. Paths - must be relative and may - not contain the '..' path - or start with '..'. items: - description: Maps a string - key to a path within - a volume. properties: key: - description: key is - the key to project. type: string mode: - description: 'mode - is Optional: mode - bits used to set - permissions on this - file. Must be an - octal value between - 0000 and 0777 or - a decimal value - between 0 and 511. - YAML accepts both - octal and decimal - values, JSON requires - decimal values for - mode bits. If not - specified, the volume - defaultMode will - be used. This might - be in conflict with - other options that - affect the file - mode, like fsGroup, - and the result can - be other mode bits - set.' format: int32 type: integer path: - description: path - is the relative - path of the file - to map the key to. - May not be an absolute - path. May not contain - the path element - '..'. May not start - with the string - '..'. type: string required: - key @@ -33868,71 +11879,19 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of the - referent. This field is - effectively required, - but due to backwards compatibility - is allowed to be empty. - Instances of this type - with an empty value here - are almost certainly wrong. - TODO: Add other useful - fields. apiVersion, kind, - uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional field - specify whether the Secret - or its key must be defined type: boolean type: object x-kubernetes-map-type: atomic serviceAccountToken: - description: serviceAccountToken - is information about the serviceAccountToken - data to project properties: audience: - description: audience is - the intended audience - of the token. A recipient - of a token must identify - itself with an identifier - specified in the audience - of the token, and otherwise - should reject the token. - The audience defaults - to the identifier of the - apiserver. type: string expirationSeconds: - description: expirationSeconds - is the requested duration - of validity of the service - account token. As the - token approaches expiration, - the kubelet volume plugin - will proactively rotate - the service account token. - The kubelet will start - trying to rotate the token - if the token is older - than 80 percent of its - time to live or if the - token is older than 24 - hours.Defaults to 1 hour - and must be at least 10 - minutes. format: int64 type: integer path: - description: path is the - path relative to the mount - point of the file to project - the token into. type: string required: - path @@ -33942,202 +11901,79 @@ spec: x-kubernetes-list-type: atomic type: object quobyte: - description: quobyte represents a Quobyte - mount on the host that shares a pod's - lifetime properties: group: - description: group to map volume access - to Default is no group type: string readOnly: - description: readOnly here will force - the Quobyte volume to be mounted - with read-only permissions. Defaults - to false. type: boolean registry: - description: registry represents a - single or multiple Quobyte Registry - services specified as a string as - host:port pair (multiple entries - are separated with commas) which - acts as the central registry for - volumes type: string tenant: - description: tenant owning the given - Quobyte volume in the Backend Used - with dynamically provisioned Quobyte - volumes, value is set by the plugin type: string user: - description: user to map volume access - to Defaults to serivceaccount user type: string volume: - description: volume is a string that - references an already created Quobyte - volume by name. type: string required: - registry - volume type: object rbd: - description: 'rbd represents a Rados Block - Device mount on the host that shares - a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' properties: fsType: - description: 'fsType is the filesystem - type of the volume that you want - to mount. Tip: Ensure that the filesystem - type is supported by the host operating - system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be - "ext4" if unspecified. More info: - https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in - the filesystem from compromising - the machine' type: string image: - description: 'image is the rados image - name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string keyring: - description: 'keyring is the path - to key ring for RBDUser. Default - is /etc/ceph/keyring. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string monitors: - description: 'monitors is a collection - of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' items: type: string type: array x-kubernetes-list-type: atomic pool: - description: 'pool is the rados pool - name. Default is rbd. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string readOnly: - description: 'readOnly here will force - the ReadOnly setting in VolumeMounts. - Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: boolean secretRef: - description: 'secretRef is name of - the authentication secret for RBDUser. - If provided overrides keyring. Default - is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is the rados user - name. Default is admin. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string required: - image - monitors type: object scaleIO: - description: scaleIO represents a ScaleIO - persistent volume attached and mounted - on Kubernetes nodes. properties: fsType: - description: fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Default is "xfs". type: string gateway: - description: gateway is the host address - of the ScaleIO API Gateway. type: string protectionDomain: - description: protectionDomain is the - name of the ScaleIO Protection Domain - for the configured storage. type: string readOnly: - description: readOnly Defaults to - false (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. type: boolean secretRef: - description: secretRef references - to the secret for ScaleIO user and - other sensitive information. If - this is not provided, Login operation - will fail. properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic sslEnabled: - description: sslEnabled Flag enable/disable - SSL communication with Gateway, - default false type: boolean storageMode: - description: storageMode indicates - whether the storage for a volume - should be ThickProvisioned or ThinProvisioned. - Default is ThinProvisioned. type: string storagePool: - description: storagePool is the ScaleIO - Storage Pool associated with the - protection domain. type: string system: - description: system is the name of - the storage system as configured - in ScaleIO. type: string volumeName: - description: volumeName is the name - of a volume already created in the - ScaleIO system that is associated - with this volume source. type: string required: - gateway @@ -34145,76 +11981,19 @@ spec: - system type: object secret: - description: 'secret represents a secret - that should populate this volume. More - info: https://kubernetes.io/docs/concepts/storage/volumes#secret' properties: defaultMode: - description: 'defaultMode is Optional: - mode bits used to set permissions - on created files by default. Must - be an octal value between 0000 and - 0777 or a decimal value between - 0 and 511. YAML accepts both octal - and decimal values, JSON requires - decimal values for mode bits. Defaults - to 0644. Directories within the - path are not affected by this setting. - This might be in conflict with other - options that affect the file mode, - like fsGroup, and the result can - be other mode bits set.' format: int32 type: integer items: - description: items If unspecified, - each key-value pair in the Data - field of the referenced Secret will - be projected into the volume as - a file whose name is the key and - content is the value. If specified, - the listed keys will be projected - into the specified paths, and unlisted - keys will not be present. If a key - is specified which is not present - in the Secret, the volume setup - will error unless it is marked optional. - Paths must be relative and may not - contain the '..' path or start with - '..'. items: - description: Maps a string key to - a path within a volume. properties: key: - description: key is the key - to project. type: string mode: - description: 'mode is Optional: - mode bits used to set permissions - on this file. Must be an octal - value between 0000 and 0777 - or a decimal value between - 0 and 511. YAML accepts both - octal and decimal values, - JSON requires decimal values - for mode bits. If not specified, - the volume defaultMode will - be used. This might be in - conflict with other options - that affect the file mode, - like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer path: - description: path is the relative - path of the file to map the - key to. May not be an absolute - path. May not contain the - path element '..'. May not - start with the string '..'. type: string required: - key @@ -34223,107 +12002,37 @@ spec: type: array x-kubernetes-list-type: atomic optional: - description: optional field specify - whether the Secret or its keys must - be defined type: boolean secretName: - description: 'secretName is the name - of the secret in the pod''s namespace - to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' type: string type: object storageos: - description: storageOS represents a StorageOS - volume attached and mounted on Kubernetes - nodes. properties: fsType: - description: fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. type: string readOnly: - description: readOnly defaults to - false (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. type: boolean secretRef: - description: secretRef specifies the - secret to use for obtaining the - StorageOS API credentials. If not - specified, default values will be - attempted. properties: name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic volumeName: - description: volumeName is the human-readable - name of the StorageOS volume. Volume - names are only unique within a namespace. type: string volumeNamespace: - description: volumeNamespace specifies - the scope of the volume within StorageOS. If - no namespace is specified then the - Pod's namespace will be used. This - allows the Kubernetes name scoping - to be mirrored within StorageOS - for tighter integration. Set VolumeName - to any name to override the default - behaviour. Set to "default" if you - are not using namespaces within - StorageOS. Namespaces that do not - pre-exist within StorageOS will - be created. type: string type: object vsphereVolume: - description: vsphereVolume represents - a vSphere volume attached and mounted - on kubelets host machine properties: fsType: - description: fsType is filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. type: string storagePolicyID: - description: storagePolicyID is the - storage Policy Based Management - (SPBM) profile ID associated with - the StoragePolicyName. type: string storagePolicyName: - description: storagePolicyName is - the storage Policy Based Management - (SPBM) profile name. type: string volumePath: - description: volumePath is the path - that identifies vSphere volume vmdk type: string required: - volumePath @@ -34335,38 +12044,18 @@ spec: type: object type: object ttlSecondsAfterFinished: - description: ttlSecondsAfterFinished limits the lifetime - of a Job that has finished execution (either Complete - or Failed). If this field is set, ttlSecondsAfterFinished - after the Job finishes, it is eligible to be automatically - deleted. When the Job is being deleted, its lifecycle - guarantees (e.g. finalizers) will be honored. If this - field is unset, the Job won't be automatically deleted. - If this field is set to zero, the Job becomes eligible - to be deleted immediately after it finishes. This - field is alpha-level and is only honored by servers - that enable the TTLAfterFinished feature. format: int32 type: integer type: object schedule: - description: The schedule in Cron format, see https://en.wikipedia.org/wiki/Cron. type: string startingDeadlineSeconds: - description: Optional deadline in seconds for starting the - job if it misses scheduled time for any reason. Missed - jobs executions will be counted as failed ones. format: int64 type: integer successfulJobsHistoryLimit: - description: The number of successful finished jobs to retain. - Value must be non-negative integer. Defaults to 3. format: int32 type: integer suspend: - description: This flag tells the controller to suspend subsequent - executions, it does not apply to already started executions. Defaults - to false. type: boolean required: - jobTemplate @@ -34374,93 +12063,60 @@ spec: type: object sessionHistoryLimit: default: 1 - description: SessionHistoryLimit specifies how many backup Jobs - and associate resources KubeStash should keep for debugging - purpose. The default value is 1. format: int32 type: integer type: object type: array target: - description: Target refers to the target of backup. The target must - be in the same namespace as the BackupConfiguration. properties: apiGroup: type: string kind: type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string required: - name type: object type: object status: - description: BackupConfigurationStatus defines the observed state of BackupConfiguration properties: backends: - description: Backends specifies whether the backends exist or not items: - description: BackendStatus specifies the status of the backends properties: name: - description: Name indicates the backend name type: string ready: - description: Ready indicates whether the respective BackupStorage - is ready or not type: boolean retentionPolicy: - description: RetentionPolicy indicates the status of the respective - RetentionPolicy properties: found: - description: Found indicates whether the RetentionPolicy - is Found or not type: boolean reason: - description: Reason specifies the error messages found while - checking the RetentionPolicy type: string ref: - description: Ref indicates the RetentionPolicy object reference. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string required: - name type: object type: object storage: - description: Storage indicates the status of the respective - BackupStorage properties: phase: - description: Phase indicates the current phase of the respective - BackupStorage. type: string reason: - description: Reason specifies the error messages found while - checking the BackupStorage phase type: string ref: - description: Ref indicates to the BackupStorage object. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string required: - name @@ -34469,50 +12125,23 @@ spec: type: object type: array conditions: - description: Conditions represents list of conditions regarding this - BackupConfiguration items: - description: Condition defines an observation of a object operational - state. properties: lastTransitionTime: - description: Last time the condition transitioned from one status - to another. This should be when the underlying condition changed. - If that is not known, then using the time when the API field - changed is acceptable. format: date-time type: string message: - description: A human-readable message indicating details about - the transition. This field may be empty. type: string observedGeneration: - description: If set, this represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.condition[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. format: int64 type: integer reason: - description: The reason for the condition's last transition - in CamelCase. The specific API may choose whether this field - is considered a guaranteed API. This field may not be empty. type: string severity: - description: Severity provides an explicit classification of - Reason code, so the users or machines can immediately understand - the current situation and act accordingly. The Severity field - MUST be set only when Status=False. type: string status: - description: Status of the condition, one of True, False, Unknown. type: string type: - description: Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources - like Available, but because arbitrary util can be useful (see - .node.status.util), the ability to deconflict is important. type: string required: - lastTransitionTime @@ -34521,113 +12150,65 @@ spec: type: object type: array dependencies: - description: Dependencies specifies whether the objects required by - this BackupConfiguration exist or not items: - description: ResourceFoundStatus specifies whether a resource was - found or not properties: apiGroup: type: string found: - description: Found indicates whether the resource was found - or not type: boolean kind: type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string required: - name type: object type: array phase: - description: Phase represents the current state of the Backup Invoker. enum: - NotReady - Ready - Invalid type: string repositories: - description: Repositories specifies whether the repositories have - been successfully initialized or not items: - description: RepoStatus specifies the status of a Repository properties: name: - description: Name indicate the name of the Repository type: string phase: - description: Ready indicates whether the respective Repository - is ready or not enum: - NotReady - Ready type: string reason: - description: Reason specifies the error messages found while - ensuring the respective Repository type: string + verificationConfigured: + type: boolean type: object type: array sessions: - description: Sessions specifies status of the session specific resources items: - description: SessionStatus specifies the status of a session specific - fields. properties: conditions: - description: Conditions specifies a list of conditions related - to this session items: - description: Condition defines an observation of a object - operational state. properties: lastTransitionTime: - description: Last time the condition transitioned from - one status to another. This should be when the underlying - condition changed. If that is not known, then using - the time when the API field changed is acceptable. format: date-time type: string message: - description: A human-readable message indicating details - about the transition. This field may be empty. type: string observedGeneration: - description: If set, this represents the .metadata.generation - that the condition was set based upon. For instance, - if .metadata.generation is currently 12, but the .status.condition[x].observedGeneration - is 9, the condition is out of date with respect to the - current state of the instance. format: int64 type: integer reason: - description: The reason for the condition's last transition - in CamelCase. The specific API may choose whether this - field is considered a guaranteed API. This field may - not be empty. type: string severity: - description: Severity provides an explicit classification - of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. type: string status: - description: Status of the condition, one of True, False, - Unknown. type: string type: - description: Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources - like Available, but because arbitrary util can be useful - (see .node.status.util), the ability to deconflict is - important. type: string required: - lastTransitionTime @@ -34636,17 +12217,12 @@ spec: type: object type: array name: - description: Name indicates the name of the session type: string nextSchedule: - description: NextSchedule specifies when the next backup will - execute for this session type: string type: object type: array targetFound: - description: TargetFound specifies whether the backup target exist - or not type: boolean type: object type: object diff --git a/vendor/kubestash.dev/apimachinery/crds/core.kubestash.com_backupsessions.yaml b/vendor/kubestash.dev/apimachinery/crds/core.kubestash.com_backupsessions.yaml index fe23c658..62fc9620 100644 --- a/vendor/kubestash.dev/apimachinery/crds/core.kubestash.com_backupsessions.yaml +++ b/vendor/kubestash.dev/apimachinery/crds/core.kubestash.com_backupsessions.yaml @@ -37,46 +37,24 @@ spec: name: v1alpha1 schema: openAPIV3Schema: - description: BackupSession represent one backup run for the target(s) pointed - by the respective BackupConfiguration or BackupBatch properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: BackupSessionSpec specifies the information related to the - respective backup invoker and session. properties: backupTimeout: - description: BackupTimeout specifies the maximum duration of backup. - Backup will be considered Failed if backup tasks do not complete - within this time limit. By default, KubeStash don't set any timeout - for backup. type: string invoker: - description: Invoker points to the respective BackupConfiguration - or BackupBatch which is responsible for triggering this backup. properties: apiGroup: - description: APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in - the core API group. For any other third-party types, APIGroup - is required. type: string kind: - description: Kind is the type of resource being referenced type: string name: - description: Name is the name of resource being referenced type: string required: - kind @@ -84,69 +62,34 @@ spec: type: object x-kubernetes-map-type: atomic retryLeft: - description: RetryLeft specifies number of retry attempts left for - the session. If this set to non-zero, KubeStash will create a new - BackupSession if the current one fails. format: int32 type: integer session: - description: Session specifies the name of the session that triggered - this backup type: string type: object status: - description: BackupSessionStatus defines the observed state of BackupSession properties: backupDeadline: - description: BackupDeadline specifies the deadline of backup. Backup - will be considered Failed if it does not complete within this deadline format: date-time type: string conditions: - description: Conditions represents list of conditions regarding this - BackupSession items: - description: Condition defines an observation of a object operational - state. properties: lastTransitionTime: - description: Last time the condition transitioned from one status - to another. This should be when the underlying condition changed. - If that is not known, then using the time when the API field - changed is acceptable. format: date-time type: string message: - description: A human-readable message indicating details about - the transition. This field may be empty. type: string observedGeneration: - description: If set, this represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.condition[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. format: int64 type: integer reason: - description: The reason for the condition's last transition - in CamelCase. The specific API may choose whether this field - is considered a guaranteed API. This field may not be empty. type: string severity: - description: Severity provides an explicit classification of - Reason code, so the users or machines can immediately understand - the current situation and act accordingly. The Severity field - MUST be set only when Status=False. type: string status: - description: Status of the condition, one of True, False, Unknown. type: string type: - description: Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources - like Available, but because arbitrary util can be useful (see - .node.status.util), the ability to deconflict is important. type: string required: - lastTransitionTime @@ -155,25 +98,15 @@ spec: type: object type: array duration: - description: Duration specifies the time required to complete the - backup process type: string hooks: - description: Hooks represents the hook execution status properties: postHooks: - description: PostHooks represents the post-restore hook execution - status items: - description: HookExecutionStatus represents the state of the - hook execution properties: name: - description: Name indicates the name of the hook whose status - is being shown here. type: string phase: - description: Phase represents the hook execution phase enum: - Succeeded - Failed @@ -182,18 +115,11 @@ spec: type: object type: array preHooks: - description: PreHooks represents the pre-restore hook execution - status items: - description: HookExecutionStatus represents the state of the - hook execution properties: name: - description: Name indicates the name of the hook whose status - is being shown here. type: string phase: - description: Phase represents the hook execution phase enum: - Succeeded - Failed @@ -203,13 +129,9 @@ spec: type: array type: object nextRetry: - description: NextRetry specifies the time when KubeStash should retry - the current failed backup. This field will exist only if the `retryConfig` - has been set in the respective backup invoker. format: date-time type: string phase: - description: Phase represents the current state of the backup process. enum: - Pending - Running @@ -218,76 +140,50 @@ spec: - Skipped type: string retentionPolicy: - description: RetentionPolices specifies whether the retention policies - were properly applied on the repositories or not items: - description: RetentionPolicyApplyStatus represents the state of - the applying retention policy properties: error: - description: Error represents the reason if the retention policy - applying fail type: string phase: - description: Phase specifies the state of retention policy apply - process enum: - Pending - Applied - FailedToApply type: string ref: - description: Ref points to the RetentionPolicy CR that is being - used to cleanup the old Snapshots for this session. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string required: - name type: object repository: - description: Repository specifies the name of the Repository - on which the RetentionPolicy has been applied. type: string type: object type: array retried: - description: Retried specifies whether this session was retried or - not. This field will exist only if the `retryConfig` has been set - in the respective backup invoker. type: boolean snapshots: - description: Snapshots specifies the Snapshots status items: - description: SnapshotStatus represents the current state of respective - the Snapshot properties: appRef: - description: AppRef points to the application that is being - backed up in this Snapshot properties: apiGroup: type: string kind: type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string required: - name type: object name: - description: Name indicates to the name of the Snapshot type: string phase: - description: Phase indicate the phase of the Snapshot enum: - Pending - Running @@ -295,36 +191,12 @@ spec: - Failed type: string repository: - description: Repository indicates the name of the Repository - where the Snapshot is being stored. type: string type: object type: array totalSnapshots: - description: TotalSnapshots specifies the total number of snapshots - created for this backupSession. format: int32 type: integer - verifications: - description: Verifications specifies the backup verification status - items: - description: VerificationStatus specifies the status of a backup - verification - properties: - name: - description: Name indicates the name of the respective verification - strategy - type: string - phase: - description: Phase represents the state of the verification - process - enum: - - Verified - - NotVerified - - VerificationFailed - type: string - type: object - type: array type: object type: object served: true diff --git a/vendor/kubestash.dev/apimachinery/crds/core.kubestash.com_backupverificationsession.yaml b/vendor/kubestash.dev/apimachinery/crds/core.kubestash.com_backupverificationsession.yaml new file mode 100644 index 00000000..0d3ce160 --- /dev/null +++ b/vendor/kubestash.dev/apimachinery/crds/core.kubestash.com_backupverificationsession.yaml @@ -0,0 +1,109 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/name: kubestash + name: backupverificationsession.core.kubestash.com +spec: + group: core.kubestash.com + names: + categories: + - kubestash + - appscode + - all + kind: BackupVerificationSession + listKind: BackupVerificationSessionList + plural: backupverificationsession + singular: backupverificationsession + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.phase + name: Phase + type: string + - jsonPath: .status.duration + name: Duration + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + invoker: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + repository: + type: string + retryLeft: + format: int32 + type: integer + session: + type: string + snapshot: + type: string + type: object + status: + properties: + conditions: + items: + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + observedGeneration: + format: int64 + type: integer + reason: + type: string + severity: + type: string + status: + type: string + type: + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + duration: + type: string + phase: + enum: + - Running + - Succeeded + - Failed + - Skipped + type: string + retried: + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/vendor/kubestash.dev/apimachinery/crds/core.kubestash.com_backupverifier.yaml b/vendor/kubestash.dev/apimachinery/crds/core.kubestash.com_backupverifier.yaml new file mode 100644 index 00000000..01b52ea4 --- /dev/null +++ b/vendor/kubestash.dev/apimachinery/crds/core.kubestash.com_backupverifier.yaml @@ -0,0 +1,9878 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/name: kubestash + name: backupverifier.core.kubestash.com +spec: + group: core.kubestash.com + names: + categories: + - kubestash + - appscode + - all + kind: BackupVerifier + listKind: BackupVerifierList + plural: backupverifier + singular: backupverifier + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + function: + type: string + query: + type: object + x-kubernetes-preserve-unknown-fields: true + restoreOption: + properties: + addonInfo: + properties: + containerRuntimeSettings: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + ionice: + properties: + class: + format: int32 + type: integer + classData: + format: int32 + type: integer + type: object + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + nice: + properties: + adjustment: + format: int32 + type: integer + type: object + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + capabilities: + properties: + add: + items: + type: string + type: array + x-kubernetes-list-type: atomic + drop: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + type: object + jobTemplate: + properties: + controller: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + args: + items: + type: string + type: array + containerSecurityContext: + properties: + allowPrivilegeEscalation: + type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + capabilities: + properties: + add: + items: + type: string + type: array + x-kubernetes-list-type: atomic + drop: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + dnsConfig: + properties: + nameservers: + items: + type: string + type: array + x-kubernetes-list-type: atomic + options: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + x-kubernetes-list-type: atomic + searches: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + dnsPolicy: + type: string + enableServiceLinks: + type: boolean + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + hostIPC: + type: boolean + hostNetwork: + type: boolean + hostPID: + type: boolean + imagePullSecrets: + items: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + type: array + initContainers: + items: + properties: + args: + items: + type: string + type: array + x-kubernetes-list-type: atomic + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + items: + properties: + configMapRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + restartPolicy: + type: string + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + capabilities: + properties: + add: + items: + type: string + type: array + x-kubernetes-list-type: atomic + drop: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: + type: string + required: + - name + type: object + type: array + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + nodeSelector: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: atomic + podPlacementPolicy: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + priority: + format: int32 + type: integer + priorityClassName: + type: string + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + runtimeClassName: + type: string + schedulerName: + type: string + securityContext: + properties: + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + serviceAccountName: + type: string + shareProcessNamespace: + type: boolean + terminationGracePeriodSeconds: + format: int64 + type: integer + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + topologySpreadConstraints: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + format: int32 + type: integer + minDomains: + format: int32 + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string + topologyKey: + type: string + whenUnsatisfiable: + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + type: string + kind: + type: string + readOnly: + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + x-kubernetes-list-type: atomic + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + properties: + volumeClaimTemplate: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + generateName: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + ownerReferences: + items: + properties: + apiVersion: + type: string + blockOwnerDeletion: + type: boolean + controller: + type: boolean + kind: + type: string + name: + type: string + uid: + type: string + required: + - apiVersion + - kind + - name + - uid + type: object + x-kubernetes-map-type: atomic + type: array + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + type: string + volumeAttributesClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + required: + - spec + type: object + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + x-kubernetes-list-type: atomic + wwids: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + x-kubernetes-list-type: atomic + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + x-kubernetes-list-type: atomic + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + tenant: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + type: string + monitors: + items: + type: string + type: array + x-kubernetes-list-type: atomic + pool: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + user: + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + type: object + type: object + name: + type: string + tasks: + items: + properties: + addonVolumes: + items: + properties: + name: + type: string + source: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + type: string + kind: + type: string + readOnly: + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + x-kubernetes-list-type: atomic + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + properties: + volumeClaimTemplate: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + generateName: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + ownerReferences: + items: + properties: + apiVersion: + type: string + blockOwnerDeletion: + type: boolean + controller: + type: boolean + kind: + type: string + name: + type: string + uid: + type: string + required: + - apiVersion + - kind + - name + - uid + type: object + x-kubernetes-map-type: atomic + type: array + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + type: string + volumeAttributesClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + required: + - spec + type: object + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + x-kubernetes-list-type: atomic + wwids: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + x-kubernetes-list-type: atomic + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + x-kubernetes-list-type: atomic + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + tenant: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + type: string + monitors: + items: + type: string + type: array + x-kubernetes-list-type: atomic + pool: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + user: + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + type: string + volumeNamespace: + type: string + type: object + volumeClaimTemplate: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + generateName: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + ownerReferences: + items: + properties: + apiVersion: + type: string + blockOwnerDeletion: + type: boolean + controller: + type: boolean + kind: + type: string + name: + type: string + uid: + type: string + required: + - apiVersion + - kind + - name + - uid + type: object + x-kubernetes-map-type: atomic + type: array + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + type: string + volumeAttributesClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + required: + - spec + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + type: object + type: object + type: array + name: + type: string + params: + type: object + x-kubernetes-preserve-unknown-fields: true + targetVolumes: + properties: + volumeClaimTemplates: + items: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + generateName: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + ownerReferences: + items: + properties: + apiVersion: + type: string + blockOwnerDeletion: + type: boolean + controller: + type: boolean + kind: + type: string + name: + type: string + uid: + type: string + required: + - apiVersion + - kind + - name + - uid + type: object + x-kubernetes-map-type: atomic + type: array + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + type: string + volumeAttributesClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + status: + properties: + accessModes: + items: + type: string + type: array + x-kubernetes-list-type: atomic + allocatedResourceStatuses: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular + allocatedResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + conditions: + items: + properties: + lastProbeTime: + format: date-time + type: string + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + required: + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + currentVolumeAttributesClassName: + type: string + modifyVolumeStatus: + properties: + status: + type: string + targetVolumeAttributesClassName: + type: string + required: + - status + type: object + phase: + type: string + type: object + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + type: string + kind: + type: string + readOnly: + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + x-kubernetes-list-type: atomic + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + properties: + volumeClaimTemplate: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + generateName: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + ownerReferences: + items: + properties: + apiVersion: + type: string + blockOwnerDeletion: + type: boolean + controller: + type: boolean + kind: + type: string + name: + type: string + uid: + type: string + required: + - apiVersion + - kind + - name + - uid + type: object + x-kubernetes-map-type: atomic + type: array + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + type: string + volumeAttributesClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + required: + - spec + type: object + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + x-kubernetes-list-type: atomic + wwids: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + x-kubernetes-list-type: atomic + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + x-kubernetes-list-type: atomic + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + tenant: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + type: string + monitors: + items: + type: string + type: array + x-kubernetes-list-type: atomic + pool: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + user: + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + type: object + variables: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + type: object + type: array + type: object + target: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - name + type: object + type: object + retryConfig: + properties: + delay: + type: string + maxRetry: + default: 1 + format: int32 + minimum: 1 + type: integer + type: object + runtimeSettings: + properties: + container: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + ionice: + properties: + class: + format: int32 + type: integer + classData: + format: int32 + type: integer + type: object + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + nice: + properties: + adjustment: + format: int32 + type: integer + type: object + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + capabilities: + properties: + add: + items: + type: string + type: array + x-kubernetes-list-type: atomic + drop: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + type: object + pod: + properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + automountServiceAccountToken: + type: boolean + enableServiceLinks: + type: boolean + imagePullSecrets: + items: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + type: array + nodeName: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + podAnnotations: + additionalProperties: + type: string + type: object + podLabels: + additionalProperties: + type: string + type: object + priority: + format: int32 + type: integer + priorityClassName: + type: string + readinessGates: + items: + properties: + conditionType: + type: string + required: + - conditionType + type: object + type: array + runtimeClassName: + type: string + schedulerName: + type: string + securityContext: + properties: + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + serviceAccountAnnotations: + additionalProperties: + type: string + type: object + serviceAccountName: + type: string + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + topologySpreadConstraints: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + format: int32 + type: integer + minDomains: + format: int32 + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string + topologyKey: + type: string + whenUnsatisfiable: + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + type: object + type: object + scheduler: + properties: + concurrencyPolicy: + type: string + failedJobsHistoryLimit: + format: int32 + type: integer + jobTemplate: + properties: + activeDeadlineSeconds: + format: int64 + type: integer + backoffLimit: + format: int32 + type: integer + completionMode: + type: string + completions: + format: int32 + type: integer + parallelism: + format: int32 + type: integer + suspend: + type: boolean + template: + properties: + controller: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + args: + items: + type: string + type: array + containerSecurityContext: + properties: + allowPrivilegeEscalation: + type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + capabilities: + properties: + add: + items: + type: string + type: array + x-kubernetes-list-type: atomic + drop: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + dnsConfig: + properties: + nameservers: + items: + type: string + type: array + x-kubernetes-list-type: atomic + options: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + x-kubernetes-list-type: atomic + searches: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + dnsPolicy: + type: string + enableServiceLinks: + type: boolean + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + hostIPC: + type: boolean + hostNetwork: + type: boolean + hostPID: + type: boolean + imagePullSecrets: + items: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + type: array + initContainers: + items: + properties: + args: + items: + type: string + type: array + x-kubernetes-list-type: atomic + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + items: + properties: + configMapRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + restartPolicy: + type: string + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + capabilities: + properties: + add: + items: + type: string + type: array + x-kubernetes-list-type: atomic + drop: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: + type: string + required: + - name + type: object + type: array + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + nodeSelector: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: atomic + podPlacementPolicy: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + priority: + format: int32 + type: integer + priorityClassName: + type: string + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + runtimeClassName: + type: string + schedulerName: + type: string + securityContext: + properties: + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + serviceAccountName: + type: string + shareProcessNamespace: + type: boolean + terminationGracePeriodSeconds: + format: int64 + type: integer + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + topologySpreadConstraints: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + format: int32 + type: integer + minDomains: + format: int32 + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string + topologyKey: + type: string + whenUnsatisfiable: + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + type: string + kind: + type: string + readOnly: + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + x-kubernetes-list-type: atomic + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + properties: + volumeClaimTemplate: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + generateName: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + ownerReferences: + items: + properties: + apiVersion: + type: string + blockOwnerDeletion: + type: boolean + controller: + type: boolean + kind: + type: string + name: + type: string + uid: + type: string + required: + - apiVersion + - kind + - name + - uid + type: object + x-kubernetes-map-type: atomic + type: array + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + type: string + volumeAttributesClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + required: + - spec + type: object + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + x-kubernetes-list-type: atomic + wwids: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + x-kubernetes-list-type: atomic + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + x-kubernetes-list-type: atomic + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + tenant: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + type: string + monitors: + items: + type: string + type: array + x-kubernetes-list-type: atomic + pool: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + user: + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + type: object + type: object + ttlSecondsAfterFinished: + format: int32 + type: integer + type: object + schedule: + type: string + startingDeadlineSeconds: + format: int64 + type: integer + successfulJobsHistoryLimit: + format: int32 + type: integer + suspend: + type: boolean + required: + - jobTemplate + - schedule + type: object + script: + properties: + args: + items: + type: string + type: array + location: + type: string + type: object + sessionHistoryLimit: + default: 1 + format: int32 + type: integer + type: + enum: + - RestoreOnly + - Query + - Script + type: string + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + type: string + kind: + type: string + readOnly: + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + x-kubernetes-list-type: atomic + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + properties: + volumeClaimTemplate: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + generateName: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + ownerReferences: + items: + properties: + apiVersion: + type: string + blockOwnerDeletion: + type: boolean + controller: + type: boolean + kind: + type: string + name: + type: string + uid: + type: string + required: + - apiVersion + - kind + - name + - uid + type: object + x-kubernetes-map-type: atomic + type: array + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + type: string + volumeAttributesClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + required: + - spec + type: object + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + x-kubernetes-list-type: atomic + wwids: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + x-kubernetes-list-type: atomic + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + x-kubernetes-list-type: atomic + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + tenant: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + type: string + monitors: + items: + type: string + type: array + x-kubernetes-list-type: atomic + pool: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + user: + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: {} diff --git a/vendor/kubestash.dev/apimachinery/crds/core.kubestash.com_hooktemplates.yaml b/vendor/kubestash.dev/apimachinery/crds/core.kubestash.com_hooktemplates.yaml index 48a200fc..c3dd197e 100644 --- a/vendor/kubestash.dev/apimachinery/crds/core.kubestash.com_hooktemplates.yaml +++ b/vendor/kubestash.dev/apimachinery/crds/core.kubestash.com_hooktemplates.yaml @@ -31,78 +31,37 @@ spec: name: v1alpha1 schema: openAPIV3Schema: - description: HookTemplate defines a template for some action that will be - executed before or/and after backup/restore process. For example, there - could be a HookTemplate that pause an application before backup and another - HookTemplate that resume the application after backup. This is a namespaced - CRD. However, you can use it from other namespaces. You can control which - namespaces are allowed to use it using the `usagePolicy` section. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: HookTemplateSpec defines the template for the operation that - will be performed by this hook properties: action: - description: 'Action specifies the operation that is performed by - this HookTemplate Valid values are: - "exec": Execute command in - a shell - "httpGet": Do an HTTP GET request - "httpPost": Do an - HTTP POST request - "tcpSocket": Check if a TCP socket open or not' properties: containerName: - description: ContainerName specifies the name of the container - where to execute the commands for Exec probe or where to find - the port for HTTP or TCP probe type: string exec: - description: One and only one of the following should be specified. - Exec specifies the action to take. properties: command: - description: Command is the command line to execute inside - the container, the working directory for the command is - root ('/') in the container's filesystem. The command is - simply exec'd, it is not run inside a shell, so traditional - shell instructions ('|', etc) won't work. To use a shell, - you need to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the http Get request to perform. properties: host: - description: Host name to connect to, defaults to the pod - IP. You probably want to set "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP allows - repeated headers. items: - description: HTTPHeader describes a custom header to be - used in HTTP probes properties: name: - description: The header field name. This will be canonicalized - upon output, so case-variant names will be understood - as the same header. type: string value: - description: The header field value type: string required: - name @@ -111,31 +70,22 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port to access on the container. - Number must be in the range 1 to 65535. Name must be an - IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. Defaults - to HTTP. type: string required: - port type: object httpPost: - description: HTTPPost specifies the http Post request to perform. properties: body: - description: Body to set in the request. type: string form: - description: Form to set in the request body. items: properties: key: @@ -147,23 +97,13 @@ spec: type: object type: array host: - description: Host name to connect to, defaults to the pod - IP. You probably want to set "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP allows - repeated headers. items: - description: HTTPHeader describes a custom header to be - used in HTTP probes properties: name: - description: The header field name. This will be canonicalized - upon output, so case-variant names will be understood - as the same header. type: string value: - description: The header field value type: string required: - name @@ -171,173 +111,90 @@ spec: type: object type: array path: - description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port to access on the container. - Number must be in the range 1 to 65535. Name must be an - IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. Defaults - to HTTP. type: string required: - port type: object tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. - TCP hooks not yet supported TODO: implement a realistic TCP - lifecycle hook' properties: host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on the container. - Number must be in the range 1 to 65535. Name must be an - IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object executor: - description: Executor specifies the entity where the hook will be - executed. properties: function: - description: Function specifies the function information which - will be used to create the hook executor job. properties: env: - description: EnvVariables specifies a list of environment - variables that will be passed to the executor container items: - description: EnvVar represents an environment variable present - in a Container. properties: name: - description: Name of the environment variable. Must - be a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) are expanded - using the previously defined environment variables - in the container and any service environment variables. - If a variable cannot be resolved, the reference in - the input string will be unchanged. Double $$ are - reduced to a single $, which allows for escaping the - $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce - the string literal "$(VAR_NAME)". Escaped references - will never be expanded, regardless of whether the - variable exists or not. Defaults to "".' type: string valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. properties: configMapKeyRef: - description: Selects a key of a ConfigMap. properties: key: - description: The key to select. type: string name: default: "" - description: 'Name of the referent. This field - is effectively required, but due to backwards - compatibility is allowed to be empty. Instances - of this type with an empty value here are - almost certainly wrong. TODO: Add other useful - fields. apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the ConfigMap or - its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of the pod: supports - metadata.name, metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs.' properties: apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". type: string fieldPath: - description: Path of the field to select in - the specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' properties: containerName: - description: 'Container name: required for volumes, - optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output format of - the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to select' type: string required: - resource type: object x-kubernetes-map-type: atomic secretKeyRef: - description: Selects a key of a secret in the pod's - namespace properties: key: - description: The key of the secret to select - from. Must be a valid secret key. type: string name: default: "" - description: 'Name of the referent. This field - is effectively required, but due to backwards - compatibility is allowed to be empty. Instances - of this type with an empty value here are - almost certainly wrong. TODO: Add other useful - fields. apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the Secret or its - key must be defined type: boolean required: - key @@ -349,64 +206,23 @@ spec: type: object type: array name: - description: Name indicate the name of the Function that contains - the container definition for executing the hook logic type: string volumeMounts: - description: VolumeMounts specifies the volumes mounts for - the executor container items: - description: VolumeMount describes a mounting of a Volume - within a container. properties: mountPath: - description: Path within the container at which the - volume should be mounted. Must not contain ':'. type: string mountPropagation: - description: mountPropagation determines how mounts - are propagated from the host to container and the - other way around. When not set, MountPropagationNone - is used. This field is beta in 1.10. When RecursiveReadOnly - is set to IfPossible or to Enabled, MountPropagation - must be None or unspecified (which defaults to None). type: string name: - description: This must match the Name of a Volume. type: string readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. type: boolean recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only - mounts should be handled recursively. \n If ReadOnly - is false, this field has no meaning and must be unspecified. - \n If ReadOnly is true, and this field is set to Disabled, - the mount is not made recursively read-only. If this - field is set to IfPossible, the mount is made recursively - read-only, if it is supported by the container runtime. - \ If this field is set to Enabled, the mount is made - recursively read-only if it is supported by the container - runtime, otherwise the pod will not be started and - an error will be generated to indicate the reason. - \n If this field is set to IfPossible or Enabled, - MountPropagation must be set to None (or be unspecified, - which defaults to None). \n If this field is not specified, - it is treated as an equivalent of Disabled." type: string subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's - root). type: string subPathExpr: - description: Expanded path within the volume from which - the container's volume should be mounted. Behaves - similarly to SubPath but environment variable references - $(VAR_NAME) are expanded using the container's environment. - Defaults to "" (volume's root). SubPathExpr and SubPath - are mutually exclusive. type: string required: - mountPath @@ -414,256 +230,109 @@ spec: type: object type: array volumes: - description: Volumes specifies the volumes that will be mounted - in the executor container items: - description: Volume represents a named volume in a pod that - may be accessed by any container in the pod. properties: awsElasticBlockStore: - description: 'awsElasticBlockStore represents an AWS - Disk resource that is attached to a kubelet''s host - machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' properties: fsType: - description: 'fsType is the filesystem type of the - volume that you want to mount. Tip: Ensure that - the filesystem type is supported by the host operating - system. Examples: "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. More info: - https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem - from compromising the machine' type: string partition: - description: 'partition is the partition in the - volume that you want to mount. If omitted, the - default is to mount by volume name. Examples: - For volume /dev/sda1, you specify the partition - as "1". Similarly, the volume partition for /dev/sda - is "0" (or you can leave the property empty).' format: int32 type: integer readOnly: - description: 'readOnly value true will force the - readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: boolean volumeID: - description: 'volumeID is unique ID of the persistent - disk resource in AWS (Amazon EBS volume). More - info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: string required: - volumeID type: object azureDisk: - description: azureDisk represents an Azure Data Disk - mount on the host and bind mount to the pod. properties: cachingMode: - description: 'cachingMode is the Host Caching mode: - None, Read Only, Read Write.' type: string diskName: - description: diskName is the Name of the data disk - in the blob storage type: string diskURI: - description: diskURI is the URI of data disk in - the blob storage type: string fsType: - description: fsType is Filesystem type to mount. - Must be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. type: string kind: - description: 'kind expected values are Shared: multiple - blob disks per storage account Dedicated: single - blob disk per storage account Managed: azure - managed data disk (only in managed availability - set). defaults to shared' type: string readOnly: - description: readOnly Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting - in VolumeMounts. type: boolean required: - diskName - diskURI type: object azureFile: - description: azureFile represents an Azure File Service - mount on the host and bind mount to the pod. properties: readOnly: - description: readOnly defaults to false (read/write). - ReadOnly here will force the ReadOnly setting - in VolumeMounts. type: boolean secretName: - description: secretName is the name of secret that - contains Azure Storage Account Name and Key type: string shareName: - description: shareName is the azure share Name type: string required: - secretName - shareName type: object cephfs: - description: cephFS represents a Ceph FS mount on the - host that shares a pod's lifetime properties: monitors: - description: 'monitors is Required: Monitors is - a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' items: type: string type: array x-kubernetes-list-type: atomic path: - description: 'path is Optional: Used as the mounted - root, rather than the full Ceph tree, default - is /' type: string readOnly: - description: 'readOnly is Optional: Defaults to - false (read/write). ReadOnly here will force the - ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: boolean secretFile: - description: 'secretFile is Optional: SecretFile - is the path to key ring for User, default is /etc/ceph/user.secret - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string secretRef: - description: 'secretRef is Optional: SecretRef is - reference to the authentication secret for User, - default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' properties: name: default: "" - description: 'Name of the referent. This field - is effectively required, but due to backwards - compatibility is allowed to be empty. Instances - of this type with an empty value here are - almost certainly wrong. TODO: Add other useful - fields. apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is optional: User is the rados - user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string required: - monitors type: object cinder: - description: 'cinder represents a cinder volume attached - and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' properties: fsType: - description: 'fsType is the filesystem type to mount. - Must be a filesystem type supported by the host - operating system. Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string readOnly: - description: 'readOnly defaults to false (read/write). - ReadOnly here will force the ReadOnly setting - in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: boolean secretRef: - description: 'secretRef is optional: points to a - secret object containing parameters used to connect - to OpenStack.' properties: name: default: "" - description: 'Name of the referent. This field - is effectively required, but due to backwards - compatibility is allowed to be empty. Instances - of this type with an empty value here are - almost certainly wrong. TODO: Add other useful - fields. apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic volumeID: - description: 'volumeID used to identify the volume - in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string required: - volumeID type: object configMap: - description: configMap represents a configMap that should - populate this volume properties: defaultMode: - description: 'defaultMode is optional: mode bits - used to set permissions on created files by default. - Must be an octal value between 0000 and 0777 or - a decimal value between 0 and 511. YAML accepts - both octal and decimal values, JSON requires decimal - values for mode bits. Defaults to 0644. Directories - within the path are not affected by this setting. - This might be in conflict with other options that - affect the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer items: - description: items if unspecified, each key-value - pair in the Data field of the referenced ConfigMap - will be projected into the volume as a file whose - name is the key and content is the value. If specified, - the listed keys will be projected into the specified - paths, and unlisted keys will not be present. - If a key is specified which is not present in - the ConfigMap, the volume setup will error unless - it is marked optional. Paths must be relative - and may not contain the '..' path or start with - '..'. items: - description: Maps a string key to a path within - a volume. properties: key: - description: key is the key to project. type: string mode: - description: 'mode is Optional: mode bits - used to set permissions on this file. Must - be an octal value between 0000 and 0777 - or a decimal value between 0 and 511. YAML - accepts both octal and decimal values, JSON - requires decimal values for mode bits. If - not specified, the volume defaultMode will - be used. This might be in conflict with - other options that affect the file mode, - like fsGroup, and the result can be other - mode bits set.' format: int32 type: integer path: - description: path is the relative path of - the file to map the key to. May not be an - absolute path. May not contain the path - element '..'. May not start with the string - '..'. type: string required: - key @@ -673,161 +342,67 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of the referent. This field is - effectively required, but due to backwards compatibility - is allowed to be empty. Instances of this type - with an empty value here are almost certainly - wrong. TODO: Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional specify whether the ConfigMap - or its keys must be defined type: boolean type: object x-kubernetes-map-type: atomic csi: - description: csi (Container Storage Interface) represents - ephemeral storage that is handled by certain external - CSI drivers (Beta feature). properties: driver: - description: driver is the name of the CSI driver - that handles this volume. Consult with your admin - for the correct name as registered in the cluster. type: string fsType: - description: fsType to mount. Ex. "ext4", "xfs", - "ntfs". If not provided, the empty value is passed - to the associated CSI driver which will determine - the default filesystem to apply. type: string nodePublishSecretRef: - description: nodePublishSecretRef is a reference - to the secret object containing sensitive information - to pass to the CSI driver to complete the CSI - NodePublishVolume and NodeUnpublishVolume calls. - This field is optional, and may be empty if no - secret is required. If the secret object contains - more than one secret, all secret references are - passed. properties: name: default: "" - description: 'Name of the referent. This field - is effectively required, but due to backwards - compatibility is allowed to be empty. Instances - of this type with an empty value here are - almost certainly wrong. TODO: Add other useful - fields. apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic readOnly: - description: readOnly specifies a read-only configuration - for the volume. Defaults to false (read/write). type: boolean volumeAttributes: additionalProperties: type: string - description: volumeAttributes stores driver-specific - properties that are passed to the CSI driver. - Consult your driver's documentation for supported - values. type: object required: - driver type: object downwardAPI: - description: downwardAPI represents downward API about - the pod that should populate this volume properties: defaultMode: - description: 'Optional: mode bits to use on created - files by default. Must be a Optional: mode bits - used to set permissions on created files by default. - Must be an octal value between 0000 and 0777 or - a decimal value between 0 and 511. YAML accepts - both octal and decimal values, JSON requires decimal - values for mode bits. Defaults to 0644. Directories - within the path are not affected by this setting. - This might be in conflict with other options that - affect the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer items: - description: Items is a list of downward API volume - file items: - description: DownwardAPIVolumeFile represents - information to create the file containing the - pod field properties: fieldRef: - description: 'Required: Selects a field of - the pod: only annotations, labels, name, - namespace and uid are supported.' properties: apiVersion: - description: Version of the schema the - FieldPath is written in terms of, defaults - to "v1". type: string fieldPath: - description: Path of the field to select - in the specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: mode bits used to - set permissions on this file, must be an - octal value between 0000 and 0777 or a decimal - value between 0 and 511. YAML accepts both - octal and decimal values, JSON requires - decimal values for mode bits. If not specified, - the volume defaultMode will be used. This - might be in conflict with other options - that affect the file mode, like fsGroup, - and the result can be other mode bits set.' format: int32 type: integer path: - description: 'Required: Path is the relative - path name of the file to be created. Must - not be absolute or contain the ''..'' path. - Must be utf-8 encoded. The first item of - the relative path must not start with ''..''' type: string resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, requests.cpu and requests.memory) - are currently supported.' properties: containerName: - description: 'Container name: required - for volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output format - of the exposed resources, defaults to - "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to select' type: string required: - resource @@ -840,195 +415,50 @@ spec: x-kubernetes-list-type: atomic type: object emptyDir: - description: 'emptyDir represents a temporary directory - that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' properties: medium: - description: 'medium represents what type of storage - medium should back this directory. The default - is "" which means to use the node''s default medium. - Must be an empty string (default) or Memory. More - info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: anyOf: - type: integer - type: string - description: 'sizeLimit is the total amount of local - storage required for this EmptyDir volume. The - size limit is also applicable for memory medium. - The maximum usage on memory medium EmptyDir would - be the minimum value between the SizeLimit specified - here and the sum of memory limits of all containers - in a pod. The default is nil which means that - the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object ephemeral: - description: "ephemeral represents a volume that is - handled by a cluster storage driver. The volume's - lifecycle is tied to the pod that defines it - it - will be created before the pod starts, and deleted - when the pod is removed. \n Use this if: a) the volume - is only needed while the pod runs, b) features of - normal volumes like restoring from snapshot or capacity - tracking are needed, c) the storage driver is specified - through a storage class, and d) the storage driver - supports dynamic volume provisioning through a PersistentVolumeClaim - (see EphemeralVolumeSource for more information on - the connection between this volume type and PersistentVolumeClaim). - \n Use PersistentVolumeClaim or one of the vendor-specific - APIs for volumes that persist for longer than the - lifecycle of an individual pod. \n Use CSI for light-weight - local ephemeral volumes if the CSI driver is meant - to be used that way - see the documentation of the - driver for more information. \n A pod can use both - types of ephemeral volumes and persistent volumes - at the same time." properties: volumeClaimTemplate: - description: "Will be used to create a stand-alone - PVC to provision the volume. The pod in which - this EphemeralVolumeSource is embedded will be - the owner of the PVC, i.e. the PVC will be deleted - together with the pod. The name of the PVC will - be `-` where `` - is the name from the `PodSpec.Volumes` array entry. - Pod validation will reject the pod if the concatenated - name is not valid for a PVC (for example, too - long). \n An existing PVC with that name that - is not owned by the pod will *not* be used for - the pod to avoid using an unrelated volume by - mistake. Starting the pod is then blocked until - the unrelated PVC is removed. If such a pre-created - PVC is meant to be used by the pod, the PVC has - to updated with an owner reference to the pod - once the pod exists. Normally this should not - be necessary, but it may be useful when manually - reconstructing a broken cluster. \n This field - is read-only and no changes will be made by Kubernetes - to the PVC after it has been created. \n Required, - must not be nil." properties: metadata: - description: May contain labels and annotations - that will be copied into the PVC when creating - it. No other fields are allowed and will be - rejected during validation. properties: annotations: additionalProperties: type: string - description: 'Annotations is an unstructured - key value map stored with a resource that - may be set by external tools to store - and retrieve arbitrary metadata. They - are not queryable and should be preserved - when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' type: object generateName: - description: "GenerateName is an optional - prefix, used by the server, to generate - a unique name ONLY IF the Name field has - not been provided. If this field is used, - the name returned to the client will be - different than the name passed. This value - will also be combined with a unique suffix. - The provided value has the same validation - rules as the Name field, and may be truncated - by the length of the suffix required to - make the value unique on the server. \n - If this field is specified and the generated - name exists, the server will NOT return - a 409 - instead, it will either return - 201 Created or 500 with Reason ServerTimeout - indicating a unique name could not be - found in the time allotted, and the client - should retry (optionally after the time - indicated in the Retry-After header). - \n Applied only if Name is not specified. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" type: string labels: additionalProperties: type: string - description: 'Map of string keys and values - that can be used to organize and categorize - (scope and select) objects. May match - selectors of replication controllers and - services. More info: http://kubernetes.io/docs/user-guide/labels' type: object name: - description: 'Name must be unique within - a namespace. Is required when creating - resources, although some resources may - allow a client to request the generation - of an appropriate name automatically. - Name is primarily intended for creation - idempotence and configuration definition. - Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' type: string namespace: - description: "Namespace defines the space - within each name must be unique. An empty - namespace is equivalent to the \"default\" - namespace, but \"default\" is the canonical - representation. Not all objects are required - to be scoped to a namespace - the value - of this field for those objects will be - empty. \n Must be a DNS_LABEL. Cannot - be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" type: string ownerReferences: - description: List of objects depended by - this object. If ALL objects in the list - have been deleted, this object will be - garbage collected. If this object is managed - by a controller, then an entry in this - list will point to this controller, with - the controller field set to true. There - cannot be more than one managing controller. items: - description: OwnerReference contains enough - information to let you identify an owning - object. An owning object must be in - the same namespace as the dependent, - or be cluster-scoped, so there is no - namespace field. properties: apiVersion: - description: API version of the referent. type: string blockOwnerDeletion: - description: If true, AND if the owner - has the "foregroundDeletion" finalizer, - then the owner cannot be deleted - from the key-value store until this - reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion - for how the garbage collector interacts - with this field and enforces the - foreground deletion. Defaults to - false. To set this field, a user - needs "delete" permission of the - owner, otherwise 422 (Unprocessable - Entity) will be returned. type: boolean controller: - description: If true, this reference - points to the managing controller. type: boolean kind: - description: 'Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: - description: 'UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -1040,52 +470,19 @@ spec: type: array type: object spec: - description: The specification for the PersistentVolumeClaim. - The entire content is copied unchanged into - the PVC that gets created from this template. - The same fields as in a PersistentVolumeClaim - are also valid here. properties: accessModes: - description: 'accessModes contains the desired - access modes the volume should have. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array x-kubernetes-list-type: atomic dataSource: - description: 'dataSource field can be used - to specify either: * An existing VolumeSnapshot - object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an external controller - can support the specified data source, - it will create a new volume based on the - contents of the specified data source. - When the AnyVolumeDataSource feature gate - is enabled, dataSource contents will be - copied to dataSourceRef, and dataSourceRef - contents will be copied to dataSource - when dataSourceRef.namespace is not specified. - If the namespace is specified, then dataSourceRef - will not be copied to dataSource.' properties: apiGroup: - description: APIGroup is the group for - the resource being referenced. If - APIGroup is not specified, the specified - Kind must be in the core API group. - For any other third-party types, APIGroup - is required. type: string kind: - description: Kind is the type of resource - being referenced type: string name: - description: Name is the name of resource - being referenced type: string required: - kind @@ -1093,85 +490,20 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef specifies the - object from which to populate the volume - with data, if a non-empty volume is desired. - This may be any object from a non-empty - API group (non core object) or a PersistentVolumeClaim - object. When this field is specified, - volume binding will only succeed if the - type of the specified object matches some - installed volume populator or dynamic - provisioner. This field will replace the - functionality of the dataSource field - and as such if both fields are non-empty, - they must have the same value. For backwards - compatibility, when namespace isn''t specified - in dataSourceRef, both fields (dataSource - and dataSourceRef) will be set to the - same value automatically if one of them - is empty and the other is non-empty. When - namespace is specified in dataSourceRef, - dataSource isn''t set to the same value - and must be empty. There are three important - differences between dataSource and dataSourceRef: - * While dataSource only allows two specific - types of objects, dataSourceRef allows - any non-core object, as well as PersistentVolumeClaim - objects. * While dataSource ignores disallowed - values (dropping them), dataSourceRef - preserves all values, and generates an - error if a disallowed value is specified. - * While dataSource only allows local objects, - dataSourceRef allows objects in any namespaces. - (Beta) Using this field requires the AnyVolumeDataSource - feature gate to be enabled. (Alpha) Using - the namespace field of dataSourceRef requires - the CrossNamespaceVolumeDataSource feature - gate to be enabled.' properties: apiGroup: - description: APIGroup is the group for - the resource being referenced. If - APIGroup is not specified, the specified - Kind must be in the core API group. - For any other third-party types, APIGroup - is required. type: string kind: - description: Kind is the type of resource - being referenced type: string name: - description: Name is the name of resource - being referenced type: string namespace: - description: Namespace is the namespace - of resource being referenced Note - that when a namespace is specified, - a gateway.networking.k8s.io/ReferenceGrant - object is required in the referent - namespace to allow that namespace's - owner to accept the reference. See - the ReferenceGrant documentation for - details. (Alpha) This field requires - the CrossNamespaceVolumeDataSource - feature gate to be enabled. type: string required: - kind - name type: object resources: - description: 'resources represents the minimum - resources the volume should have. If RecoverVolumeExpansionFailure - feature is enabled users are allowed to - specify resource requirements that are - lower than previous value but must still - be higher than capacity recorded in the - status field of the claim. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: @@ -1180,9 +512,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum - amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -1191,50 +520,18 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the - minimum amount of compute resources - required. If Requests is omitted for - a container, it defaults to Limits - if that is explicitly specified, otherwise - to an implementation-defined value. - Requests cannot exceed Limits. More - info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: - description: selector is a label query over - volumes to consider for binding. properties: matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. properties: key: - description: key is the label - key that the selector applies - to. type: string operator: - description: operator represents - a key's relationship to a set - of values. Valid operators are - In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array - of string values. If the operator - is In or NotIn, the values array - must be non-empty. If the operator - is Exists or DoesNotExist, the - values array must be empty. - This array is replaced during - a strategic merge patch. items: type: string type: array @@ -1248,57 +545,16 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of - {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are - ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName is the name - of the StorageClass required by the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeAttributesClassName: - description: 'volumeAttributesClassName - may be used to set the VolumeAttributesClass - used by this claim. If specified, the - CSI driver will create or update the volume - with the attributes defined in the corresponding - VolumeAttributesClass. This has a different - purpose than storageClassName, it can - be changed after the claim is created. - An empty string value means that no VolumeAttributesClass - will be applied to the claim but it''s - not allowed to reset this field to empty - string once it is set. If unspecified - and the PersistentVolumeClaim is unbound, - the default VolumeAttributesClass will - be set by the persistentvolume controller - if it exists. If the resource referred - to by volumeAttributesClass does not exist, - this PersistentVolumeClaim will be set - to a Pending state, as reflected by the - modifyVolumeStatus field, until such as - a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires the - VolumeAttributesClass feature gate to - be enabled.' type: string volumeMode: - description: volumeMode defines what type - of volume is required by the claim. Value - of Filesystem is implied when not included - in claim spec. type: string volumeName: - description: volumeName is the binding reference - to the PersistentVolume backing this claim. type: string type: object required: @@ -1306,89 +562,41 @@ spec: type: object type: object fc: - description: fc represents a Fibre Channel resource - that is attached to a kubelet's host machine and then - exposed to the pod. properties: fsType: - description: 'fsType is the filesystem type to mount. - Must be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. TODO: how - do we prevent errors in the filesystem from compromising - the machine' type: string lun: - description: 'lun is Optional: FC target lun number' format: int32 type: integer readOnly: - description: 'readOnly is Optional: Defaults to - false (read/write). ReadOnly here will force the - ReadOnly setting in VolumeMounts.' type: boolean targetWWNs: - description: 'targetWWNs is Optional: FC target - worldwide names (WWNs)' items: type: string type: array x-kubernetes-list-type: atomic wwids: - description: 'wwids Optional: FC volume world wide - identifiers (wwids) Either wwids or combination - of targetWWNs and lun must be set, but not both - simultaneously.' items: type: string type: array x-kubernetes-list-type: atomic type: object flexVolume: - description: flexVolume represents a generic volume - resource that is provisioned/attached using an exec - based plugin. properties: driver: - description: driver is the name of the driver to - use for this volume. type: string fsType: - description: fsType is the filesystem type to mount. - Must be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs", "ntfs". The - default filesystem depends on FlexVolume script. type: string options: additionalProperties: type: string - description: 'options is Optional: this field holds - extra command options if any.' type: object readOnly: - description: 'readOnly is Optional: defaults to - false (read/write). ReadOnly here will force the - ReadOnly setting in VolumeMounts.' type: boolean secretRef: - description: 'secretRef is Optional: secretRef is - reference to the secret object containing sensitive - information to pass to the plugin scripts. This - may be empty if no secret object is specified. - If the secret object contains more than one secret, - all secrets are passed to the plugin scripts.' properties: name: default: "" - description: 'Name of the referent. This field - is effectively required, but due to backwards - compatibility is allowed to be empty. Instances - of this type with an empty value here are - almost certainly wrong. TODO: Add other useful - fields. apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic @@ -1396,179 +604,79 @@ spec: - driver type: object flocker: - description: flocker represents a Flocker volume attached - to a kubelet's host machine. This depends on the Flocker - control service being running properties: datasetName: - description: datasetName is Name of the dataset - stored as metadata -> name on the dataset for - Flocker should be considered as deprecated type: string datasetUUID: - description: datasetUUID is the UUID of the dataset. - This is unique identifier of a Flocker dataset type: string type: object gcePersistentDisk: - description: 'gcePersistentDisk represents a GCE Disk - resource that is attached to a kubelet''s host machine - and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' properties: fsType: - description: 'fsType is filesystem type of the volume - that you want to mount. Tip: Ensure that the filesystem - type is supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly inferred - to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem - from compromising the machine' type: string partition: - description: 'partition is the partition in the - volume that you want to mount. If omitted, the - default is to mount by volume name. Examples: - For volume /dev/sda1, you specify the partition - as "1". Similarly, the volume partition for /dev/sda - is "0" (or you can leave the property empty). - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' format: int32 type: integer pdName: - description: 'pdName is unique name of the PD resource - in GCE. Used to identify the disk in GCE. More - info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: string readOnly: - description: 'readOnly here will force the ReadOnly - setting in VolumeMounts. Defaults to false. More - info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: boolean required: - pdName type: object glusterfs: - description: 'glusterfs represents a Glusterfs mount - on the host that shares a pod''s lifetime. More info: - https://examples.k8s.io/volumes/glusterfs/README.md' properties: endpoints: - description: 'endpoints is the endpoint name that - details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string path: - description: 'path is the Glusterfs volume path. - More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string readOnly: - description: 'readOnly here will force the Glusterfs - volume to be mounted with read-only permissions. - Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: boolean required: - endpoints - path type: object hostPath: - description: 'hostPath represents a pre-existing file - or directory on the host machine that is directly - exposed to the container. This is generally used for - system agents or other privileged things that are - allowed to see the host machine. Most containers will - NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict who can use - host directory mounts and who can/can not mount host - directories as read/write.' properties: path: - description: 'path of the directory on the host. - If the path is a symlink, it will follow the link - to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string type: - description: 'type for HostPath Volume Defaults - to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string required: - path type: object iscsi: - description: 'iscsi represents an ISCSI Disk resource - that is attached to a kubelet''s host machine and - then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' properties: chapAuthDiscovery: - description: chapAuthDiscovery defines whether support - iSCSI Discovery CHAP authentication type: boolean chapAuthSession: - description: chapAuthSession defines whether support - iSCSI Session CHAP authentication type: boolean fsType: - description: 'fsType is the filesystem type of the - volume that you want to mount. Tip: Ensure that - the filesystem type is supported by the host operating - system. Examples: "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. More info: - https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem - from compromising the machine' type: string initiatorName: - description: initiatorName is the custom iSCSI Initiator - Name. If initiatorName is specified with iscsiInterface - simultaneously, new iSCSI interface : will be created for the connection. type: string iqn: - description: iqn is the target iSCSI Qualified Name. type: string iscsiInterface: - description: iscsiInterface is the interface Name - that uses an iSCSI transport. Defaults to 'default' - (tcp). type: string lun: - description: lun represents iSCSI Target Lun number. format: int32 type: integer portals: - description: portals is the iSCSI Target Portal - List. The portal is either an IP or ip_addr:port - if the port is other than default (typically TCP - ports 860 and 3260). items: type: string type: array x-kubernetes-list-type: atomic readOnly: - description: readOnly here will force the ReadOnly - setting in VolumeMounts. Defaults to false. type: boolean secretRef: - description: secretRef is the CHAP Secret for iSCSI - target and initiator authentication properties: name: default: "" - description: 'Name of the referent. This field - is effectively required, but due to backwards - compatibility is allowed to be empty. Instances - of this type with an empty value here are - almost certainly wrong. TODO: Add other useful - fields. apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic targetPortal: - description: targetPortal is iSCSI Target Portal. - The Portal is either an IP or ip_addr:port if - the port is other than default (typically TCP - ports 860 and 3260). type: string required: - iqn @@ -1576,167 +684,68 @@ spec: - targetPortal type: object name: - description: 'name of the volume. Must be a DNS_LABEL - and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string nfs: - description: 'nfs represents an NFS mount on the host - that shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' properties: path: - description: 'path that is exported by the NFS server. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string readOnly: - description: 'readOnly here will force the NFS export - to be mounted with read-only permissions. Defaults - to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: boolean server: - description: 'server is the hostname or IP address - of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string required: - path - server type: object persistentVolumeClaim: - description: 'persistentVolumeClaimVolumeSource represents - a reference to a PersistentVolumeClaim in the same - namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: claimName: - description: 'claimName is the name of a PersistentVolumeClaim - in the same namespace as the pod using this volume. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' type: string readOnly: - description: readOnly Will force the ReadOnly setting - in VolumeMounts. Default false. type: boolean required: - claimName type: object photonPersistentDisk: - description: photonPersistentDisk represents a PhotonController - persistent disk attached and mounted on kubelets host - machine properties: fsType: - description: fsType is the filesystem type to mount. - Must be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. type: string pdID: - description: pdID is the ID that identifies Photon - Controller persistent disk type: string required: - pdID type: object portworxVolume: - description: portworxVolume represents a portworx volume - attached and mounted on kubelets host machine properties: fsType: - description: fSType represents the filesystem type - to mount Must be a filesystem type supported by - the host operating system. Ex. "ext4", "xfs". - Implicitly inferred to be "ext4" if unspecified. type: string readOnly: - description: readOnly defaults to false (read/write). - ReadOnly here will force the ReadOnly setting - in VolumeMounts. type: boolean volumeID: - description: volumeID uniquely identifies a Portworx - volume type: string required: - volumeID type: object projected: - description: projected items for all in one resources - secrets, configmaps, and downward API properties: defaultMode: - description: defaultMode are the mode bits used - to set permissions on created files by default. - Must be an octal value between 0000 and 0777 or - a decimal value between 0 and 511. YAML accepts - both octal and decimal values, JSON requires decimal - values for mode bits. Directories within the path - are not affected by this setting. This might be - in conflict with other options that affect the - file mode, like fsGroup, and the result can be - other mode bits set. format: int32 type: integer sources: - description: sources is the list of volume projections items: - description: Projection that may be projected - along with other supported volume types properties: clusterTrustBundle: - description: "ClusterTrustBundle allows a - pod to access the `.spec.trustBundle` field - of ClusterTrustBundle objects in an auto-updating - file. \n Alpha, gated by the ClusterTrustBundleProjection - feature gate. \n ClusterTrustBundle objects - can either be selected by name, or by the - combination of signer name and a label selector. - \n Kubelet performs aggressive normalization - of the PEM contents written into the pod - filesystem. Esoteric PEM features such - as inter-block comments and block headers - are stripped. Certificates are deduplicated. - The ordering of certificates within the - file is arbitrary, and Kubelet may change - the order over time." properties: labelSelector: - description: Select all ClusterTrustBundles - that match this label selector. Only - has effect if signerName is set. Mutually-exclusive - with name. If unset, interpreted as - "match nothing". If set but empty, - interpreted as "match everything". properties: matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. properties: key: - description: key is the label - key that the selector applies - to. type: string operator: - description: operator represents - a key's relationship to a - set of values. Valid operators - are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an array - of string values. If the operator - is In or NotIn, the values - array must be non-empty. If - the operator is Exists or - DoesNotExist, the values array - must be empty. This array - is replaced during a strategic - merge patch. items: type: string type: array @@ -1750,95 +759,31 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map - of {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are - ANDed. type: object type: object x-kubernetes-map-type: atomic name: - description: Select a single ClusterTrustBundle - by object name. Mutually-exclusive - with signerName and labelSelector. type: string optional: - description: If true, don't block pod - startup if the referenced ClusterTrustBundle(s) - aren't available. If using name, then - the named ClusterTrustBundle is allowed - not to exist. If using signerName, - then the combination of signerName and - labelSelector is allowed to match zero - ClusterTrustBundles. type: boolean path: - description: Relative path from the volume - root to write the bundle. type: string signerName: - description: Select all ClusterTrustBundles - that match this signer name. Mutually-exclusive - with name. The contents of all selected - ClusterTrustBundles will be unified - and deduplicated. type: string required: - path type: object configMap: - description: configMap information about the - configMap data to project properties: items: - description: items if unspecified, each - key-value pair in the Data field of - the referenced ConfigMap will be projected - into the volume as a file whose name - is the key and content is the value. - If specified, the listed keys will be - projected into the specified paths, - and unlisted keys will not be present. - If a key is specified which is not present - in the ConfigMap, the volume setup will - error unless it is marked optional. - Paths must be relative and may not contain - the '..' path or start with '..'. items: - description: Maps a string key to a - path within a volume. properties: key: - description: key is the key to project. type: string mode: - description: 'mode is Optional: - mode bits used to set permissions - on this file. Must be an octal - value between 0000 and 0777 or - a decimal value between 0 and - 511. YAML accepts both octal and - decimal values, JSON requires - decimal values for mode bits. - If not specified, the volume defaultMode - will be used. This might be in - conflict with other options that - affect the file mode, like fsGroup, - and the result can be other mode - bits set.' format: int32 type: integer path: - description: path is the relative - path of the file to map the key - to. May not be an absolute path. - May not contain the path element - '..'. May not start with the string - '..'. type: string required: - key @@ -1848,106 +793,42 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of the referent. This - field is effectively required, but due - to backwards compatibility is allowed - to be empty. Instances of this type - with an empty value here are almost - certainly wrong. TODO: Add other useful - fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional specify whether - the ConfigMap or its keys must be defined type: boolean type: object x-kubernetes-map-type: atomic downwardAPI: - description: downwardAPI information about - the downwardAPI data to project properties: items: - description: Items is a list of DownwardAPIVolume - file items: - description: DownwardAPIVolumeFile represents - information to create the file containing - the pod field properties: fieldRef: - description: 'Required: Selects - a field of the pod: only annotations, - labels, name, namespace and uid - are supported.' properties: apiVersion: - description: Version of the - schema the FieldPath is written - in terms of, defaults to "v1". type: string fieldPath: - description: Path of the field - to select in the specified - API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: mode bits - used to set permissions on this - file, must be an octal value between - 0000 and 0777 or a decimal value - between 0 and 511. YAML accepts - both octal and decimal values, - JSON requires decimal values for - mode bits. If not specified, the - volume defaultMode will be used. - This might be in conflict with - other options that affect the - file mode, like fsGroup, and the - result can be other mode bits - set.' format: int32 type: integer path: - description: 'Required: Path is the - relative path name of the file - to be created. Must not be absolute - or contain the ''..'' path. Must - be utf-8 encoded. The first item - of the relative path must not - start with ''..''' type: string resourceFieldRef: - description: 'Selects a resource - of the container: only resources - limits and requests (limits.cpu, - limits.memory, requests.cpu and - requests.memory) are currently - supported.' properties: containerName: - description: 'Container name: - required for volumes, optional - for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output - format of the exposed resources, - defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource - to select' type: string required: - resource @@ -1960,54 +841,16 @@ spec: x-kubernetes-list-type: atomic type: object secret: - description: secret information about the - secret data to project properties: items: - description: items if unspecified, each - key-value pair in the Data field of - the referenced Secret will be projected - into the volume as a file whose name - is the key and content is the value. - If specified, the listed keys will be - projected into the specified paths, - and unlisted keys will not be present. - If a key is specified which is not present - in the Secret, the volume setup will - error unless it is marked optional. - Paths must be relative and may not contain - the '..' path or start with '..'. items: - description: Maps a string key to a - path within a volume. properties: key: - description: key is the key to project. type: string mode: - description: 'mode is Optional: - mode bits used to set permissions - on this file. Must be an octal - value between 0000 and 0777 or - a decimal value between 0 and - 511. YAML accepts both octal and - decimal values, JSON requires - decimal values for mode bits. - If not specified, the volume defaultMode - will be used. This might be in - conflict with other options that - affect the file mode, like fsGroup, - and the result can be other mode - bits set.' format: int32 type: integer path: - description: path is the relative - path of the file to map the key - to. May not be an absolute path. - May not contain the path element - '..'. May not start with the string - '..'. type: string required: - key @@ -2017,54 +860,19 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of the referent. This - field is effectively required, but due - to backwards compatibility is allowed - to be empty. Instances of this type - with an empty value here are almost - certainly wrong. TODO: Add other useful - fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional field specify whether - the Secret or its key must be defined type: boolean type: object x-kubernetes-map-type: atomic serviceAccountToken: - description: serviceAccountToken is information - about the serviceAccountToken data to project properties: audience: - description: audience is the intended - audience of the token. A recipient of - a token must identify itself with an - identifier specified in the audience - of the token, and otherwise should reject - the token. The audience defaults to - the identifier of the apiserver. type: string expirationSeconds: - description: expirationSeconds is the - requested duration of validity of the - service account token. As the token - approaches expiration, the kubelet volume - plugin will proactively rotate the service - account token. The kubelet will start - trying to rotate the token if the token - is older than 80 percent of its time - to live or if the token is older than - 24 hours.Defaults to 1 hour and must - be at least 10 minutes. format: int64 type: integer path: - description: path is the path relative - to the mount point of the file to project - the token into. type: string required: - path @@ -2074,173 +882,79 @@ spec: x-kubernetes-list-type: atomic type: object quobyte: - description: quobyte represents a Quobyte mount on the - host that shares a pod's lifetime properties: group: - description: group to map volume access to Default - is no group type: string readOnly: - description: readOnly here will force the Quobyte - volume to be mounted with read-only permissions. - Defaults to false. type: boolean registry: - description: registry represents a single or multiple - Quobyte Registry services specified as a string - as host:port pair (multiple entries are separated - with commas) which acts as the central registry - for volumes type: string tenant: - description: tenant owning the given Quobyte volume - in the Backend Used with dynamically provisioned - Quobyte volumes, value is set by the plugin type: string user: - description: user to map volume access to Defaults - to serivceaccount user type: string volume: - description: volume is a string that references - an already created Quobyte volume by name. type: string required: - registry - volume type: object rbd: - description: 'rbd represents a Rados Block Device mount - on the host that shares a pod''s lifetime. More info: - https://examples.k8s.io/volumes/rbd/README.md' properties: fsType: - description: 'fsType is the filesystem type of the - volume that you want to mount. Tip: Ensure that - the filesystem type is supported by the host operating - system. Examples: "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. More info: - https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem - from compromising the machine' type: string image: - description: 'image is the rados image name. More - info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string keyring: - description: 'keyring is the path to key ring for - RBDUser. Default is /etc/ceph/keyring. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string monitors: - description: 'monitors is a collection of Ceph monitors. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' items: type: string type: array x-kubernetes-list-type: atomic pool: - description: 'pool is the rados pool name. Default - is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string readOnly: - description: 'readOnly here will force the ReadOnly - setting in VolumeMounts. Defaults to false. More - info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: boolean secretRef: - description: 'secretRef is name of the authentication - secret for RBDUser. If provided overrides keyring. - Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' properties: name: default: "" - description: 'Name of the referent. This field - is effectively required, but due to backwards - compatibility is allowed to be empty. Instances - of this type with an empty value here are - almost certainly wrong. TODO: Add other useful - fields. apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is the rados user name. Default - is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string required: - image - monitors type: object scaleIO: - description: scaleIO represents a ScaleIO persistent - volume attached and mounted on Kubernetes nodes. properties: fsType: - description: fsType is the filesystem type to mount. - Must be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs", "ntfs". Default - is "xfs". type: string gateway: - description: gateway is the host address of the - ScaleIO API Gateway. type: string protectionDomain: - description: protectionDomain is the name of the - ScaleIO Protection Domain for the configured storage. type: string readOnly: - description: readOnly Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting - in VolumeMounts. type: boolean secretRef: - description: secretRef references to the secret - for ScaleIO user and other sensitive information. - If this is not provided, Login operation will - fail. properties: name: default: "" - description: 'Name of the referent. This field - is effectively required, but due to backwards - compatibility is allowed to be empty. Instances - of this type with an empty value here are - almost certainly wrong. TODO: Add other useful - fields. apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic sslEnabled: - description: sslEnabled Flag enable/disable SSL - communication with Gateway, default false type: boolean storageMode: - description: storageMode indicates whether the storage - for a volume should be ThickProvisioned or ThinProvisioned. - Default is ThinProvisioned. type: string storagePool: - description: storagePool is the ScaleIO Storage - Pool associated with the protection domain. type: string system: - description: system is the name of the storage system - as configured in ScaleIO. type: string volumeName: - description: volumeName is the name of a volume - already created in the ScaleIO system that is - associated with this volume source. type: string required: - gateway @@ -2248,61 +962,19 @@ spec: - system type: object secret: - description: 'secret represents a secret that should - populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' properties: defaultMode: - description: 'defaultMode is Optional: mode bits - used to set permissions on created files by default. - Must be an octal value between 0000 and 0777 or - a decimal value between 0 and 511. YAML accepts - both octal and decimal values, JSON requires decimal - values for mode bits. Defaults to 0644. Directories - within the path are not affected by this setting. - This might be in conflict with other options that - affect the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer items: - description: items If unspecified, each key-value - pair in the Data field of the referenced Secret - will be projected into the volume as a file whose - name is the key and content is the value. If specified, - the listed keys will be projected into the specified - paths, and unlisted keys will not be present. - If a key is specified which is not present in - the Secret, the volume setup will error unless - it is marked optional. Paths must be relative - and may not contain the '..' path or start with - '..'. items: - description: Maps a string key to a path within - a volume. properties: key: - description: key is the key to project. type: string mode: - description: 'mode is Optional: mode bits - used to set permissions on this file. Must - be an octal value between 0000 and 0777 - or a decimal value between 0 and 511. YAML - accepts both octal and decimal values, JSON - requires decimal values for mode bits. If - not specified, the volume defaultMode will - be used. This might be in conflict with - other options that affect the file mode, - like fsGroup, and the result can be other - mode bits set.' format: int32 type: integer path: - description: path is the relative path of - the file to map the key to. May not be an - absolute path. May not contain the path - element '..'. May not start with the string - '..'. type: string required: - key @@ -2311,87 +983,37 @@ spec: type: array x-kubernetes-list-type: atomic optional: - description: optional field specify whether the - Secret or its keys must be defined type: boolean secretName: - description: 'secretName is the name of the secret - in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' type: string type: object storageos: - description: storageOS represents a StorageOS volume - attached and mounted on Kubernetes nodes. properties: fsType: - description: fsType is the filesystem type to mount. - Must be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. type: string readOnly: - description: readOnly defaults to false (read/write). - ReadOnly here will force the ReadOnly setting - in VolumeMounts. type: boolean secretRef: - description: secretRef specifies the secret to use - for obtaining the StorageOS API credentials. If - not specified, default values will be attempted. properties: name: default: "" - description: 'Name of the referent. This field - is effectively required, but due to backwards - compatibility is allowed to be empty. Instances - of this type with an empty value here are - almost certainly wrong. TODO: Add other useful - fields. apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic volumeName: - description: volumeName is the human-readable name - of the StorageOS volume. Volume names are only - unique within a namespace. type: string volumeNamespace: - description: volumeNamespace specifies the scope - of the volume within StorageOS. If no namespace - is specified then the Pod's namespace will be - used. This allows the Kubernetes name scoping - to be mirrored within StorageOS for tighter integration. - Set VolumeName to any name to override the default - behaviour. Set to "default" if you are not using - namespaces within StorageOS. Namespaces that do - not pre-exist within StorageOS will be created. type: string type: object vsphereVolume: - description: vsphereVolume represents a vSphere volume - attached and mounted on kubelets host machine properties: fsType: - description: fsType is filesystem type to mount. - Must be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. type: string storagePolicyID: - description: storagePolicyID is the storage Policy - Based Management (SPBM) profile ID associated - with the StoragePolicyName. type: string storagePolicyName: - description: storagePolicyName is the storage Policy - Based Management (SPBM) profile name. type: string volumePath: - description: volumePath is the path that identifies - vSphere volume vmdk type: string required: - volumePath @@ -2402,39 +1024,20 @@ spec: type: array type: object pod: - description: Pod specifies the criteria to use to select the hook - executor pods properties: owner: - description: Owner specifies a template for owner reference - that will be used to filter the selected pods. properties: apiVersion: - description: API version of the referent. type: string blockOwnerDeletion: - description: If true, AND if the owner has the "foregroundDeletion" - finalizer, then the owner cannot be deleted from the - key-value store until this reference is removed. See - https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion - for how the garbage collector interacts with this field - and enforces the foreground deletion. Defaults to false. - To set this field, a user needs "delete" permission - of the owner, otherwise 422 (Unprocessable Entity) will - be returned. type: boolean controller: - description: If true, this reference points to the managing - controller. type: boolean kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -2444,30 +1047,15 @@ spec: type: object x-kubernetes-map-type: atomic selector: - description: Selector specifies list of key value pair that - will be used as label selector to select the desired pods. - You can use comma to separate multiple labels (i.e. "app=my-app,env=prod") type: string strategy: default: ExecuteOnOne - description: 'Strategy specifies what should be the behavior - when multiple pods are selected Valid values are: - "ExecuteOnOne": - Execute hook on only one of the selected pods. This is default - behavior - "ExecuteOnAll": Execute hook on all the selected - pods.' enum: - ExecuteOnOne - ExecuteOnAll type: string type: object type: - description: 'Type indicate the types of entity that will execute - the hook. Valid values are: - "Function": KubeStash will create - a job with the provided information in `function` section. The - job will execute the hook. - "Pod": KubeStash will select the - pod that matches the selector provided in `pod` section. This - pod(s) will execute the hook. - "Operator": KubeStash operator - itself will execute the hook.' enum: - Function - Pod @@ -2475,80 +1063,39 @@ spec: type: string type: object params: - description: Params defines a list of parameters that is used by the - HookTemplate to execute its logic. items: - description: ParameterDefinition defines the parameter names, their - usage, their requirements etc. properties: default: - description: Default specifies a default value for the parameter type: string name: - description: Name specifies the name of the parameter type: string required: - description: Required specify whether this parameter is required - or not type: boolean usage: - description: Usage specifies the usage of this parameter type: string type: object type: array usagePolicy: - description: "UsagePolicy specifies a policy of how this HookTemplate - will be used. For example, you can use `allowedNamespaces` policy - to restrict the usage of this HookTemplate to particular namespaces. - \n This field is optional. If you don't provide the usagePolicy, - then it can be used only from the current namespace." properties: allowedNamespaces: - description: AllowedNamespaces specifies which namespaces are - allowed to use the resource properties: from: default: Same - description: 'From indicates how to select the namespaces - that are allowed to use this resource. Possible values are: - * All: All namespaces can use this resource. * Selector: - Namespaces that matches the selector can use this resource. - * Same: Only current namespace can use the resource.' enum: - All - Selector - Same type: string selector: - description: Selector must be specified when From is set to - "Selector". In that case, only the selected namespaces are - allowed to use this resource. This field is ignored for - other values of "From". properties: matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. properties: key: - description: key is the label key that the selector - applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. items: type: string type: array @@ -2562,11 +1109,6 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic diff --git a/vendor/kubestash.dev/apimachinery/crds/core.kubestash.com_restoresessions.yaml b/vendor/kubestash.dev/apimachinery/crds/core.kubestash.com_restoresessions.yaml index 77e3176f..7e9e34ec 100644 --- a/vendor/kubestash.dev/apimachinery/crds/core.kubestash.com_restoresessions.yaml +++ b/vendor/kubestash.dev/apimachinery/crds/core.kubestash.com_restoresessions.yaml @@ -24,9 +24,6 @@ spec: - jsonPath: .spec.dataSource.repository name: Repository type: string - - jsonPath: .spec.failurePolicy - name: Failure-Policy - type: string - jsonPath: .status.phase name: Phase type: string @@ -39,153 +36,75 @@ spec: name: v1alpha1 schema: openAPIV3Schema: - description: RestoreSession represents one restore run for the targeted application properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: RestoreSessionSpec specifies the necessary configurations - for restoring data into a target properties: addon: - description: Addon specifies addon configuration that will be used - to restore the target. properties: containerRuntimeSettings: - description: ContainerRuntimeSettings specifies runtime settings - for the backup/restore executor container properties: env: - description: List of environment variables to set in the container. - Cannot be updated. items: - description: EnvVar represents an environment variable present - in a Container. properties: name: - description: Name of the environment variable. Must - be a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) are expanded - using the previously defined environment variables - in the container and any service environment variables. - If a variable cannot be resolved, the reference in - the input string will be unchanged. Double $$ are - reduced to a single $, which allows for escaping the - $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce - the string literal "$(VAR_NAME)". Escaped references - will never be expanded, regardless of whether the - variable exists or not. Defaults to "".' type: string valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. properties: configMapKeyRef: - description: Selects a key of a ConfigMap. properties: key: - description: The key to select. type: string name: default: "" - description: 'Name of the referent. This field - is effectively required, but due to backwards - compatibility is allowed to be empty. Instances - of this type with an empty value here are - almost certainly wrong. TODO: Add other useful - fields. apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the ConfigMap or - its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of the pod: supports - metadata.name, metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs.' properties: apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". type: string fieldPath: - description: Path of the field to select in - the specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' properties: containerName: - description: 'Container name: required for volumes, - optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output format of - the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to select' type: string required: - resource type: object x-kubernetes-map-type: atomic secretKeyRef: - description: Selects a key of a secret in the pod's - namespace properties: key: - description: The key of the secret to select - from. Must be a valid secret key. type: string name: default: "" - description: 'Name of the referent. This field - is effectively required, but due to backwards - compatibility is allowed to be empty. Instances - of this type with an empty value here are - almost certainly wrong. TODO: Add other useful - fields. apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the Secret or its - key must be defined type: boolean required: - key @@ -197,67 +116,31 @@ spec: type: object type: array envFrom: - description: List of sources to populate environment variables - in the container. The keys defined within a source must - be a C_IDENTIFIER. All invalid keys will be reported as - an event when the container is starting. When a key exists - in multiple sources, the value associated with the last - source will take precedence. Values defined by an Env with - a duplicate key will take precedence. Cannot be updated. items: - description: EnvFromSource represents the source of a set - of ConfigMaps properties: configMapRef: - description: The ConfigMap to select from properties: name: default: "" - description: 'Name of the referent. This field is - effectively required, but due to backwards compatibility - is allowed to be empty. Instances of this type - with an empty value here are almost certainly - wrong. TODO: Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the ConfigMap must - be defined type: boolean type: object x-kubernetes-map-type: atomic prefix: - description: An optional identifier to prepend to each - key in the ConfigMap. Must be a C_IDENTIFIER. type: string secretRef: - description: The Secret to select from properties: name: default: "" - description: 'Name of the referent. This field is - effectively required, but due to backwards compatibility - is allowed to be empty. Instances of this type - with an empty value here are almost certainly - wrong. TODO: Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the Secret must be - defined type: boolean type: object x-kubernetes-map-type: atomic type: object type: array ionice: - description: 'Settings to configure `ionice` to throttle the - load on disk. More info: http://kennystechtalk.blogspot.com/2015/04/throttling-cpu-usage-with-linux-cgroups.html - More info: https://oakbytes.wordpress.com/2012/06/06/linux-scheduler-cfs-and-nice/' properties: class: format: int32 @@ -267,58 +150,27 @@ spec: type: integer type: object lifecycle: - description: Actions that the management system should take - in response to container lifecycle events. Cannot be updated. properties: postStart: - description: 'PostStart is called immediately after a - container is created. If the handler fails, the container - is terminated and restarted according to its restart - policy. Other management of the container blocks until - the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory - for the command is root ('/') in the container's - filesystem. The command is simply exec'd, it - is not run inside a shell, so traditional shell - instructions ('|', etc) won't work. To use a - shell, you need to explicitly call out to that - shell. Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the http request to - perform. properties: host: - description: Host name to connect to, defaults - to the pod IP. You probably want to set "Host" - in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes properties: name: - description: The header field name. This - will be canonicalized upon output, so - case-variant names will be understood - as the same header. type: string value: - description: The header field value type: string required: - name @@ -327,114 +179,58 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the - host. Defaults to HTTP. type: string required: - port type: object sleep: - description: Sleep represents the duration that the - container should sleep before being terminated. properties: seconds: - description: Seconds is the number of seconds - to sleep. format: int64 type: integer required: - seconds type: object tcpSocket: - description: Deprecated. TCPSocket is NOT supported - as a LifecycleHandler and kept for the backward - compatibility. There are no validation of this field - and lifecycle hooks will fail in runtime when tcp - handler is specified. properties: host: - description: 'Optional: Host name to connect to, - defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: - description: 'PreStop is called immediately before a container - is terminated due to an API request or management event - such as liveness/startup probe failure, preemption, - resource contention, etc. The handler is not called - if the container crashes or exits. The Pod''s termination - grace period countdown begins before the PreStop hook - is executed. Regardless of the outcome of the handler, - the container will eventually terminate within the Pod''s - termination grace period (unless delayed by finalizers). - Other management of the container blocks until the hook - completes or until the termination grace period is reached. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory - for the command is root ('/') in the container's - filesystem. The command is simply exec'd, it - is not run inside a shell, so traditional shell - instructions ('|', etc) won't work. To use a - shell, you need to explicitly call out to that - shell. Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the http request to - perform. properties: host: - description: Host name to connect to, defaults - to the pod IP. You probably want to set "Host" - in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes properties: name: - description: The header field name. This - will be canonicalized upon output, so - case-variant names will be understood - as the same header. type: string value: - description: The header field value type: string required: - name @@ -443,53 +239,33 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the - host. Defaults to HTTP. type: string required: - port type: object sleep: - description: Sleep represents the duration that the - container should sleep before being terminated. properties: seconds: - description: Seconds is the number of seconds - to sleep. format: int64 type: integer required: - seconds type: object tcpSocket: - description: Deprecated. TCPSocket is NOT supported - as a LifecycleHandler and kept for the backward - compatibility. There are no validation of this field - and lifecycle hooks will fail in runtime when tcp - handler is specified. properties: host: - description: 'Optional: Host name to connect to, - defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -497,73 +273,38 @@ spec: type: object type: object livenessProbe: - description: 'Periodic probe of container liveness. Container - will be restarted if the probe fails. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', - etc) won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC - port. properties: port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name of the service to - place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes properties: name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. type: string value: - description: The header field value type: string required: - name @@ -572,162 +313,84 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port to access - on the container. Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving a - TCP port. properties: host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access - on the container. Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and - the time when the processes are forcibly halted with - a kill signal. Set this value longer than the expected - cleanup time for your process. If this value is nil, - the pod's terminationGracePeriodSeconds will be used. - Otherwise, this value overrides the value provided by - the pod spec. Value must be non-negative integer. The - value zero indicates stop immediately via the kill signal - (no opportunity to shut down). This is a beta field - and requires enabling ProbeTerminationGracePeriod feature - gate. Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which the probe - times out. Defaults to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object nice: - description: 'Settings to configure `nice` to throttle the - load on cpu. More info: http://kennystechtalk.blogspot.com/2015/04/throttling-cpu-usage-with-linux-cgroups.html - More info: https://oakbytes.wordpress.com/2012/06/06/linux-scheduler-cfs-and-nice/' properties: adjustment: format: int32 type: integer type: object readinessProbe: - description: 'Periodic probe of container service readiness. - Container will be removed from service endpoints if the - probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', - etc) won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC - port. properties: port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name of the service to - place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes properties: name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. type: string value: - description: The header field value type: string required: - name @@ -736,103 +399,51 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port to access - on the container. Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving a - TCP port. properties: host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access - on the container. Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and - the time when the processes are forcibly halted with - a kill signal. Set this value longer than the expected - cleanup time for your process. If this value is nil, - the pod's terminationGracePeriodSeconds will be used. - Otherwise, this value overrides the value provided by - the pod spec. Value must be non-negative integer. The - value zero indicates stop immediately via the kill signal - (no opportunity to shut down). This is a beta field - and requires enabling ProbeTerminationGracePeriod feature - gate. Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which the probe - times out. Defaults to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object resources: - description: 'Compute Resources required by container. Cannot - be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' properties: claims: - description: "Claims lists the names of resources, defined - in spec.resourceClaims, that are used by this container. - \n This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. \n This field - is immutable. It can only be set for containers." items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of one entry - in pod.spec.resourceClaims of the Pod where this - field is used. It makes that resource available - inside a container. type: string required: - name @@ -848,8 +459,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -858,327 +467,124 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of - compute resources required. If Requests is omitted for - a container, it defaults to Limits if that is explicitly - specified, otherwise to an implementation-defined value. - Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: - description: 'Security options the pod should run with. More - info: https://kubernetes.io/docs/concepts/policy/security-context/ - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether - a process can gain more privileges than its parent process. - This bool directly controls if the no_new_privs flag - will be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged - 2) has CAP_SYS_ADMIN Note that this field cannot be - set when spec.os.name is windows.' type: boolean appArmorProfile: - description: appArmorProfile is the AppArmor options to - use by this container. If set, this profile overrides - the pod's appArmorProfile. Note that this field cannot - be set when spec.os.name is windows. properties: localhostProfile: - description: localhostProfile indicates a profile - loaded on the node that should be used. The profile - must be preconfigured on the node to work. Must - match the loaded name of the profile. Must be set - if and only if type is "Localhost". type: string type: - description: 'type indicates which kind of AppArmor - profile will be applied. Valid options are: Localhost - - a profile pre-loaded on the node. RuntimeDefault - - the container runtime''s default profile. Unconfined - - no AppArmor enforcement.' type: string required: - type type: object capabilities: - description: The capabilities to add/drop when running - containers. Defaults to the default set of capabilities - granted by the container runtime. Note that this field - cannot be set when spec.os.name is windows. properties: add: - description: Added capabilities items: - description: Capability represent POSIX capabilities - type type: string type: array x-kubernetes-list-type: atomic drop: - description: Removed capabilities items: - description: Capability represent POSIX capabilities - type type: string type: array x-kubernetes-list-type: atomic type: object privileged: - description: Run container in privileged mode. Processes - in privileged containers are essentially equivalent - to root on the host. Defaults to false. Note that this - field cannot be set when spec.os.name is windows. type: boolean procMount: - description: procMount denotes the type of proc mount - to use for the containers. The default is DefaultProcMount - which uses the container runtime defaults for readonly - paths and masked paths. This requires the ProcMountType - feature flag to be enabled. Note that this field cannot - be set when spec.os.name is windows. type: string readOnlyRootFilesystem: - description: Whether this container has a read-only root - filesystem. Default is false. Note that this field cannot - be set when spec.os.name is windows. type: boolean runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be - set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set - when spec.os.name is windows. format: int64 type: integer runAsNonRoot: - description: Indicates that the container must run as - a non-root user. If true, the Kubelet will validate - the image at runtime to ensure that it does not run - as UID 0 (root) and fail to start the container if it - does. If unset or false, no such validation will be - performed. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata - if unspecified. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name - is windows. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be applied to the - container. If unspecified, the container runtime will - allocate a random SELinux context for each container. May - also be set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set - when spec.os.name is windows. properties: level: - description: Level is SELinux level label that applies - to the container. type: string role: - description: Role is a SELinux role label that applies - to the container. type: string type: - description: Type is a SELinux type label that applies - to the container. type: string user: - description: User is a SELinux user label that applies - to the container. type: string type: object seccompProfile: - description: The seccomp options to use by this container. - If seccomp options are provided at both the pod & container - level, the container options override the pod options. - Note that this field cannot be set when spec.os.name - is windows. properties: localhostProfile: - description: localhostProfile indicates a profile - defined in a file on the node should be used. The - profile must be preconfigured on the node to work. - Must be a descending path, relative to the kubelet's - configured seccomp profile location. Must be set - if type is "Localhost". Must NOT be set for any - other type. type: string type: - description: "type indicates which kind of seccomp - profile will be applied. Valid options are: \n Localhost - - a profile defined in a file on the node should - be used. RuntimeDefault - the container runtime - default profile should be used. Unconfined - no - profile should be applied." type: string required: - type type: object windowsOptions: - description: The Windows specific settings applied to - all containers. If unspecified, the options from the - PodSecurityContext will be used. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set - when spec.os.name is linux. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA - admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec - named by the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of - the GMSA credential spec to use. type: string hostProcess: - description: HostProcess determines if a container - should be run as a 'Host Process' container. All - of a Pod's containers must have the same effective - HostProcess value (it is not allowed to have a mix - of HostProcess containers and non-HostProcess containers). - In addition, if HostProcess is true then HostNetwork - must also be set to true. type: boolean runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set - in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. type: string type: object type: object type: object jobTemplate: - description: JobTemplate specifies runtime configurations for - the backup/restore Job properties: controller: - description: 'Workload controller''s metadata. More info: - https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' properties: annotations: additionalProperties: type: string - description: 'Annotations is an unstructured key value - map stored with a resource that may be set by external - tools to store and retrieve arbitrary metadata. They - are not queryable and should be preserved when modifying - objects. More info: http://kubernetes.io/docs/user-guide/annotations' type: object labels: additionalProperties: type: string - description: 'Map of string keys and values that can be - used to organize and categorize (scope and select) objects. - May match selectors of replication controllers and services. - More info: http://kubernetes.io/docs/user-guide/labels' type: object type: object metadata: - description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' properties: annotations: additionalProperties: type: string - description: 'Annotations is an unstructured key value - map stored with a resource that may be set by external - tools to store and retrieve arbitrary metadata. They - are not queryable and should be preserved when modifying - objects. More info: http://kubernetes.io/docs/user-guide/annotations' type: object labels: additionalProperties: type: string - description: 'Map of string keys and values that can be - used to organize and categorize (scope and select) objects. - May match selectors of replication controllers and services. - More info: http://kubernetes.io/docs/user-guide/labels' type: object type: object spec: - description: 'Specification of the desired behavior of the - pod. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status' properties: affinity: - description: If specified, the pod's scheduling constraints properties: nodeAffinity: - description: Describes node affinity scheduling rules - for the pod. properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule - pods to nodes that satisfy the affinity expressions - specified by this field, but it may choose a - node that violates one or more of the expressions. - The node that is most preferred is the one with - the greatest sum of weights, i.e. for each node - that meets all of the scheduling requirements - (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by - iterating through the elements of this field - and adding "weight" to the sum if the node matches - the corresponding matchExpressions; the node(s) - with the highest sum are the most preferred. items: - description: An empty preferred scheduling term - matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling - term matches no objects (i.e. is also a no-op). properties: preference: - description: A node selector term, associated - with the corresponding weight. properties: matchExpressions: - description: A list of node selector - requirements by node's labels. items: - description: A node selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. properties: key: - description: The label key that - the selector applies to. type: string operator: - description: Represents a key's - relationship to a set of values. - Valid operators are In, NotIn, - Exists, DoesNotExist. Gt, and - Lt. type: string values: - description: An array of string - values. If the operator is In - or NotIn, the values array must - be non-empty. If the operator - is Exists or DoesNotExist, the - values array must be empty. - If the operator is Gt or Lt, - the values array must have a - single element, which will be - interpreted as an integer. This - array is replaced during a strategic - merge patch. items: type: string type: array @@ -1190,38 +596,13 @@ spec: type: array x-kubernetes-list-type: atomic matchFields: - description: A list of node selector - requirements by node's fields. items: - description: A node selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. properties: key: - description: The label key that - the selector applies to. type: string operator: - description: Represents a key's - relationship to a set of values. - Valid operators are In, NotIn, - Exists, DoesNotExist. Gt, and - Lt. type: string values: - description: An array of string - values. If the operator is In - or NotIn, the values array must - be non-empty. If the operator - is Exists or DoesNotExist, the - values array must be empty. - If the operator is Gt or Lt, - the values array must have a - single element, which will be - interpreted as an integer. This - array is replaced during a strategic - merge patch. items: type: string type: array @@ -1235,9 +616,6 @@ spec: type: object x-kubernetes-map-type: atomic weight: - description: Weight associated with matching - the corresponding nodeSelectorTerm, in - the range 1-100. format: int32 type: integer required: @@ -1247,57 +625,18 @@ spec: type: array x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified - by this field are not met at scheduling time, - the pod will not be scheduled onto the node. - If the affinity requirements specified by this - field cease to be met at some point during pod - execution (e.g. due to an update), the system - may or may not try to eventually evict the pod - from its node. properties: nodeSelectorTerms: - description: Required. A list of node selector - terms. The terms are ORed. items: - description: A null or empty node selector - term matches no objects. The requirements - of them are ANDed. The TopologySelectorTerm - type implements a subset of the NodeSelectorTerm. properties: matchExpressions: - description: A list of node selector - requirements by node's labels. items: - description: A node selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. properties: key: - description: The label key that - the selector applies to. type: string operator: - description: Represents a key's - relationship to a set of values. - Valid operators are In, NotIn, - Exists, DoesNotExist. Gt, and - Lt. type: string values: - description: An array of string - values. If the operator is In - or NotIn, the values array must - be non-empty. If the operator - is Exists or DoesNotExist, the - values array must be empty. - If the operator is Gt or Lt, - the values array must have a - single element, which will be - interpreted as an integer. This - array is replaced during a strategic - merge patch. items: type: string type: array @@ -1309,38 +648,13 @@ spec: type: array x-kubernetes-list-type: atomic matchFields: - description: A list of node selector - requirements by node's fields. items: - description: A node selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. properties: key: - description: The label key that - the selector applies to. type: string operator: - description: Represents a key's - relationship to a set of values. - Valid operators are In, NotIn, - Exists, DoesNotExist. Gt, and - Lt. type: string values: - description: An array of string - values. If the operator is In - or NotIn, the values array must - be non-empty. If the operator - is Exists or DoesNotExist, the - values array must be empty. - If the operator is Gt or Lt, - the values array must have a - single element, which will be - interpreted as an integer. This - array is replaced during a strategic - merge patch. items: type: string type: array @@ -1361,74 +675,22 @@ spec: x-kubernetes-map-type: atomic type: object podAffinity: - description: Describes pod affinity scheduling rules - (e.g. co-locate this pod in the same node, zone, - etc. as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule - pods to nodes that satisfy the affinity expressions - specified by this field, but it may choose a - node that violates one or more of the expressions. - The node that is most preferred is the one with - the greatest sum of weights, i.e. for each node - that meets all of the scheduling requirements - (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by - iterating through the elements of this field - and adding "weight" to the sum if the node has - pods which matches the corresponding podAffinityTerm; - the node(s) with the highest sum are the most - preferred. items: - description: The weights of all of the matched - WeightedPodAffinityTerm fields are added per-node - to find the most preferred node(s) properties: podAffinityTerm: - description: Required. A pod affinity term, - associated with the corresponding weight. properties: labelSelector: - description: A label query over a set - of resources, in this case pods. If - it's null, this PodAffinityTerm matches - with no Pods. properties: matchExpressions: - description: matchExpressions is - a list of label selector requirements. - The requirements are ANDed. items: - description: A label selector - requirement is a selector that - contains values, a key, and - an operator that relates the - key and values. properties: key: - description: key is the label - key that the selector applies - to. type: string operator: - description: operator represents - a key's relationship to - a set of values. Valid operators - are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an - array of string values. - If the operator is In or - NotIn, the values array - must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be - empty. This array is replaced - during a strategic merge - patch. items: type: string type: array @@ -1442,111 +704,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map - of {key,value} pairs. A single - {key,value} in the matchLabels - map is equivalent to an element - of matchExpressions, whose key - field is "key", the operator is - "In", and the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set - of pod label keys to select which - pods will be taken into consideration. - The keys are used to lookup values - from the incoming pod labels, those - key-value labels are merged with `labelSelector` - as `key in (value)` to select the - group of existing pods which pods - will be taken into consideration for - the incoming pod's pod (anti) affinity. - Keys that don't exist in the incoming - pod labels will be ignored. The default - value is empty. The same key is forbidden - to exist in both matchLabelKeys and - labelSelector. Also, matchLabelKeys - cannot be set when labelSelector isn't - set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys is a - set of pod label keys to select which - pods will be taken into consideration. - The keys are used to lookup values - from the incoming pod labels, those - key-value labels are merged with `labelSelector` - as `key notin (value)` to select the - group of existing pods which pods - will be taken into consideration for - the incoming pod's pod (anti) affinity. - Keys that don't exist in the incoming - pod labels will be ignored. The default - value is empty. The same key is forbidden - to exist in both mismatchLabelKeys - and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector isn't - set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the - set of namespaces that the term applies - to. The term is applied to the union - of the namespaces selected by this - field and the ones listed in the namespaces - field. null selector and null or empty - namespaces list means "this pod's - namespace". An empty selector ({}) - matches all namespaces. properties: matchExpressions: - description: matchExpressions is - a list of label selector requirements. - The requirements are ANDed. items: - description: A label selector - requirement is a selector that - contains values, a key, and - an operator that relates the - key and values. properties: key: - description: key is the label - key that the selector applies - to. type: string operator: - description: operator represents - a key's relationship to - a set of values. Valid operators - are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an - array of string values. - If the operator is In or - NotIn, the values array - must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be - empty. This array is replaced - during a strategic merge - patch. items: type: string type: array @@ -1560,50 +740,20 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map - of {key,value} pairs. A single - {key,value} in the matchLabels - map is equivalent to an element - of matchExpressions, whose key - field is "key", the operator is - "In", and the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a - static list of namespace names that - the term applies to. The term is applied - to the union of the namespaces listed - in this field and the ones selected - by namespaceSelector. null or empty - namespaces list and null namespaceSelector - means "this pod's namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: - description: This pod should be co-located - (affinity) or not co-located (anti-affinity) - with the pods matching the labelSelector - in the specified namespaces, where - co-located is defined as running on - a node whose value of the label with - key topologyKey matches that of any - node on which any of the selected - pods is running. Empty topologyKey - is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching - the corresponding podAffinityTerm, in - the range 1-100. format: int32 type: integer required: @@ -1613,63 +763,18 @@ spec: type: array x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified - by this field are not met at scheduling time, - the pod will not be scheduled onto the node. - If the affinity requirements specified by this - field cease to be met at some point during pod - execution (e.g. due to a pod label update), - the system may or may not try to eventually - evict the pod from its node. When there are - multiple elements, the lists of nodes corresponding - to each podAffinityTerm are intersected, i.e. - all terms must be satisfied. items: - description: Defines a set of pods (namely those - matching the labelSelector relative to the - given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) - with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on - which a pod of the set of pods is running properties: labelSelector: - description: A label query over a set of - resources, in this case pods. If it's - null, this PodAffinityTerm matches with - no Pods. properties: matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. properties: key: - description: key is the label - key that the selector applies - to. type: string operator: - description: operator represents - a key's relationship to a set - of values. Valid operators are - In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array - of string values. If the operator - is In or NotIn, the values array - must be non-empty. If the operator - is Exists or DoesNotExist, the - values array must be empty. - This array is replaced during - a strategic merge patch. items: type: string type: array @@ -1683,102 +788,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of - {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are - ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of - pod label keys to select which pods will - be taken into consideration. The keys - are used to lookup values from the incoming - pod labels, those key-value labels are - merged with `labelSelector` as `key in - (value)` to select the group of existing - pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. - Keys that don't exist in the incoming - pod labels will be ignored. The default - value is empty. The same key is forbidden - to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when - labelSelector isn't set. This is an alpha - field and requires enabling MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys is a set - of pod label keys to select which pods - will be taken into consideration. The - keys are used to lookup values from the - incoming pod labels, those key-value labels - are merged with `labelSelector` as `key - notin (value)` to select the group of - existing pods which pods will be taken - into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist - in the incoming pod labels will be ignored. - The default value is empty. The same key - is forbidden to exist in both mismatchLabelKeys - and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector isn't - set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature - gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set - of namespaces that the term applies to. - The term is applied to the union of the - namespaces selected by this field and - the ones listed in the namespaces field. - null selector and null or empty namespaces - list means "this pod's namespace". An - empty selector ({}) matches all namespaces. properties: matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. properties: key: - description: key is the label - key that the selector applies - to. type: string operator: - description: operator represents - a key's relationship to a set - of values. Valid operators are - In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array - of string values. If the operator - is In or NotIn, the values array - must be non-empty. If the operator - is Exists or DoesNotExist, the - values array must be empty. - This array is replaced during - a strategic merge patch. items: type: string type: array @@ -1792,39 +824,15 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of - {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are - ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static - list of namespace names that the term - applies to. The term is applied to the - union of the namespaces listed in this - field and the ones selected by namespaceSelector. - null or empty namespaces list and null - namespaceSelector means "this pod's namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: - description: This pod should be co-located - (affinity) or not co-located (anti-affinity) - with the pods matching the labelSelector - in the specified namespaces, where co-located - is defined as running on a node whose - value of the label with key topologyKey - matches that of any node on which any - of the selected pods is running. Empty - topologyKey is not allowed. type: string required: - topologyKey @@ -1833,74 +841,22 @@ spec: x-kubernetes-list-type: atomic type: object podAntiAffinity: - description: Describes pod anti-affinity scheduling - rules (e.g. avoid putting this pod in the same node, - zone, etc. as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule - pods to nodes that satisfy the anti-affinity - expressions specified by this field, but it - may choose a node that violates one or more - of the expressions. The node that is most preferred - is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - anti-affinity expressions, etc.), compute a - sum by iterating through the elements of this - field and adding "weight" to the sum if the - node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest - sum are the most preferred. items: - description: The weights of all of the matched - WeightedPodAffinityTerm fields are added per-node - to find the most preferred node(s) properties: podAffinityTerm: - description: Required. A pod affinity term, - associated with the corresponding weight. properties: labelSelector: - description: A label query over a set - of resources, in this case pods. If - it's null, this PodAffinityTerm matches - with no Pods. properties: matchExpressions: - description: matchExpressions is - a list of label selector requirements. - The requirements are ANDed. items: - description: A label selector - requirement is a selector that - contains values, a key, and - an operator that relates the - key and values. properties: key: - description: key is the label - key that the selector applies - to. type: string operator: - description: operator represents - a key's relationship to - a set of values. Valid operators - are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an - array of string values. - If the operator is In or - NotIn, the values array - must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be - empty. This array is replaced - during a strategic merge - patch. items: type: string type: array @@ -1914,111 +870,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map - of {key,value} pairs. A single - {key,value} in the matchLabels - map is equivalent to an element - of matchExpressions, whose key - field is "key", the operator is - "In", and the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set - of pod label keys to select which - pods will be taken into consideration. - The keys are used to lookup values - from the incoming pod labels, those - key-value labels are merged with `labelSelector` - as `key in (value)` to select the - group of existing pods which pods - will be taken into consideration for - the incoming pod's pod (anti) affinity. - Keys that don't exist in the incoming - pod labels will be ignored. The default - value is empty. The same key is forbidden - to exist in both matchLabelKeys and - labelSelector. Also, matchLabelKeys - cannot be set when labelSelector isn't - set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys is a - set of pod label keys to select which - pods will be taken into consideration. - The keys are used to lookup values - from the incoming pod labels, those - key-value labels are merged with `labelSelector` - as `key notin (value)` to select the - group of existing pods which pods - will be taken into consideration for - the incoming pod's pod (anti) affinity. - Keys that don't exist in the incoming - pod labels will be ignored. The default - value is empty. The same key is forbidden - to exist in both mismatchLabelKeys - and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector isn't - set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the - set of namespaces that the term applies - to. The term is applied to the union - of the namespaces selected by this - field and the ones listed in the namespaces - field. null selector and null or empty - namespaces list means "this pod's - namespace". An empty selector ({}) - matches all namespaces. properties: matchExpressions: - description: matchExpressions is - a list of label selector requirements. - The requirements are ANDed. items: - description: A label selector - requirement is a selector that - contains values, a key, and - an operator that relates the - key and values. properties: key: - description: key is the label - key that the selector applies - to. type: string operator: - description: operator represents - a key's relationship to - a set of values. Valid operators - are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an - array of string values. - If the operator is In or - NotIn, the values array - must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be - empty. This array is replaced - during a strategic merge - patch. items: type: string type: array @@ -2032,50 +906,20 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map - of {key,value} pairs. A single - {key,value} in the matchLabels - map is equivalent to an element - of matchExpressions, whose key - field is "key", the operator is - "In", and the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a - static list of namespace names that - the term applies to. The term is applied - to the union of the namespaces listed - in this field and the ones selected - by namespaceSelector. null or empty - namespaces list and null namespaceSelector - means "this pod's namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: - description: This pod should be co-located - (affinity) or not co-located (anti-affinity) - with the pods matching the labelSelector - in the specified namespaces, where - co-located is defined as running on - a node whose value of the label with - key topologyKey matches that of any - node on which any of the selected - pods is running. Empty topologyKey - is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching - the corresponding podAffinityTerm, in - the range 1-100. format: int32 type: integer required: @@ -2085,63 +929,18 @@ spec: type: array x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements - specified by this field are not met at scheduling - time, the pod will not be scheduled onto the - node. If the anti-affinity requirements specified - by this field cease to be met at some point - during pod execution (e.g. due to a pod label - update), the system may or may not try to eventually - evict the pod from its node. When there are - multiple elements, the lists of nodes corresponding - to each podAffinityTerm are intersected, i.e. - all terms must be satisfied. items: - description: Defines a set of pods (namely those - matching the labelSelector relative to the - given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) - with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on - which a pod of the set of pods is running properties: labelSelector: - description: A label query over a set of - resources, in this case pods. If it's - null, this PodAffinityTerm matches with - no Pods. properties: matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. properties: key: - description: key is the label - key that the selector applies - to. type: string operator: - description: operator represents - a key's relationship to a set - of values. Valid operators are - In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array - of string values. If the operator - is In or NotIn, the values array - must be non-empty. If the operator - is Exists or DoesNotExist, the - values array must be empty. - This array is replaced during - a strategic merge patch. items: type: string type: array @@ -2155,102 +954,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of - {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are - ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of - pod label keys to select which pods will - be taken into consideration. The keys - are used to lookup values from the incoming - pod labels, those key-value labels are - merged with `labelSelector` as `key in - (value)` to select the group of existing - pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. - Keys that don't exist in the incoming - pod labels will be ignored. The default - value is empty. The same key is forbidden - to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when - labelSelector isn't set. This is an alpha - field and requires enabling MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys is a set - of pod label keys to select which pods - will be taken into consideration. The - keys are used to lookup values from the - incoming pod labels, those key-value labels - are merged with `labelSelector` as `key - notin (value)` to select the group of - existing pods which pods will be taken - into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist - in the incoming pod labels will be ignored. - The default value is empty. The same key - is forbidden to exist in both mismatchLabelKeys - and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector isn't - set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature - gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set - of namespaces that the term applies to. - The term is applied to the union of the - namespaces selected by this field and - the ones listed in the namespaces field. - null selector and null or empty namespaces - list means "this pod's namespace". An - empty selector ({}) matches all namespaces. properties: matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. properties: key: - description: key is the label - key that the selector applies - to. type: string operator: - description: operator represents - a key's relationship to a set - of values. Valid operators are - In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array - of string values. If the operator - is In or NotIn, the values array - must be non-empty. If the operator - is Exists or DoesNotExist, the - values array must be empty. - This array is replaced during - a strategic merge patch. items: type: string type: array @@ -2264,39 +990,15 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of - {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are - ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static - list of namespace names that the term - applies to. The term is applied to the - union of the namespaces listed in this - field and the ones selected by namespaceSelector. - null or empty namespaces list and null - namespaceSelector means "this pod's namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: - description: This pod should be co-located - (affinity) or not co-located (anti-affinity) - with the pods matching the labelSelector - in the specified namespaces, where co-located - is defined as running on a node whose - value of the label with key topologyKey - matches that of any node on which any - of the selected pods is running. Empty - topologyKey is not allowed. type: string required: - topologyKey @@ -2306,246 +1008,92 @@ spec: type: object type: object args: - description: 'Arguments to the entrypoint. The docker - image''s CMD is used if this is not provided. Variable - references $(VAR_NAME) are expanded using the container''s - environment. If a variable cannot be resolved, the reference - in the input string will be unchanged. The $(VAR_NAME) - syntax can be escaped with a double $$, ie: $$(VAR_NAME). - Escaped references will never be expanded, regardless - of whether the variable exists or not. Cannot be updated. - More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array containerSecurityContext: - description: 'Security options the pod should run with. - More info: https://kubernetes.io/docs/concepts/policy/security-context/ - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether - a process can gain more privileges than its parent - process. This bool directly controls if the no_new_privs - flag will be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as - Privileged 2) has CAP_SYS_ADMIN Note that this field - cannot be set when spec.os.name is windows.' type: boolean appArmorProfile: - description: appArmorProfile is the AppArmor options - to use by this container. If set, this profile overrides - the pod's appArmorProfile. Note that this field - cannot be set when spec.os.name is windows. properties: localhostProfile: - description: localhostProfile indicates a profile - loaded on the node that should be used. The - profile must be preconfigured on the node to - work. Must match the loaded name of the profile. - Must be set if and only if type is "Localhost". type: string type: - description: 'type indicates which kind of AppArmor - profile will be applied. Valid options are: - Localhost - a profile pre-loaded on the node. - RuntimeDefault - the container runtime''s default - profile. Unconfined - no AppArmor enforcement.' type: string required: - type type: object capabilities: - description: The capabilities to add/drop when running - containers. Defaults to the default set of capabilities - granted by the container runtime. Note that this - field cannot be set when spec.os.name is windows. properties: add: - description: Added capabilities items: - description: Capability represent POSIX capabilities - type type: string type: array x-kubernetes-list-type: atomic drop: - description: Removed capabilities items: - description: Capability represent POSIX capabilities - type type: string type: array x-kubernetes-list-type: atomic type: object privileged: - description: Run container in privileged mode. Processes - in privileged containers are essentially equivalent - to root on the host. Defaults to false. Note that - this field cannot be set when spec.os.name is windows. type: boolean procMount: - description: procMount denotes the type of proc mount - to use for the containers. The default is DefaultProcMount - which uses the container runtime defaults for readonly - paths and masked paths. This requires the ProcMountType - feature flag to be enabled. Note that this field - cannot be set when spec.os.name is windows. type: string readOnlyRootFilesystem: - description: Whether this container has a read-only - root filesystem. Default is false. Note that this - field cannot be set when spec.os.name is windows. type: boolean runAsGroup: - description: The GID to run the entrypoint of the - container process. Uses runtime default if unset. - May also be set in PodSecurityContext. If set in - both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name - is windows. format: int64 type: integer runAsNonRoot: - description: Indicates that the container must run - as a non-root user. If true, the Kubelet will validate - the image at runtime to ensure that it does not - run as UID 0 (root) and fail to start the container - if it does. If unset or false, no such validation - will be performed. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint of the - container process. Defaults to user specified in - image metadata if unspecified. May also be set in - PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be - set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be applied to - the container. If unspecified, the container runtime - will allocate a random SELinux context for each - container. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name - is windows. properties: level: - description: Level is SELinux level label that - applies to the container. type: string role: - description: Role is a SELinux role label that - applies to the container. type: string type: - description: Type is a SELinux type label that - applies to the container. type: string user: - description: User is a SELinux user label that - applies to the container. type: string type: object seccompProfile: - description: The seccomp options to use by this container. - If seccomp options are provided at both the pod - & container level, the container options override - the pod options. Note that this field cannot be - set when spec.os.name is windows. properties: localhostProfile: - description: localhostProfile indicates a profile - defined in a file on the node should be used. - The profile must be preconfigured on the node - to work. Must be a descending path, relative - to the kubelet's configured seccomp profile - location. Must be set if type is "Localhost". - Must NOT be set for any other type. type: string type: - description: "type indicates which kind of seccomp - profile will be applied. Valid options are: - \n Localhost - a profile defined in a file on - the node should be used. RuntimeDefault - the - container runtime default profile should be - used. Unconfined - no profile should be applied." type: string required: - type type: object windowsOptions: - description: The Windows specific settings applied - to all containers. If unspecified, the options from - the PodSecurityContext will be used. If set in both - SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence. Note - that this field cannot be set when spec.os.name - is linux. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA - admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential - spec named by the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name - of the GMSA credential spec to use. type: string hostProcess: - description: HostProcess determines if a container - should be run as a 'Host Process' container. - All of a Pod's containers must have the same - effective HostProcess value (it is not allowed - to have a mix of HostProcess containers and - non-HostProcess containers). In addition, if - HostProcess is true then HostNetwork must also - be set to true. type: boolean runAsUserName: - description: The UserName in Windows to run the - entrypoint of the container process. Defaults - to the user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set - in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes - precedence. type: string type: object type: object dnsConfig: - description: Specifies the DNS parameters of a pod. Parameters - specified here will be merged to the generated DNS configuration - based on DNSPolicy. properties: nameservers: - description: A list of DNS name server IP addresses. - This will be appended to the base nameservers generated - from DNSPolicy. Duplicated nameservers will be removed. items: type: string type: array x-kubernetes-list-type: atomic options: - description: A list of DNS resolver options. This - will be merged with the base options generated from - DNSPolicy. Duplicated entries will be removed. Resolution - options given in Options will override those that - appear in the base DNSPolicy. items: - description: PodDNSConfigOption defines DNS resolver - options of a pod. properties: name: - description: Required. type: string value: type: string @@ -2553,152 +1101,71 @@ spec: type: array x-kubernetes-list-type: atomic searches: - description: A list of DNS search domains for host-name - lookup. This will be appended to the base search - paths generated from DNSPolicy. Duplicated search - paths will be removed. items: type: string type: array x-kubernetes-list-type: atomic type: object dnsPolicy: - description: Set DNS policy for the pod. Defaults to "ClusterFirst". - Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', - 'Default' or 'None'. DNS parameters given in DNSConfig - will be merged with the policy selected with DNSPolicy. - To have DNS options set along with hostNetwork, you - have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. type: string enableServiceLinks: - description: 'EnableServiceLinks indicates whether information - about services should be injected into pod''s environment - variables, matching the syntax of Docker links. Optional: - Defaults to true.' type: boolean env: - description: List of environment variables to set in the - container. Cannot be updated. items: - description: EnvVar represents an environment variable - present in a Container. properties: name: - description: Name of the environment variable. Must - be a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) are - expanded using the previously defined environment - variables in the container and any service environment - variables. If a variable cannot be resolved, the - reference in the input string will be unchanged. - Double $$ are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" - will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless - of whether the variable exists or not. Defaults - to "".' type: string valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. properties: configMapKeyRef: - description: Selects a key of a ConfigMap. properties: key: - description: The key to select. type: string name: default: "" - description: 'Name of the referent. This - field is effectively required, but due - to backwards compatibility is allowed - to be empty. Instances of this type with - an empty value here are almost certainly - wrong. TODO: Add other useful fields. - apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the ConfigMap - or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of the pod: supports - metadata.name, metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs.' properties: apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". type: string fieldPath: - description: Path of the field to select - in the specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' properties: containerName: - description: 'Container name: required for - volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output format - of the exposed resources, defaults to - "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to select' type: string required: - resource type: object x-kubernetes-map-type: atomic secretKeyRef: - description: Selects a key of a secret in the - pod's namespace properties: key: - description: The key of the secret to select - from. Must be a valid secret key. type: string name: default: "" - description: 'Name of the referent. This - field is effectively required, but due - to backwards compatibility is allowed - to be empty. Instances of this type with - an empty value here are almost certainly - wrong. TODO: Add other useful fields. - apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the Secret - or its key must be defined type: boolean required: - key @@ -2710,229 +1177,89 @@ spec: type: object type: array hostIPC: - description: 'Use the host''s ipc namespace. Optional: - Default to false.' type: boolean hostNetwork: - description: Host networking requested for this pod. Use - the host's network namespace. If this option is set, - the ports that will be used must be specified. Default - to false. type: boolean hostPID: - description: 'Use the host''s pid namespace. Optional: - Default to false.' type: boolean imagePullSecrets: - description: 'ImagePullSecrets is an optional list of - references to secrets in the same namespace to use for - pulling any of the images used by this PodSpec. If specified, - these secrets will be passed to individual puller implementations - for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' items: - description: LocalObjectReference contains enough information - to let you locate the referenced object inside the - same namespace. properties: name: default: "" - description: 'Name of the referent. This field is - effectively required, but due to backwards compatibility - is allowed to be empty. Instances of this type - with an empty value here are almost certainly - wrong. TODO: Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic type: array initContainers: - description: 'List of initialization containers belonging - to the pod. Init containers are executed in order prior - to containers being started. If any init container fails, - the pod is considered to have failed and is handled - according to its restartPolicy. The name for an init - container or normal container must be unique among all - containers. Init containers may not have Lifecycle actions, - Readiness probes, or Liveness probes. The resourceRequirements - of an init container are taken into account during scheduling - by finding the highest request/limit for each resource - type, and then using the max of of that value or the - sum of the normal containers. Limits are applied to - init containers in a similar fashion. Init containers - cannot currently be added or removed. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' items: - description: A single application container that you - want to run within a pod. properties: args: - description: 'Arguments to the entrypoint. The container - image''s CMD is used if this is not provided. - Variable references $(VAR_NAME) are expanded using - the container''s environment. If a variable cannot - be resolved, the reference in the input string - will be unchanged. Double $$ are reduced to a - single $, which allows for escaping the $(VAR_NAME) - syntax: i.e. "$$(VAR_NAME)" will produce the string - literal "$(VAR_NAME)". Escaped references will - never be expanded, regardless of whether the variable - exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array x-kubernetes-list-type: atomic command: - description: 'Entrypoint array. Not executed within - a shell. The container image''s ENTRYPOINT is - used if this is not provided. Variable references - $(VAR_NAME) are expanded using the container''s - environment. If a variable cannot be resolved, - the reference in the input string will be unchanged. - Double $$ are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" - will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless - of whether the variable exists or not. Cannot - be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array x-kubernetes-list-type: atomic env: - description: List of environment variables to set - in the container. Cannot be updated. items: - description: EnvVar represents an environment - variable present in a Container. properties: name: - description: Name of the environment variable. - Must be a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) - are expanded using the previously defined - environment variables in the container and - any service environment variables. If a - variable cannot be resolved, the reference - in the input string will be unchanged. Double - $$ are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal - "$(VAR_NAME)". Escaped references will never - be expanded, regardless of whether the variable - exists or not. Defaults to "".' type: string valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. properties: configMapKeyRef: - description: Selects a key of a ConfigMap. properties: key: - description: The key to select. type: string name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the ConfigMap - or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of the pod: - supports metadata.name, metadata.namespace, - `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, status.podIPs.' properties: apiVersion: - description: Version of the schema - the FieldPath is written in terms - of, defaults to "v1". type: string fieldPath: - description: Path of the field to - select in the specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource of the - container: only resources limits and - requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' properties: containerName: - description: 'Container name: required - for volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output - format of the exposed resources, - defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to - select' type: string required: - resource type: object x-kubernetes-map-type: atomic secretKeyRef: - description: Selects a key of a secret - in the pod's namespace properties: key: - description: The key of the secret - to select from. Must be a valid - secret key. type: string name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the Secret - or its key must be defined type: boolean required: - key @@ -2947,65 +1274,25 @@ spec: - name x-kubernetes-list-type: map envFrom: - description: List of sources to populate environment - variables in the container. The keys defined within - a source must be a C_IDENTIFIER. All invalid keys - will be reported as an event when the container - is starting. When a key exists in multiple sources, - the value associated with the last source will - take precedence. Values defined by an Env with - a duplicate key will take precedence. Cannot be - updated. items: - description: EnvFromSource represents the source - of a set of ConfigMaps properties: configMapRef: - description: The ConfigMap to select from properties: name: default: "" - description: 'Name of the referent. This - field is effectively required, but due - to backwards compatibility is allowed - to be empty. Instances of this type - with an empty value here are almost - certainly wrong. TODO: Add other useful - fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the ConfigMap - must be defined type: boolean type: object x-kubernetes-map-type: atomic prefix: - description: An optional identifier to prepend - to each key in the ConfigMap. Must be a - C_IDENTIFIER. type: string secretRef: - description: The Secret to select from properties: name: default: "" - description: 'Name of the referent. This - field is effectively required, but due - to backwards compatibility is allowed - to be empty. Instances of this type - with an empty value here are almost - certainly wrong. TODO: Add other useful - fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the Secret - must be defined type: boolean type: object x-kubernetes-map-type: atomic @@ -3013,80 +1300,31 @@ spec: type: array x-kubernetes-list-type: atomic image: - description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config - management to default or override container images - in workload controllers like Deployments and StatefulSets.' type: string imagePullPolicy: - description: 'Image pull policy. One of Always, - Never, IfNotPresent. Defaults to Always if :latest - tag is specified, or IfNotPresent otherwise. Cannot - be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' type: string lifecycle: - description: Actions that the management system - should take in response to container lifecycle - events. Cannot be updated. properties: postStart: - description: 'PostStart is called immediately - after a container is created. If the handler - fails, the container is terminated and restarted - according to its restart policy. Other management - of the container blocks until the hook completes. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: Exec specifies the action to - take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it is - not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to - explicitly call out to that shell. - Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the http - request to perform. properties: host: - description: Host name to connect to, - defaults to the pod IP. You probably - want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers to set in - the request. HTTP allows repeated - headers. items: - description: HTTPHeader describes - a custom header to be used in HTTP - probes properties: name: - description: The header field - name. This will be canonicalized - upon output, so case-variant - names will be understood as - the same header. type: string value: - description: The header field - value type: string required: - name @@ -3095,129 +1333,58 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the HTTP - server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. type: string required: - port type: object sleep: - description: Sleep represents the duration - that the container should sleep before - being terminated. properties: seconds: - description: Seconds is the number of - seconds to sleep. format: int64 type: integer required: - seconds type: object tcpSocket: - description: Deprecated. TCPSocket is NOT - supported as a LifecycleHandler and kept - for the backward compatibility. There - are no validation of this field and lifecycle - hooks will fail in runtime when tcp handler - is specified. properties: host: - description: 'Optional: Host name to - connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: - description: 'PreStop is called immediately - before a container is terminated due to an - API request or management event such as liveness/startup - probe failure, preemption, resource contention, - etc. The handler is not called if the container - crashes or exits. The Pod''s termination grace - period countdown begins before the PreStop - hook is executed. Regardless of the outcome - of the handler, the container will eventually - terminate within the Pod''s termination grace - period (unless delayed by finalizers). Other - management of the container blocks until the - hook completes or until the termination grace - period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: Exec specifies the action to - take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it is - not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to - explicitly call out to that shell. - Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the http - request to perform. properties: host: - description: Host name to connect to, - defaults to the pod IP. You probably - want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers to set in - the request. HTTP allows repeated - headers. items: - description: HTTPHeader describes - a custom header to be used in HTTP - probes properties: name: - description: The header field - name. This will be canonicalized - upon output, so case-variant - names will be understood as - the same header. type: string value: - description: The header field - value type: string required: - name @@ -3226,58 +1393,33 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the HTTP - server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. type: string required: - port type: object sleep: - description: Sleep represents the duration - that the container should sleep before - being terminated. properties: seconds: - description: Seconds is the number of - seconds to sleep. format: int64 type: integer required: - seconds type: object tcpSocket: - description: Deprecated. TCPSocket is NOT - supported as a LifecycleHandler and kept - for the backward compatibility. There - are no validation of this field and lifecycle - hooks will fail in runtime when tcp handler - is specified. properties: host: - description: 'Optional: Host name to - connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -3285,79 +1427,38 @@ spec: type: object type: object livenessProbe: - description: 'Periodic probe of container liveness. - Container will be restarted if the probe fails. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line - to execute inside the container, the working - directory for the command is root ('/') - in the container's filesystem. The command - is simply exec'd, it is not run inside - a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, - you need to explicitly call out to that - shell. Exit status of 0 is treated as - live/healthy and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive failures for - the probe to be considered failed after having - succeeded. Defaults to 3. Minimum value is - 1. format: int32 type: integer grpc: - description: GRPC specifies an action involving - a GRPC port. properties: port: - description: Port number of the gRPC service. - Number must be in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name of the - service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default - behavior is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request - to perform. properties: host: - description: Host name to connect to, defaults - to the pod IP. You probably want to set - "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the - request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom - header to be used in HTTP probes properties: name: - description: The header field name. - This will be canonicalized upon - output, so case-variant names will - be understood as the same header. type: string value: - description: The header field value type: string required: - name @@ -3366,138 +1467,62 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the HTTP - server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container - has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform - the probe. Default to 10 seconds. Minimum - value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for - the probe to be considered successful after - having failed. Defaults to 1. Must be 1 for - liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving - a TCP port. properties: host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds the - pod needs to terminate gracefully upon probe - failure. The grace period is the duration - in seconds after the processes running in - the pod are sent a termination signal and - the time when the processes are forcibly halted - with a kill signal. Set this value longer - than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this value overrides - the value provided by the pod spec. Value - must be non-negative integer. The value zero - indicates stop immediately via the kill signal - (no opportunity to shut down). This is a beta - field and requires enabling ProbeTerminationGracePeriod - feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which - the probe times out. Defaults to 1 second. - Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object name: - description: Name of the container specified as - a DNS_LABEL. Each container in a pod must have - a unique name (DNS_LABEL). Cannot be updated. type: string ports: - description: List of ports to expose from the container. - Not specifying a port here DOES NOT prevent that - port from being exposed. Any port which is listening - on the default "0.0.0.0" address inside a container - will be accessible from the network. Modifying - this array with strategic merge patch may corrupt - the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. - Cannot be updated. items: - description: ContainerPort represents a network - port in a single container. properties: containerPort: - description: Number of port to expose on the - pod's IP address. This must be a valid port - number, 0 < x < 65536. format: int32 type: integer hostIP: - description: What host IP to bind the external - port to. type: string hostPort: - description: Number of port to expose on the - host. If specified, this must be a valid - port number, 0 < x < 65536. If HostNetwork - is specified, this must match ContainerPort. - Most containers do not need this. format: int32 type: integer name: - description: If specified, this must be an - IANA_SVC_NAME and unique within the pod. - Each named port in a pod must have a unique - name. Name for the port that can be referred - to by services. type: string protocol: default: TCP - description: Protocol for port. Must be UDP, - TCP, or SCTP. Defaults to "TCP". type: string required: - containerPort @@ -3508,80 +1533,38 @@ spec: - protocol x-kubernetes-list-type: map readinessProbe: - description: 'Periodic probe of container service - readiness. Container will be removed from service - endpoints if the probe fails. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line - to execute inside the container, the working - directory for the command is root ('/') - in the container's filesystem. The command - is simply exec'd, it is not run inside - a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, - you need to explicitly call out to that - shell. Exit status of 0 is treated as - live/healthy and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive failures for - the probe to be considered failed after having - succeeded. Defaults to 3. Minimum value is - 1. format: int32 type: integer grpc: - description: GRPC specifies an action involving - a GRPC port. properties: port: - description: Port number of the gRPC service. - Number must be in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name of the - service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default - behavior is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request - to perform. properties: host: - description: Host name to connect to, defaults - to the pod IP. You probably want to set - "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the - request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom - header to be used in HTTP probes properties: name: - description: The header field name. - This will be canonicalized upon - output, so case-variant names will - be understood as the same header. type: string value: - description: The header field value type: string required: - name @@ -3590,106 +1573,51 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the HTTP - server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container - has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform - the probe. Default to 10 seconds. Minimum - value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for - the probe to be considered successful after - having failed. Defaults to 1. Must be 1 for - liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving - a TCP port. properties: host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds the - pod needs to terminate gracefully upon probe - failure. The grace period is the duration - in seconds after the processes running in - the pod are sent a termination signal and - the time when the processes are forcibly halted - with a kill signal. Set this value longer - than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this value overrides - the value provided by the pod spec. Value - must be non-negative integer. The value zero - indicates stop immediately via the kill signal - (no opportunity to shut down). This is a beta - field and requires enabling ProbeTerminationGracePeriod - feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which - the probe times out. Defaults to 1 second. - Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object resizePolicy: - description: Resources resize policy for the container. items: - description: ContainerResizePolicy represents - resource resize policy for the container. properties: resourceName: - description: 'Name of the resource to which - this resource resize policy applies. Supported - values: cpu, memory.' type: string restartPolicy: - description: Restart policy to apply when - specified resource is resized. If not specified, - it defaults to NotRequired. type: string required: - resourceName @@ -3698,26 +1626,11 @@ spec: type: array x-kubernetes-list-type: atomic resources: - description: 'Compute Resources required by this - container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' properties: claims: - description: "Claims lists the names of resources, - defined in spec.resourceClaims, that are used - by this container. \n This is an alpha field - and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. - It can only be set for containers." items: - description: ResourceClaim references one - entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name - of one entry in pod.spec.resourceClaims - of the Pod where this field is used. - It makes that resource available inside - a container. type: string required: - name @@ -3733,8 +1646,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount - of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -3743,340 +1654,115 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum - amount of compute resources required. If Requests - is omitted for a container, it defaults to - Limits if that is explicitly specified, otherwise - to an implementation-defined value. Requests - cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object restartPolicy: - description: 'RestartPolicy defines the restart - behavior of individual containers in a pod. This - field may only be set for init containers, and - the only allowed value is "Always". For non-init - containers or when this field is not specified, - the restart behavior is defined by the Pod''s - restart policy and the container type. Setting - the RestartPolicy as "Always" for the init container - will have the following effect: this init container - will be continually restarted on exit until all - regular containers have terminated. Once all regular - containers have completed, all init containers - with restartPolicy "Always" will be shut down. - This lifecycle differs from normal init containers - and is often referred to as a "sidecar" container. - Although this init container still starts in the - init container sequence, it does not wait for - the container to complete before proceeding to - the next init container. Instead, the next init - container starts immediately after this init container - is started, or after any startupProbe has successfully - completed.' type: string securityContext: - description: 'SecurityContext defines the security - options the container should be run with. If set, - the fields of SecurityContext override the equivalent - fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls - whether a process can gain more privileges - than its parent process. This bool directly - controls if the no_new_privs flag will be - set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run - as Privileged 2) has CAP_SYS_ADMIN Note that - this field cannot be set when spec.os.name - is windows.' type: boolean appArmorProfile: - description: appArmorProfile is the AppArmor - options to use by this container. If set, - this profile overrides the pod's appArmorProfile. - Note that this field cannot be set when spec.os.name - is windows. properties: localhostProfile: - description: localhostProfile indicates - a profile loaded on the node that should - be used. The profile must be preconfigured - on the node to work. Must match the loaded - name of the profile. Must be set if and - only if type is "Localhost". type: string type: - description: 'type indicates which kind - of AppArmor profile will be applied. Valid - options are: Localhost - a profile pre-loaded - on the node. RuntimeDefault - the container - runtime''s default profile. Unconfined - - no AppArmor enforcement.' type: string required: - type type: object capabilities: - description: The capabilities to add/drop when - running containers. Defaults to the default - set of capabilities granted by the container - runtime. Note that this field cannot be set - when spec.os.name is windows. properties: add: - description: Added capabilities items: - description: Capability represent POSIX - capabilities type type: string type: array x-kubernetes-list-type: atomic drop: - description: Removed capabilities items: - description: Capability represent POSIX - capabilities type type: string type: array x-kubernetes-list-type: atomic type: object privileged: - description: Run container in privileged mode. - Processes in privileged containers are essentially - equivalent to root on the host. Defaults to - false. Note that this field cannot be set - when spec.os.name is windows. type: boolean procMount: - description: procMount denotes the type of proc - mount to use for the containers. The default - is DefaultProcMount which uses the container - runtime defaults for readonly paths and masked - paths. This requires the ProcMountType feature - flag to be enabled. Note that this field cannot - be set when spec.os.name is windows. type: string readOnlyRootFilesystem: - description: Whether this container has a read-only - root filesystem. Default is false. Note that - this field cannot be set when spec.os.name - is windows. type: boolean runAsGroup: - description: The GID to run the entrypoint of - the container process. Uses runtime default - if unset. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes - precedence. Note that this field cannot be - set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: - description: Indicates that the container must - run as a non-root user. If true, the Kubelet - will validate the image at runtime to ensure - that it does not run as UID 0 (root) and fail - to start the container if it does. If unset - or false, no such validation will be performed. - May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes - precedence. type: boolean runAsUser: - description: The UID to run the entrypoint of - the container process. Defaults to user specified - in image metadata if unspecified. May also - be set in PodSecurityContext. If set in both - SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name - is windows. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be applied - to the container. If unspecified, the container - runtime will allocate a random SELinux context - for each container. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes - precedence. Note that this field cannot be - set when spec.os.name is windows. properties: level: - description: Level is SELinux level label - that applies to the container. type: string role: - description: Role is a SELinux role label - that applies to the container. type: string type: - description: Type is a SELinux type label - that applies to the container. type: string user: - description: User is a SELinux user label - that applies to the container. type: string type: object seccompProfile: - description: The seccomp options to use by this - container. If seccomp options are provided - at both the pod & container level, the container - options override the pod options. Note that - this field cannot be set when spec.os.name - is windows. properties: localhostProfile: - description: localhostProfile indicates - a profile defined in a file on the node - should be used. The profile must be preconfigured - on the node to work. Must be a descending - path, relative to the kubelet's configured - seccomp profile location. Must be set - if type is "Localhost". Must NOT be set - for any other type. type: string type: - description: "type indicates which kind - of seccomp profile will be applied. Valid - options are: \n Localhost - a profile - defined in a file on the node should be - used. RuntimeDefault - the container runtime - default profile should be used. Unconfined - - no profile should be applied." type: string required: - type type: object windowsOptions: - description: The Windows specific settings applied - to all containers. If unspecified, the options - from the PodSecurityContext will be used. - If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes - precedence. Note that this field cannot be - set when spec.os.name is linux. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is where - the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential - spec named by the GMSACredentialSpecName - field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName is the - name of the GMSA credential spec to use. type: string hostProcess: - description: HostProcess determines if a - container should be run as a 'Host Process' - container. All of a Pod's containers must - have the same effective HostProcess value - (it is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). - In addition, if HostProcess is true then - HostNetwork must also be set to true. type: boolean runAsUserName: - description: The UserName in Windows to - run the entrypoint of the container process. - Defaults to the user specified in image - metadata if unspecified. May also be set - in PodSecurityContext. If set in both - SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. type: string type: object type: object startupProbe: - description: 'StartupProbe indicates that the Pod - has successfully initialized. If specified, no - other probes are executed until this completes - successfully. If this probe fails, the Pod will - be restarted, just as if the livenessProbe failed. - This can be used to provide different probe parameters - at the beginning of a Pod''s lifecycle, when it - might take a long time to load data or warm a - cache, than during steady-state operation. This - cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line - to execute inside the container, the working - directory for the command is root ('/') - in the container's filesystem. The command - is simply exec'd, it is not run inside - a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, - you need to explicitly call out to that - shell. Exit status of 0 is treated as - live/healthy and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive failures for - the probe to be considered failed after having - succeeded. Defaults to 3. Minimum value is - 1. format: int32 type: integer grpc: - description: GRPC specifies an action involving - a GRPC port. properties: port: - description: Port number of the gRPC service. - Number must be in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name of the - service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default - behavior is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request - to perform. properties: host: - description: Host name to connect to, defaults - to the pod IP. You probably want to set - "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the - request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom - header to be used in HTTP probes properties: name: - description: The header field name. - This will be canonicalized upon - output, so case-variant names will - be understood as the same header. type: string value: - description: The header field value type: string required: - name @@ -4085,153 +1771,61 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the HTTP - server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container - has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform - the probe. Default to 10 seconds. Minimum - value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for - the probe to be considered successful after - having failed. Defaults to 1. Must be 1 for - liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving - a TCP port. properties: host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds the - pod needs to terminate gracefully upon probe - failure. The grace period is the duration - in seconds after the processes running in - the pod are sent a termination signal and - the time when the processes are forcibly halted - with a kill signal. Set this value longer - than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this value overrides - the value provided by the pod spec. Value - must be non-negative integer. The value zero - indicates stop immediately via the kill signal - (no opportunity to shut down). This is a beta - field and requires enabling ProbeTerminationGracePeriod - feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which - the probe times out. Defaults to 1 second. - Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object stdin: - description: Whether this container should allocate - a buffer for stdin in the container runtime. If - this is not set, reads from stdin in the container - will always result in EOF. Default is false. type: boolean stdinOnce: - description: Whether the container runtime should - close the stdin channel after it has been opened - by a single attach. When stdin is true the stdin - stream will remain open across multiple attach - sessions. If stdinOnce is set to true, stdin is - opened on container start, is empty until the - first client attaches to stdin, and then remains - open and accepts data until the client disconnects, - at which time stdin is closed and remains closed - until the container is restarted. If this flag - is false, a container processes that reads from - stdin will never receive an EOF. Default is false type: boolean terminationMessagePath: - description: 'Optional: Path at which the file to - which the container''s termination message will - be written is mounted into the container''s filesystem. - Message written is intended to be brief final - status, such as an assertion failure message. - Will be truncated by the node if greater than - 4096 bytes. The total message length across all - containers will be limited to 12kb. Defaults to - /dev/termination-log. Cannot be updated.' type: string terminationMessagePolicy: - description: Indicate how the termination message - should be populated. File will use the contents - of terminationMessagePath to populate the container - status message on both success and failure. FallbackToLogsOnError - will use the last chunk of container log output - if the termination message file is empty and the - container exited with an error. The log output - is limited to 2048 bytes or 80 lines, whichever - is smaller. Defaults to File. Cannot be updated. type: string tty: - description: Whether this container should allocate - a TTY for itself, also requires 'stdin' to be - true. Default is false. type: boolean volumeDevices: - description: volumeDevices is the list of block - devices to be used by the container. items: - description: volumeDevice describes a mapping - of a raw block device within a container. properties: devicePath: - description: devicePath is the path inside - of the container that the device will be - mapped to. type: string name: - description: name must match the name of a - persistentVolumeClaim in the pod type: string required: - devicePath @@ -4242,70 +1836,21 @@ spec: - devicePath x-kubernetes-list-type: map volumeMounts: - description: Pod volumes to mount into the container's - filesystem. Cannot be updated. items: - description: VolumeMount describes a mounting - of a Volume within a container. properties: mountPath: - description: Path within the container at - which the volume should be mounted. Must - not contain ':'. type: string mountPropagation: - description: mountPropagation determines how - mounts are propagated from the host to container - and the other way around. When not set, - MountPropagationNone is used. This field - is beta in 1.10. When RecursiveReadOnly - is set to IfPossible or to Enabled, MountPropagation - must be None or unspecified (which defaults - to None). type: string name: - description: This must match the Name of a - Volume. type: string readOnly: - description: Mounted read-only if true, read-write - otherwise (false or unspecified). Defaults - to false. type: boolean recursiveReadOnly: - description: "RecursiveReadOnly specifies - whether read-only mounts should be handled - recursively. \n If ReadOnly is false, this - field has no meaning and must be unspecified. - \n If ReadOnly is true, and this field is - set to Disabled, the mount is not made recursively - read-only. If this field is set to IfPossible, - the mount is made recursively read-only, - if it is supported by the container runtime. - \ If this field is set to Enabled, the mount - is made recursively read-only if it is supported - by the container runtime, otherwise the - pod will not be started and an error will - be generated to indicate the reason. \n - If this field is set to IfPossible or Enabled, - MountPropagation must be set to None (or - be unspecified, which defaults to None). - \n If this field is not specified, it is - treated as an equivalent of Disabled." type: string subPath: - description: Path within the volume from which - the container's volume should be mounted. - Defaults to "" (volume's root). type: string subPathExpr: - description: Expanded path within the volume - from which the container's volume should - be mounted. Behaves similarly to SubPath - but environment variable references $(VAR_NAME) - are expanded using the container's environment. - Defaults to "" (volume's root). SubPathExpr - and SubPath are mutually exclusive. type: string required: - mountPath @@ -4316,70 +1861,33 @@ spec: - mountPath x-kubernetes-list-type: map workingDir: - description: Container's working directory. If not - specified, the container runtime's default will - be used, which might be configured in the container - image. Cannot be updated. type: string required: - name type: object type: array lifecycle: - description: Actions that the management system should - take in response to container lifecycle events. Cannot - be updated. properties: postStart: - description: 'PostStart is called immediately after - a container is created. If the handler fails, the - container is terminated and restarted according - to its restart policy. Other management of the container - blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line to - execute inside the container, the working - directory for the command is root ('/') - in the container's filesystem. The command - is simply exec'd, it is not run inside a - shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you - need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the http request - to perform. properties: host: - description: Host name to connect to, defaults - to the pod IP. You probably want to set - "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the - request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom - header to be used in HTTP probes properties: name: - description: The header field name. - This will be canonicalized upon output, - so case-variant names will be understood - as the same header. type: string value: - description: The header field value type: string required: - name @@ -4388,118 +1896,58 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port to - access on the container. Number must be - in the range 1 to 65535. Name must be an - IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. type: string required: - port type: object sleep: - description: Sleep represents the duration that - the container should sleep before being terminated. properties: seconds: - description: Seconds is the number of seconds - to sleep. format: int64 type: integer required: - seconds type: object tcpSocket: - description: Deprecated. TCPSocket is NOT supported - as a LifecycleHandler and kept for the backward - compatibility. There are no validation of this - field and lifecycle hooks will fail in runtime - when tcp handler is specified. properties: host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to - access on the container. Number must be - in the range 1 to 65535. Name must be an - IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: - description: 'PreStop is called immediately before - a container is terminated due to an API request - or management event such as liveness/startup probe - failure, preemption, resource contention, etc. The - handler is not called if the container crashes or - exits. The Pod''s termination grace period countdown - begins before the PreStop hook is executed. Regardless - of the outcome of the handler, the container will - eventually terminate within the Pod''s termination - grace period (unless delayed by finalizers). Other - management of the container blocks until the hook - completes or until the termination grace period - is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line to - execute inside the container, the working - directory for the command is root ('/') - in the container's filesystem. The command - is simply exec'd, it is not run inside a - shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you - need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the http request - to perform. properties: host: - description: Host name to connect to, defaults - to the pod IP. You probably want to set - "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the - request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom - header to be used in HTTP probes properties: name: - description: The header field name. - This will be canonicalized upon output, - so case-variant names will be understood - as the same header. type: string value: - description: The header field value type: string required: - name @@ -4508,55 +1956,33 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port to - access on the container. Number must be - in the range 1 to 65535. Name must be an - IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. type: string required: - port type: object sleep: - description: Sleep represents the duration that - the container should sleep before being terminated. properties: seconds: - description: Seconds is the number of seconds - to sleep. format: int64 type: integer required: - seconds type: object tcpSocket: - description: Deprecated. TCPSocket is NOT supported - as a LifecycleHandler and kept for the backward - compatibility. There are no validation of this - field and lifecycle hooks will fail in runtime - when tcp handler is specified. properties: host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to - access on the container. Number must be - in the range 1 to 65535. Name must be an - IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -4564,79 +1990,38 @@ spec: type: object type: object livenessProbe: - description: 'Periodic probe of container liveness. Container - will be restarted if the probe fails. Controllers may - set default LivenessProbe if no liveness probe is provided. - To ignore defaulting, set the value to empty LivenessProbe - "{}". Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory - for the command is root ('/') in the container's - filesystem. The command is simply exec'd, it - is not run inside a shell, so traditional shell - instructions ('|', etc) won't work. To use a - shell, you need to explicitly call out to that - shell. Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive failures for the - probe to be considered failed after having succeeded. - Defaults to 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action involving a - GRPC port. properties: port: - description: Port number of the gRPC service. - Number must be in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name of the service - to place in the gRPC HealthCheckRequest (see - https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request to - perform. properties: host: - description: Host name to connect to, defaults - to the pod IP. You probably want to set "Host" - in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes properties: name: - description: The header field name. This - will be canonicalized upon output, so - case-variant names will be understood - as the same header. type: string value: - description: The header field value type: string required: - name @@ -4645,204 +2030,95 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the - host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container - has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the - probe. Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the - probe to be considered successful after having failed. - Defaults to 1. Must be 1 for liveness and startup. - Minimum value is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving - a TCP port. properties: host: - description: 'Optional: Host name to connect to, - defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds the pod - needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after - the processes running in the pod are sent a termination - signal and the time when the processes are forcibly - halted with a kill signal. Set this value longer - than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this value overrides the - value provided by the pod spec. Value must be non-negative - integer. The value zero indicates stop immediately - via the kill signal (no opportunity to shut down). - This is a beta field and requires enabling ProbeTerminationGracePeriod - feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which the probe - times out. Defaults to 1 second. Minimum value is - 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object nodeSelector: additionalProperties: type: string - description: 'NodeSelector is a selector which must be - true for the pod to fit on a node. Selector which must - match a node''s labels for the pod to be scheduled on - that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' type: object x-kubernetes-map-type: atomic podPlacementPolicy: - description: PodPlacementPolicy is the reference of the - podPlacementPolicy properties: name: default: "" - description: 'Name of the referent. This field is - effectively required, but due to backwards compatibility - is allowed to be empty. Instances of this type with - an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, - uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic priority: - description: The priority value. Various system components - use this field to find the priority of the pod. When - Priority Admission Controller is enabled, it prevents - users from setting this field. The admission controller - populates this field from PriorityClassName. The higher - the value, the higher the priority. format: int32 type: integer priorityClassName: - description: If specified, indicates the pod's priority. - "system-node-critical" and "system-cluster-critical" - are two special keywords which indicate the highest - priorities with the former being the highest priority. - Any other name must be defined by creating a PriorityClass - object with that name. If not specified, the pod priority - will be default or zero if there is no default. type: string readinessProbe: - description: 'Periodic probe of container service readiness. - Container will be removed from service endpoints if - the probe fails. Cannot be updated. Controllers may - set default ReadinessProbe if no readyness probe is - provided. To ignore defaulting, set the value to empty - ReadynessProbe "{}". More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory - for the command is root ('/') in the container's - filesystem. The command is simply exec'd, it - is not run inside a shell, so traditional shell - instructions ('|', etc) won't work. To use a - shell, you need to explicitly call out to that - shell. Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive failures for the - probe to be considered failed after having succeeded. - Defaults to 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action involving a - GRPC port. properties: port: - description: Port number of the gRPC service. - Number must be in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name of the service - to place in the gRPC HealthCheckRequest (see - https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request to - perform. properties: host: - description: Host name to connect to, defaults - to the pod IP. You probably want to set "Host" - in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes properties: name: - description: The header field name. This - will be canonicalized upon output, so - case-variant names will be understood - as the same header. type: string value: - description: The header field value type: string required: - name @@ -4851,105 +2127,51 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the - host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container - has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the - probe. Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the - probe to be considered successful after having failed. - Defaults to 1. Must be 1 for liveness and startup. - Minimum value is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving - a TCP port. properties: host: - description: 'Optional: Host name to connect to, - defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds the pod - needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after - the processes running in the pod are sent a termination - signal and the time when the processes are forcibly - halted with a kill signal. Set this value longer - than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this value overrides the - value provided by the pod spec. Value must be non-negative - integer. The value zero indicates stop immediately - via the kill signal (no opportunity to shut down). - This is a beta field and requires enabling ProbeTerminationGracePeriod - feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which the probe - times out. Defaults to 1 second. Minimum value is - 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object resources: - description: Compute Resources required by the sidecar - container. properties: claims: - description: "Claims lists the names of resources, - defined in spec.resourceClaims, that are used by - this container. \n This is an alpha field and requires - enabling the DynamicResourceAllocation feature gate. - \n This field is immutable. It can only be set for - containers." items: - description: ResourceClaim references one entry - in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of one - entry in pod.spec.resourceClaims of the Pod - where this field is used. It makes that resource - available inside a container. type: string required: - name @@ -4965,8 +2187,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount - of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -4975,195 +2195,68 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount - of compute resources required. If Requests is omitted - for a container, it defaults to Limits if that is - explicitly specified, otherwise to an implementation-defined - value. Requests cannot exceed Limits. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object runtimeClassName: - description: 'RuntimeClassName refers to a RuntimeClass - object in the node.k8s.io group, which should be used - to run this pod. If no RuntimeClass resource matches - the named class, the pod will not be run. If unset or - empty, the "legacy" RuntimeClass will be used, which - is an implicit class with an empty definition that uses - the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class' type: string schedulerName: - description: If specified, the pod will be dispatched - by specified scheduler. If not specified, the pod will - be dispatched by default scheduler. type: string securityContext: - description: 'SecurityContext holds pod-level security - attributes and common container settings. Optional: - Defaults to empty. See type description for default - values of each field.' properties: appArmorProfile: - description: appArmorProfile is the AppArmor options - to use by the containers in this pod. Note that - this field cannot be set when spec.os.name is windows. properties: localhostProfile: - description: localhostProfile indicates a profile - loaded on the node that should be used. The - profile must be preconfigured on the node to - work. Must match the loaded name of the profile. - Must be set if and only if type is "Localhost". type: string type: - description: 'type indicates which kind of AppArmor - profile will be applied. Valid options are: - Localhost - a profile pre-loaded on the node. - RuntimeDefault - the container runtime''s default - profile. Unconfined - no AppArmor enforcement.' type: string required: - type type: object fsGroup: - description: "A special supplemental group that applies - to all containers in a pod. Some volume types allow - the Kubelet to change the ownership of that volume - to be owned by the pod: \n 1. The owning GID will - be the FSGroup 2. The setgid bit is set (new files - created in the volume will be owned by FSGroup) - 3. The permission bits are OR'd with rw-rw---- \n - If unset, the Kubelet will not modify the ownership - and permissions of any volume. Note that this field - cannot be set when spec.os.name is windows." format: int64 type: integer fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines behavior - of changing ownership and permission of the volume - before being exposed inside Pod. This field will - only apply to volume types which support fsGroup - based ownership(and permissions). It will have no - effect on ephemeral volume types such as: secret, - configmaps and emptydir. Valid values are "OnRootMismatch" - and "Always". If not specified, "Always" is used. - Note that this field cannot be set when spec.os.name - is windows.' type: string runAsGroup: - description: The GID to run the entrypoint of the - container process. Uses runtime default if unset. - May also be set in SecurityContext. If set in both - SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence for - that container. Note that this field cannot be set - when spec.os.name is windows. format: int64 type: integer runAsNonRoot: - description: Indicates that the container must run - as a non-root user. If true, the Kubelet will validate - the image at runtime to ensure that it does not - run as UID 0 (root) and fail to start the container - if it does. If unset or false, no such validation - will be performed. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint of the - container process. Defaults to user specified in - image metadata if unspecified. May also be set in - SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. Note that this - field cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be applied to - all containers. If unspecified, the container runtime - will allocate a random SELinux context for each - container. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence - for that container. Note that this field cannot - be set when spec.os.name is windows. properties: level: - description: Level is SELinux level label that - applies to the container. type: string role: - description: Role is a SELinux role label that - applies to the container. type: string type: - description: Type is a SELinux type label that - applies to the container. type: string user: - description: User is a SELinux user label that - applies to the container. type: string type: object seccompProfile: - description: The seccomp options to use by the containers - in this pod. Note that this field cannot be set - when spec.os.name is windows. properties: localhostProfile: - description: localhostProfile indicates a profile - defined in a file on the node should be used. - The profile must be preconfigured on the node - to work. Must be a descending path, relative - to the kubelet's configured seccomp profile - location. Must be set if type is "Localhost". - Must NOT be set for any other type. type: string type: - description: "type indicates which kind of seccomp - profile will be applied. Valid options are: - \n Localhost - a profile defined in a file on - the node should be used. RuntimeDefault - the - container runtime default profile should be - used. Unconfined - no profile should be applied." type: string required: - type type: object supplementalGroups: - description: A list of groups applied to the first - process run in each container, in addition to the - container's primary GID, the fsGroup (if specified), - and group memberships defined in the container image - for the uid of the container process. If unspecified, - no additional groups are added to any container. - Note that group memberships defined in the container - image for the uid of the container process are still - effective, even if they are not included in this - list. Note that this field cannot be set when spec.os.name - is windows. items: format: int64 type: integer type: array x-kubernetes-list-type: atomic sysctls: - description: Sysctls hold a list of namespaced sysctls - used for the pod. Pods with unsupported sysctls - (by the container runtime) might fail to launch. - Note that this field cannot be set when spec.os.name - is windows. items: - description: Sysctl defines a kernel parameter to - be set properties: name: - description: Name of a property to set type: string value: - description: Value of a property to set type: string required: - name @@ -5172,159 +2265,53 @@ spec: type: array x-kubernetes-list-type: atomic windowsOptions: - description: The Windows specific settings applied - to all containers. If unspecified, the options within - a container's SecurityContext will be used. If set - in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name - is linux. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA - admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential - spec named by the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name - of the GMSA credential spec to use. type: string hostProcess: - description: HostProcess determines if a container - should be run as a 'Host Process' container. - All of a Pod's containers must have the same - effective HostProcess value (it is not allowed - to have a mix of HostProcess containers and - non-HostProcess containers). In addition, if - HostProcess is true then HostNetwork must also - be set to true. type: boolean runAsUserName: - description: The UserName in Windows to run the - entrypoint of the container process. Defaults - to the user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set - in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes - precedence. type: string type: object type: object serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount - to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' type: string shareProcessNamespace: - description: 'Share a single process namespace between - all of the containers in a pod. When this is set containers - will be able to view and signal processes from other - containers in the same pod, and the first process in - each container will not be assigned PID 1. HostPID and - ShareProcessNamespace cannot both be set. Optional: - Default to false.' type: boolean terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs - to terminate gracefully. May be decreased in delete - request. Value must be non-negative integer. The value - zero indicates stop immediately via the kill signal - (no opportunity to shut down). If this value is nil, - the default grace period will be used instead. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and - the time when the processes are forcibly halted with - a kill signal. Set this value longer than the expected - cleanup time for your process. Defaults to 30 seconds. format: int64 type: integer tolerations: - description: If specified, the pod's tolerations. items: - description: The pod this Toleration is attached to - tolerates any taint that matches the triple - using the matching operator . properties: effect: - description: Effect indicates the taint effect to - match. Empty means match all taint effects. When - specified, allowed values are NoSchedule, PreferNoSchedule - and NoExecute. type: string key: - description: Key is the taint key that the toleration - applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; - this combination means to match all values and - all keys. type: string operator: - description: Operator represents a key's relationship - to the value. Valid operators are Exists and Equal. - Defaults to Equal. Exists is equivalent to wildcard - for value, so that a pod can tolerate all taints - of a particular category. type: string tolerationSeconds: - description: TolerationSeconds represents the period - of time the toleration (which must be of effect - NoExecute, otherwise this field is ignored) tolerates - the taint. By default, it is not set, which means - tolerate the taint forever (do not evict). Zero - and negative values will be treated as 0 (evict - immediately) by the system. format: int64 type: integer value: - description: Value is the taint value the toleration - matches to. If the operator is Exists, the value - should be empty, otherwise just a regular string. type: string type: object type: array topologySpreadConstraints: - description: TopologySpreadConstraints describes how a - group of pods ought to spread across topology domains. - Scheduler will schedule pods in a way which abides by - the constraints. All topologySpreadConstraints are ANDed. items: - description: TopologySpreadConstraint specifies how - to spread matching pods among the given topology. properties: labelSelector: - description: LabelSelector is used to find matching - pods. Pods that match this label selector are - counted to determine the number of pods in their - corresponding topology domain. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: key is the label key that - the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. items: type: string type: array @@ -5338,145 +2325,27 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: "MatchLabelKeys is a set of pod label - keys to select the pods over which spreading will - be calculated. The keys are used to lookup values - from the incoming pod labels, those key-value - labels are ANDed with labelSelector to select - the group of existing pods over which spreading - will be calculated for the incoming pod. The same - key is forbidden to exist in both MatchLabelKeys - and LabelSelector. MatchLabelKeys cannot be set - when LabelSelector isn't set. Keys that don't - exist in the incoming pod labels will be ignored. - A null or empty list means only match against - labelSelector. \n This is a beta field and requires - the MatchLabelKeysInPodTopologySpread feature - gate to be enabled (enabled by default)." items: type: string type: array x-kubernetes-list-type: atomic maxSkew: - description: 'MaxSkew describes the degree to which - pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, - it is the maximum permitted difference between - the number of matching pods in the target topology - and the global minimum. The global minimum is - the minimum number of matching pods in an eligible - domain or zero if the number of eligible domains - is less than MinDomains. For example, in a 3-zone - cluster, MaxSkew is set to 1, and pods with the - same labelSelector spread as 2/2/1: In this case, - the global minimum is 1. | zone1 | zone2 | zone3 - | | P P | P P | P | - if MaxSkew is 1, - incoming pod can only be scheduled to zone3 to - become 2/2/2; scheduling it onto zone1(zone2) - would make the ActualSkew(3-1) on zone1(zone2) - violate MaxSkew(1). - if MaxSkew is 2, incoming - pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, - it is used to give higher precedence to topologies - that satisfy it. It''s a required field. Default - value is 1 and 0 is not allowed.' format: int32 type: integer minDomains: - description: "MinDomains indicates a minimum number - of eligible domains. When the number of eligible - domains with matching topology keys is less than - minDomains, Pod Topology Spread treats \"global - minimum\" as 0, and then the calculation of Skew - is performed. And when the number of eligible - domains with matching topology keys equals or - greater than minDomains, this value has no effect - on scheduling. As a result, when the number of - eligible domains is less than minDomains, scheduler - won't schedule more than maxSkew Pods to those - domains. If value is nil, the constraint behaves - as if MinDomains is equal to 1. Valid values are - integers greater than 0. When value is not nil, - WhenUnsatisfiable must be DoNotSchedule. \n For - example, in a 3-zone cluster, MaxSkew is set to - 2, MinDomains is set to 5 and pods with the same - labelSelector spread as 2/2/2: | zone1 | zone2 - | zone3 | | P P | P P | P P | The number - of domains is less than 5(MinDomains), so \"global - minimum\" is treated as 0. In this situation, - new pod with the same labelSelector cannot be - scheduled, because computed skew will be 3(3 - - 0) if new Pod is scheduled to any of the three - zones, it will violate MaxSkew." format: int32 type: integer nodeAffinityPolicy: - description: "NodeAffinityPolicy indicates how we - will treat Pod's nodeAffinity/nodeSelector when - calculating pod topology spread skew. Options - are: - Honor: only nodes matching nodeAffinity/nodeSelector - are included in the calculations. - Ignore: nodeAffinity/nodeSelector - are ignored. All nodes are included in the calculations. - \n If this value is nil, the behavior is equivalent - to the Honor policy. This is a beta-level feature - default enabled by the NodeInclusionPolicyInPodTopologySpread - feature flag." type: string nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates how we - will treat node taints when calculating pod topology - spread skew. Options are: - Honor: nodes without - taints, along with tainted nodes for which the - incoming pod has a toleration, are included. - - Ignore: node taints are ignored. All nodes are - included. \n If this value is nil, the behavior - is equivalent to the Ignore policy. This is a - beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread - feature flag." type: string topologyKey: - description: TopologyKey is the key of node labels. - Nodes that have a label with this key and identical - values are considered to be in the same topology. - We consider each as a "bucket", and - try to put balanced number of pods into each bucket. - We define a domain as a particular instance of - a topology. Also, we define an eligible domain - as a domain whose nodes meet the requirements - of nodeAffinityPolicy and nodeTaintsPolicy. e.g. - If TopologyKey is "kubernetes.io/hostname", each - Node is a domain of that topology. And, if TopologyKey - is "topology.kubernetes.io/zone", each zone is - a domain of that topology. It's a required field. type: string whenUnsatisfiable: - description: 'WhenUnsatisfiable indicates how to - deal with a pod if it doesn''t satisfy the spread - constraint. - DoNotSchedule (default) tells the - scheduler not to schedule it. - ScheduleAnyway - tells the scheduler to schedule the pod in any - location, but giving higher precedence to topologies - that would help reduce the skew. A constraint - is considered "Unsatisfiable" for an incoming - pod if and only if every possible node assignment - for that pod would violate "MaxSkew" on some topology. - For example, in a 3-zone cluster, MaxSkew is set - to 1, and pods with the same labelSelector spread - as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | - If WhenUnsatisfiable is set to DoNotSchedule, - incoming pod can only be scheduled to zone2(zone3) - to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) - satisfies MaxSkew(1). In other words, the cluster - can still be imbalanced, but scheduler won''t - make it *more* imbalanced. It''s a required field.' type: string required: - maxSkew @@ -5489,65 +2358,21 @@ spec: - whenUnsatisfiable x-kubernetes-list-type: map volumeMounts: - description: Pod volumes to mount into the container's - filesystem. Cannot be updated. items: - description: VolumeMount describes a mounting of a Volume - within a container. properties: mountPath: - description: Path within the container at which - the volume should be mounted. Must not contain - ':'. type: string mountPropagation: - description: mountPropagation determines how mounts - are propagated from the host to container and - the other way around. When not set, MountPropagationNone - is used. This field is beta in 1.10. When RecursiveReadOnly - is set to IfPossible or to Enabled, MountPropagation - must be None or unspecified (which defaults to - None). type: string name: - description: This must match the Name of a Volume. type: string readOnly: - description: Mounted read-only if true, read-write - otherwise (false or unspecified). Defaults to - false. type: boolean recursiveReadOnly: - description: "RecursiveReadOnly specifies whether - read-only mounts should be handled recursively. - \n If ReadOnly is false, this field has no meaning - and must be unspecified. \n If ReadOnly is true, - and this field is set to Disabled, the mount is - not made recursively read-only. If this field - is set to IfPossible, the mount is made recursively - read-only, if it is supported by the container - runtime. If this field is set to Enabled, the - mount is made recursively read-only if it is supported - by the container runtime, otherwise the pod will - not be started and an error will be generated - to indicate the reason. \n If this field is set - to IfPossible or Enabled, MountPropagation must - be set to None (or be unspecified, which defaults - to None). \n If this field is not specified, it - is treated as an equivalent of Disabled." type: string subPath: - description: Path within the volume from which the - container's volume should be mounted. Defaults - to "" (volume's root). type: string subPathExpr: - description: Expanded path within the volume from - which the container's volume should be mounted. - Behaves similarly to SubPath but environment variable - references $(VAR_NAME) are expanded using the - container's environment. Defaults to "" (volume's - root). SubPathExpr and SubPath are mutually exclusive. type: string required: - mountPath @@ -5555,268 +2380,109 @@ spec: type: object type: array volumes: - description: 'List of volumes that can be mounted by containers - belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' items: - description: Volume represents a named volume in a pod - that may be accessed by any container in the pod. properties: awsElasticBlockStore: - description: 'awsElasticBlockStore represents an - AWS Disk resource that is attached to a kubelet''s - host machine and then exposed to the pod. More - info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' properties: fsType: - description: 'fsType is the filesystem type - of the volume that you want to mount. Tip: - Ensure that the filesystem type is supported - by the host operating system. Examples: "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem - from compromising the machine' type: string partition: - description: 'partition is the partition in - the volume that you want to mount. If omitted, - the default is to mount by volume name. Examples: - For volume /dev/sda1, you specify the partition - as "1". Similarly, the volume partition for - /dev/sda is "0" (or you can leave the property - empty).' format: int32 type: integer readOnly: - description: 'readOnly value true will force - the readOnly setting in VolumeMounts. More - info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: boolean volumeID: - description: 'volumeID is unique ID of the persistent - disk resource in AWS (Amazon EBS volume). - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: string required: - volumeID type: object azureDisk: - description: azureDisk represents an Azure Data - Disk mount on the host and bind mount to the pod. properties: cachingMode: - description: 'cachingMode is the Host Caching - mode: None, Read Only, Read Write.' type: string diskName: - description: diskName is the Name of the data - disk in the blob storage type: string diskURI: - description: diskURI is the URI of data disk - in the blob storage type: string fsType: - description: fsType is Filesystem type to mount. - Must be a filesystem type supported by the - host operating system. Ex. "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if - unspecified. type: string kind: - description: 'kind expected values are Shared: - multiple blob disks per storage account Dedicated: - single blob disk per storage account Managed: - azure managed data disk (only in managed availability - set). defaults to shared' type: string readOnly: - description: readOnly Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting - in VolumeMounts. type: boolean required: - diskName - diskURI type: object azureFile: - description: azureFile represents an Azure File - Service mount on the host and bind mount to the - pod. properties: readOnly: - description: readOnly defaults to false (read/write). - ReadOnly here will force the ReadOnly setting - in VolumeMounts. type: boolean secretName: - description: secretName is the name of secret - that contains Azure Storage Account Name and - Key type: string shareName: - description: shareName is the azure share Name type: string required: - secretName - shareName type: object cephfs: - description: cephFS represents a Ceph FS mount on - the host that shares a pod's lifetime properties: monitors: - description: 'monitors is Required: Monitors - is a collection of Ceph monitors More info: - https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' items: type: string type: array x-kubernetes-list-type: atomic path: - description: 'path is Optional: Used as the - mounted root, rather than the full Ceph tree, - default is /' type: string readOnly: - description: 'readOnly is Optional: Defaults - to false (read/write). ReadOnly here will - force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: boolean secretFile: - description: 'secretFile is Optional: SecretFile - is the path to key ring for User, default - is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string secretRef: - description: 'secretRef is Optional: SecretRef - is reference to the authentication secret - for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' properties: name: default: "" - description: 'Name of the referent. This - field is effectively required, but due - to backwards compatibility is allowed - to be empty. Instances of this type with - an empty value here are almost certainly - wrong. TODO: Add other useful fields. - apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is optional: User is the - rados user name, default is admin More info: - https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string required: - monitors type: object cinder: - description: 'cinder represents a cinder volume - attached and mounted on kubelets host machine. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' properties: fsType: - description: 'fsType is the filesystem type - to mount. Must be a filesystem type supported - by the host operating system. Examples: "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string readOnly: - description: 'readOnly defaults to false (read/write). - ReadOnly here will force the ReadOnly setting - in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: boolean secretRef: - description: 'secretRef is optional: points - to a secret object containing parameters used - to connect to OpenStack.' properties: name: default: "" - description: 'Name of the referent. This - field is effectively required, but due - to backwards compatibility is allowed - to be empty. Instances of this type with - an empty value here are almost certainly - wrong. TODO: Add other useful fields. - apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic volumeID: - description: 'volumeID used to identify the - volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string required: - volumeID type: object configMap: - description: configMap represents a configMap that - should populate this volume properties: defaultMode: - description: 'defaultMode is optional: mode - bits used to set permissions on created files - by default. Must be an octal value between - 0000 and 0777 or a decimal value between 0 - and 511. YAML accepts both octal and decimal - values, JSON requires decimal values for mode - bits. Defaults to 0644. Directories within - the path are not affected by this setting. - This might be in conflict with other options - that affect the file mode, like fsGroup, and - the result can be other mode bits set.' format: int32 type: integer items: - description: items if unspecified, each key-value - pair in the Data field of the referenced ConfigMap - will be projected into the volume as a file - whose name is the key and content is the value. - If specified, the listed keys will be projected - into the specified paths, and unlisted keys - will not be present. If a key is specified - which is not present in the ConfigMap, the - volume setup will error unless it is marked - optional. Paths must be relative and may not - contain the '..' path or start with '..'. items: - description: Maps a string key to a path within - a volume. properties: key: - description: key is the key to project. type: string mode: - description: 'mode is Optional: mode bits - used to set permissions on this file. - Must be an octal value between 0000 - and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and - decimal values, JSON requires decimal - values for mode bits. If not specified, - the volume defaultMode will be used. - This might be in conflict with other - options that affect the file mode, like - fsGroup, and the result can be other - mode bits set.' format: int32 type: integer path: - description: path is the relative path - of the file to map the key to. May not - be an absolute path. May not contain - the path element '..'. May not start - with the string '..'. type: string required: - key @@ -5826,170 +2492,67 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of the referent. This field - is effectively required, but due to backwards - compatibility is allowed to be empty. Instances - of this type with an empty value here are - almost certainly wrong. TODO: Add other useful - fields. apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional specify whether the ConfigMap - or its keys must be defined type: boolean type: object x-kubernetes-map-type: atomic csi: - description: csi (Container Storage Interface) represents - ephemeral storage that is handled by certain external - CSI drivers (Beta feature). properties: driver: - description: driver is the name of the CSI driver - that handles this volume. Consult with your - admin for the correct name as registered in - the cluster. type: string fsType: - description: fsType to mount. Ex. "ext4", "xfs", - "ntfs". If not provided, the empty value is - passed to the associated CSI driver which - will determine the default filesystem to apply. type: string nodePublishSecretRef: - description: nodePublishSecretRef is a reference - to the secret object containing sensitive - information to pass to the CSI driver to complete - the CSI NodePublishVolume and NodeUnpublishVolume - calls. This field is optional, and may be - empty if no secret is required. If the secret - object contains more than one secret, all - secret references are passed. properties: name: default: "" - description: 'Name of the referent. This - field is effectively required, but due - to backwards compatibility is allowed - to be empty. Instances of this type with - an empty value here are almost certainly - wrong. TODO: Add other useful fields. - apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic readOnly: - description: readOnly specifies a read-only - configuration for the volume. Defaults to - false (read/write). type: boolean volumeAttributes: additionalProperties: type: string - description: volumeAttributes stores driver-specific - properties that are passed to the CSI driver. - Consult your driver's documentation for supported - values. type: object required: - driver type: object downwardAPI: - description: downwardAPI represents downward API - about the pod that should populate this volume properties: defaultMode: - description: 'Optional: mode bits to use on - created files by default. Must be a Optional: - mode bits used to set permissions on created - files by default. Must be an octal value between - 0000 and 0777 or a decimal value between 0 - and 511. YAML accepts both octal and decimal - values, JSON requires decimal values for mode - bits. Defaults to 0644. Directories within - the path are not affected by this setting. - This might be in conflict with other options - that affect the file mode, like fsGroup, and - the result can be other mode bits set.' format: int32 type: integer items: - description: Items is a list of downward API - volume file items: - description: DownwardAPIVolumeFile represents - information to create the file containing - the pod field properties: fieldRef: - description: 'Required: Selects a field - of the pod: only annotations, labels, - name, namespace and uid are supported.' properties: apiVersion: - description: Version of the schema - the FieldPath is written in terms - of, defaults to "v1". type: string fieldPath: - description: Path of the field to - select in the specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: mode bits used - to set permissions on this file, must - be an octal value between 0000 and 0777 - or a decimal value between 0 and 511. - YAML accepts both octal and decimal - values, JSON requires decimal values - for mode bits. If not specified, the - volume defaultMode will be used. This - might be in conflict with other options - that affect the file mode, like fsGroup, - and the result can be other mode bits - set.' format: int32 type: integer path: - description: 'Required: Path is the relative - path name of the file to be created. - Must not be absolute or contain the - ''..'' path. Must be utf-8 encoded. - The first item of the relative path - must not start with ''..''' type: string resourceFieldRef: - description: 'Selects a resource of the - container: only resources limits and - requests (limits.cpu, limits.memory, - requests.cpu and requests.memory) are - currently supported.' properties: containerName: - description: 'Container name: required - for volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output - format of the exposed resources, - defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to - select' type: string required: - resource @@ -6002,210 +2565,50 @@ spec: x-kubernetes-list-type: atomic type: object emptyDir: - description: 'emptyDir represents a temporary directory - that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' properties: medium: - description: 'medium represents what type of - storage medium should back this directory. - The default is "" which means to use the node''s - default medium. Must be an empty string (default) - or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: anyOf: - type: integer - type: string - description: 'sizeLimit is the total amount - of local storage required for this EmptyDir - volume. The size limit is also applicable - for memory medium. The maximum usage on memory - medium EmptyDir would be the minimum value - between the SizeLimit specified here and the - sum of memory limits of all containers in - a pod. The default is nil which means that - the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object ephemeral: - description: "ephemeral represents a volume that - is handled by a cluster storage driver. The volume's - lifecycle is tied to the pod that defines it - - it will be created before the pod starts, and - deleted when the pod is removed. \n Use this if: - a) the volume is only needed while the pod runs, - b) features of normal volumes like restoring from - snapshot or capacity tracking are needed, c) the - storage driver is specified through a storage - class, and d) the storage driver supports dynamic - volume provisioning through a PersistentVolumeClaim - (see EphemeralVolumeSource for more information - on the connection between this volume type and - PersistentVolumeClaim). \n Use PersistentVolumeClaim - or one of the vendor-specific APIs for volumes - that persist for longer than the lifecycle of - an individual pod. \n Use CSI for light-weight - local ephemeral volumes if the CSI driver is meant - to be used that way - see the documentation of - the driver for more information. \n A pod can - use both types of ephemeral volumes and persistent - volumes at the same time." properties: volumeClaimTemplate: - description: "Will be used to create a stand-alone - PVC to provision the volume. The pod in which - this EphemeralVolumeSource is embedded will - be the owner of the PVC, i.e. the PVC will - be deleted together with the pod. The name - of the PVC will be `-` - where `` is the name from the - `PodSpec.Volumes` array entry. Pod validation - will reject the pod if the concatenated name - is not valid for a PVC (for example, too long). - \n An existing PVC with that name that is - not owned by the pod will *not* be used for - the pod to avoid using an unrelated volume - by mistake. Starting the pod is then blocked - until the unrelated PVC is removed. If such - a pre-created PVC is meant to be used by the - pod, the PVC has to updated with an owner - reference to the pod once the pod exists. - Normally this should not be necessary, but - it may be useful when manually reconstructing - a broken cluster. \n This field is read-only - and no changes will be made by Kubernetes - to the PVC after it has been created. \n Required, - must not be nil." properties: metadata: - description: May contain labels and annotations - that will be copied into the PVC when - creating it. No other fields are allowed - and will be rejected during validation. properties: annotations: additionalProperties: type: string - description: 'Annotations is an unstructured - key value map stored with a resource - that may be set by external tools - to store and retrieve arbitrary metadata. - They are not queryable and should - be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations' type: object generateName: - description: "GenerateName is an optional - prefix, used by the server, to generate - a unique name ONLY IF the Name field - has not been provided. If this field - is used, the name returned to the - client will be different than the - name passed. This value will also - be combined with a unique suffix. - The provided value has the same validation - rules as the Name field, and may be - truncated by the length of the suffix - required to make the value unique - on the server. \n If this field is - specified and the generated name exists, - the server will NOT return a 409 - - instead, it will either return 201 - Created or 500 with Reason ServerTimeout - indicating a unique name could not - be found in the time allotted, and - the client should retry (optionally - after the time indicated in the Retry-After - header). \n Applied only if Name is - not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" type: string labels: additionalProperties: type: string - description: 'Map of string keys and - values that can be used to organize - and categorize (scope and select) - objects. May match selectors of replication - controllers and services. More info: - http://kubernetes.io/docs/user-guide/labels' type: object name: - description: 'Name must be unique within - a namespace. Is required when creating - resources, although some resources - may allow a client to request the - generation of an appropriate name - automatically. Name is primarily intended - for creation idempotence and configuration - definition. Cannot be updated. More - info: http://kubernetes.io/docs/user-guide/identifiers#names' type: string namespace: - description: "Namespace defines the - space within each name must be unique. - An empty namespace is equivalent to - the \"default\" namespace, but \"default\" - is the canonical representation. Not - all objects are required to be scoped - to a namespace - the value of this - field for those objects will be empty. - \n Must be a DNS_LABEL. Cannot be - updated. More info: http://kubernetes.io/docs/user-guide/namespaces" type: string ownerReferences: - description: List of objects depended - by this object. If ALL objects in - the list have been deleted, this object - will be garbage collected. If this - object is managed by a controller, - then an entry in this list will point - to this controller, with the controller - field set to true. There cannot be - more than one managing controller. items: - description: OwnerReference contains - enough information to let you identify - an owning object. An owning object - must be in the same namespace as - the dependent, or be cluster-scoped, - so there is no namespace field. properties: apiVersion: - description: API version of the - referent. type: string blockOwnerDeletion: - description: If true, AND if the - owner has the "foregroundDeletion" - finalizer, then the owner cannot - be deleted from the key-value - store until this reference is - removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion - for how the garbage collector - interacts with this field and - enforces the foreground deletion. - Defaults to false. To set this - field, a user needs "delete" - permission of the owner, otherwise - 422 (Unprocessable Entity) will - be returned. type: boolean controller: - description: If true, this reference - points to the managing controller. type: boolean kind: - description: 'Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: - description: 'UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -6217,54 +2620,19 @@ spec: type: array type: object spec: - description: The specification for the PersistentVolumeClaim. - The entire content is copied unchanged - into the PVC that gets created from this - template. The same fields as in a PersistentVolumeClaim - are also valid here. properties: accessModes: - description: 'accessModes contains the - desired access modes the volume should - have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array x-kubernetes-list-type: atomic dataSource: - description: 'dataSource field can be - used to specify either: * An existing - VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an external - controller can support the specified - data source, it will create a new - volume based on the contents of the - specified data source. When the AnyVolumeDataSource - feature gate is enabled, dataSource - contents will be copied to dataSourceRef, - and dataSourceRef contents will be - copied to dataSource when dataSourceRef.namespace - is not specified. If the namespace - is specified, then dataSourceRef will - not be copied to dataSource.' properties: apiGroup: - description: APIGroup is the group - for the resource being referenced. - If APIGroup is not specified, - the specified Kind must be in - the core API group. For any other - third-party types, APIGroup is - required. type: string kind: - description: Kind is the type of - resource being referenced type: string name: - description: Name is the name of - resource being referenced type: string required: - kind @@ -6272,93 +2640,20 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef specifies - the object from which to populate - the volume with data, if a non-empty - volume is desired. This may be any - object from a non-empty API group - (non core object) or a PersistentVolumeClaim - object. When this field is specified, - volume binding will only succeed if - the type of the specified object matches - some installed volume populator or - dynamic provisioner. This field will - replace the functionality of the dataSource - field and as such if both fields are - non-empty, they must have the same - value. For backwards compatibility, - when namespace isn''t specified in - dataSourceRef, both fields (dataSource - and dataSourceRef) will be set to - the same value automatically if one - of them is empty and the other is - non-empty. When namespace is specified - in dataSourceRef, dataSource isn''t - set to the same value and must be - empty. There are three important differences - between dataSource and dataSourceRef: - * While dataSource only allows two - specific types of objects, dataSourceRef - allows any non-core object, as well - as PersistentVolumeClaim objects. - * While dataSource ignores disallowed - values (dropping them), dataSourceRef - preserves all values, and generates - an error if a disallowed value is - specified. * While dataSource only - allows local objects, dataSourceRef - allows objects in any namespaces. - (Beta) Using this field requires the - AnyVolumeDataSource feature gate to - be enabled. (Alpha) Using the namespace - field of dataSourceRef requires the - CrossNamespaceVolumeDataSource feature - gate to be enabled.' properties: apiGroup: - description: APIGroup is the group - for the resource being referenced. - If APIGroup is not specified, - the specified Kind must be in - the core API group. For any other - third-party types, APIGroup is - required. type: string kind: - description: Kind is the type of - resource being referenced type: string name: - description: Name is the name of - resource being referenced type: string namespace: - description: Namespace is the namespace - of resource being referenced Note - that when a namespace is specified, - a gateway.networking.k8s.io/ReferenceGrant - object is required in the referent - namespace to allow that namespace's - owner to accept the reference. - See the ReferenceGrant documentation - for details. (Alpha) This field - requires the CrossNamespaceVolumeDataSource - feature gate to be enabled. type: string required: - kind - name type: object resources: - description: 'resources represents the - minimum resources the volume should - have. If RecoverVolumeExpansionFailure - feature is enabled users are allowed - to specify resource requirements that - are lower than previous value but - must still be higher than capacity - recorded in the status field of the - claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: @@ -6367,9 +2662,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the - maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -6378,55 +2670,18 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes - the minimum amount of compute - resources required. If Requests - is omitted for a container, it - defaults to Limits if that is - explicitly specified, otherwise - to an implementation-defined value. - Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: - description: selector is a label query - over volumes to consider for binding. properties: matchExpressions: - description: matchExpressions is - a list of label selector requirements. - The requirements are ANDed. items: - description: A label selector - requirement is a selector that - contains values, a key, and - an operator that relates the - key and values. properties: key: - description: key is the label - key that the selector applies - to. type: string operator: - description: operator represents - a key's relationship to - a set of values. Valid operators - are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an - array of string values. - If the operator is In or - NotIn, the values array - must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be - empty. This array is replaced - during a strategic merge - patch. items: type: string type: array @@ -6440,61 +2695,16 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map - of {key,value} pairs. A single - {key,value} in the matchLabels - map is equivalent to an element - of matchExpressions, whose key - field is "key", the operator is - "In", and the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName is the - name of the StorageClass required - by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeAttributesClassName: - description: 'volumeAttributesClassName - may be used to set the VolumeAttributesClass - used by this claim. If specified, - the CSI driver will create or update - the volume with the attributes defined - in the corresponding VolumeAttributesClass. - This has a different purpose than - storageClassName, it can be changed - after the claim is created. An empty - string value means that no VolumeAttributesClass - will be applied to the claim but it''s - not allowed to reset this field to - empty string once it is set. If unspecified - and the PersistentVolumeClaim is unbound, - the default VolumeAttributesClass - will be set by the persistentvolume - controller if it exists. If the resource - referred to by volumeAttributesClass - does not exist, this PersistentVolumeClaim - will be set to a Pending state, as - reflected by the modifyVolumeStatus - field, until such as a resource exists. - More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires - the VolumeAttributesClass feature - gate to be enabled.' type: string volumeMode: - description: volumeMode defines what - type of volume is required by the - claim. Value of Filesystem is implied - when not included in claim spec. type: string volumeName: - description: volumeName is the binding - reference to the PersistentVolume - backing this claim. type: string type: object required: @@ -6502,92 +2712,41 @@ spec: type: object type: object fc: - description: fc represents a Fibre Channel resource - that is attached to a kubelet's host machine and - then exposed to the pod. properties: fsType: - description: 'fsType is the filesystem type - to mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. TODO: how do we prevent errors - in the filesystem from compromising the machine' type: string lun: - description: 'lun is Optional: FC target lun - number' format: int32 type: integer readOnly: - description: 'readOnly is Optional: Defaults - to false (read/write). ReadOnly here will - force the ReadOnly setting in VolumeMounts.' type: boolean targetWWNs: - description: 'targetWWNs is Optional: FC target - worldwide names (WWNs)' items: type: string type: array x-kubernetes-list-type: atomic wwids: - description: 'wwids Optional: FC volume world - wide identifiers (wwids) Either wwids or combination - of targetWWNs and lun must be set, but not - both simultaneously.' items: type: string type: array x-kubernetes-list-type: atomic type: object flexVolume: - description: flexVolume represents a generic volume - resource that is provisioned/attached using an - exec based plugin. properties: driver: - description: driver is the name of the driver - to use for this volume. type: string fsType: - description: fsType is the filesystem type to - mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". The default filesystem depends - on FlexVolume script. type: string options: additionalProperties: type: string - description: 'options is Optional: this field - holds extra command options if any.' type: object readOnly: - description: 'readOnly is Optional: defaults - to false (read/write). ReadOnly here will - force the ReadOnly setting in VolumeMounts.' type: boolean secretRef: - description: 'secretRef is Optional: secretRef - is reference to the secret object containing - sensitive information to pass to the plugin - scripts. This may be empty if no secret object - is specified. If the secret object contains - more than one secret, all secrets are passed - to the plugin scripts.' properties: name: default: "" - description: 'Name of the referent. This - field is effectively required, but due - to backwards compatibility is allowed - to be empty. Instances of this type with - an empty value here are almost certainly - wrong. TODO: Add other useful fields. - apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic @@ -6595,186 +2754,79 @@ spec: - driver type: object flocker: - description: flocker represents a Flocker volume - attached to a kubelet's host machine. This depends - on the Flocker control service being running properties: datasetName: - description: datasetName is Name of the dataset - stored as metadata -> name on the dataset - for Flocker should be considered as deprecated type: string datasetUUID: - description: datasetUUID is the UUID of the - dataset. This is unique identifier of a Flocker - dataset type: string type: object gcePersistentDisk: - description: 'gcePersistentDisk represents a GCE - Disk resource that is attached to a kubelet''s - host machine and then exposed to the pod. More - info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' properties: fsType: - description: 'fsType is filesystem type of the - volume that you want to mount. Tip: Ensure - that the filesystem type is supported by the - host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if - unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem - from compromising the machine' type: string partition: - description: 'partition is the partition in - the volume that you want to mount. If omitted, - the default is to mount by volume name. Examples: - For volume /dev/sda1, you specify the partition - as "1". Similarly, the volume partition for - /dev/sda is "0" (or you can leave the property - empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' format: int32 type: integer pdName: - description: 'pdName is unique name of the PD - resource in GCE. Used to identify the disk - in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: string readOnly: - description: 'readOnly here will force the ReadOnly - setting in VolumeMounts. Defaults to false. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: boolean required: - pdName type: object glusterfs: - description: 'glusterfs represents a Glusterfs mount - on the host that shares a pod''s lifetime. More - info: https://examples.k8s.io/volumes/glusterfs/README.md' properties: endpoints: - description: 'endpoints is the endpoint name - that details Glusterfs topology. More info: - https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string path: - description: 'path is the Glusterfs volume path. - More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string readOnly: - description: 'readOnly here will force the Glusterfs - volume to be mounted with read-only permissions. - Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: boolean required: - endpoints - path type: object hostPath: - description: 'hostPath represents a pre-existing - file or directory on the host machine that is - directly exposed to the container. This is generally - used for system agents or other privileged things - that are allowed to see the host machine. Most - containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict who can - use host directory mounts and who can/can not - mount host directories as read/write.' properties: path: - description: 'path of the directory on the host. - If the path is a symlink, it will follow the - link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string type: - description: 'type for HostPath Volume Defaults - to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string required: - path type: object iscsi: - description: 'iscsi represents an ISCSI Disk resource - that is attached to a kubelet''s host machine - and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' properties: chapAuthDiscovery: - description: chapAuthDiscovery defines whether - support iSCSI Discovery CHAP authentication type: boolean chapAuthSession: - description: chapAuthSession defines whether - support iSCSI Session CHAP authentication type: boolean fsType: - description: 'fsType is the filesystem type - of the volume that you want to mount. Tip: - Ensure that the filesystem type is supported - by the host operating system. Examples: "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem - from compromising the machine' type: string initiatorName: - description: initiatorName is the custom iSCSI - Initiator Name. If initiatorName is specified - with iscsiInterface simultaneously, new iSCSI - interface : will - be created for the connection. type: string iqn: - description: iqn is the target iSCSI Qualified - Name. type: string iscsiInterface: - description: iscsiInterface is the interface - Name that uses an iSCSI transport. Defaults - to 'default' (tcp). type: string lun: - description: lun represents iSCSI Target Lun - number. format: int32 type: integer portals: - description: portals is the iSCSI Target Portal - List. The portal is either an IP or ip_addr:port - if the port is other than default (typically - TCP ports 860 and 3260). items: type: string type: array x-kubernetes-list-type: atomic readOnly: - description: readOnly here will force the ReadOnly - setting in VolumeMounts. Defaults to false. type: boolean secretRef: - description: secretRef is the CHAP Secret for - iSCSI target and initiator authentication properties: name: default: "" - description: 'Name of the referent. This - field is effectively required, but due - to backwards compatibility is allowed - to be empty. Instances of this type with - an empty value here are almost certainly - wrong. TODO: Add other useful fields. - apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic targetPortal: - description: targetPortal is iSCSI Target Portal. - The Portal is either an IP or ip_addr:port - if the port is other than default (typically - TCP ports 860 and 3260). type: string required: - iqn @@ -6782,175 +2834,68 @@ spec: - targetPortal type: object name: - description: 'name of the volume. Must be a DNS_LABEL - and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string nfs: - description: 'nfs represents an NFS mount on the - host that shares a pod''s lifetime More info: - https://kubernetes.io/docs/concepts/storage/volumes#nfs' properties: path: - description: 'path that is exported by the NFS - server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string readOnly: - description: 'readOnly here will force the NFS - export to be mounted with read-only permissions. - Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: boolean server: - description: 'server is the hostname or IP address - of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string required: - path - server type: object persistentVolumeClaim: - description: 'persistentVolumeClaimVolumeSource - represents a reference to a PersistentVolumeClaim - in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: claimName: - description: 'claimName is the name of a PersistentVolumeClaim - in the same namespace as the pod using this - volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' type: string readOnly: - description: readOnly Will force the ReadOnly - setting in VolumeMounts. Default false. type: boolean required: - claimName type: object photonPersistentDisk: - description: photonPersistentDisk represents a PhotonController - persistent disk attached and mounted on kubelets - host machine properties: fsType: - description: fsType is the filesystem type to - mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. type: string pdID: - description: pdID is the ID that identifies - Photon Controller persistent disk type: string required: - pdID type: object portworxVolume: - description: portworxVolume represents a portworx - volume attached and mounted on kubelets host machine properties: fsType: - description: fSType represents the filesystem - type to mount Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs". Implicitly inferred to be "ext4" if - unspecified. type: string readOnly: - description: readOnly defaults to false (read/write). - ReadOnly here will force the ReadOnly setting - in VolumeMounts. type: boolean volumeID: - description: volumeID uniquely identifies a - Portworx volume type: string required: - volumeID type: object projected: - description: projected items for all in one resources - secrets, configmaps, and downward API properties: defaultMode: - description: defaultMode are the mode bits used - to set permissions on created files by default. - Must be an octal value between 0000 and 0777 - or a decimal value between 0 and 511. YAML - accepts both octal and decimal values, JSON - requires decimal values for mode bits. Directories - within the path are not affected by this setting. - This might be in conflict with other options - that affect the file mode, like fsGroup, and - the result can be other mode bits set. format: int32 type: integer sources: - description: sources is the list of volume projections items: - description: Projection that may be projected - along with other supported volume types properties: clusterTrustBundle: - description: "ClusterTrustBundle allows - a pod to access the `.spec.trustBundle` - field of ClusterTrustBundle objects - in an auto-updating file. \n Alpha, - gated by the ClusterTrustBundleProjection - feature gate. \n ClusterTrustBundle - objects can either be selected by name, - or by the combination of signer name - and a label selector. \n Kubelet performs - aggressive normalization of the PEM - contents written into the pod filesystem. - \ Esoteric PEM features such as inter-block - comments and block headers are stripped. - \ Certificates are deduplicated. The - ordering of certificates within the - file is arbitrary, and Kubelet may change - the order over time." properties: labelSelector: - description: Select all ClusterTrustBundles - that match this label selector. Only - has effect if signerName is set. Mutually-exclusive - with name. If unset, interpreted - as "match nothing". If set but - empty, interpreted as "match everything". properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, a key, - and an operator that relates - the key and values. properties: key: - description: key is the - label key that the selector - applies to. type: string operator: - description: operator represents - a key's relationship to - a set of values. Valid - operators are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values is an - array of string values. - If the operator is In - or NotIn, the values array - must be non-empty. If - the operator is Exists - or DoesNotExist, the values - array must be empty. This - array is replaced during - a strategic merge patch. items: type: string type: array @@ -6964,100 +2909,31 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a - map of {key,value} pairs. A - single {key,value} in the matchLabels - map is equivalent to an element - of matchExpressions, whose key - field is "key", the operator - is "In", and the values array - contains only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic name: - description: Select a single ClusterTrustBundle - by object name. Mutually-exclusive - with signerName and labelSelector. type: string optional: - description: If true, don't block - pod startup if the referenced ClusterTrustBundle(s) - aren't available. If using name, - then the named ClusterTrustBundle - is allowed not to exist. If using - signerName, then the combination - of signerName and labelSelector - is allowed to match zero ClusterTrustBundles. type: boolean path: - description: Relative path from the - volume root to write the bundle. type: string signerName: - description: Select all ClusterTrustBundles - that match this signer name. Mutually-exclusive - with name. The contents of all - selected ClusterTrustBundles will - be unified and deduplicated. type: string required: - path type: object configMap: - description: configMap information about - the configMap data to project properties: items: - description: items if unspecified, - each key-value pair in the Data - field of the referenced ConfigMap - will be projected into the volume - as a file whose name is the key - and content is the value. If specified, - the listed keys will be projected - into the specified paths, and unlisted - keys will not be present. If a key - is specified which is not present - in the ConfigMap, the volume setup - will error unless it is marked optional. - Paths must be relative and may not - contain the '..' path or start with - '..'. items: - description: Maps a string key to - a path within a volume. properties: key: - description: key is the key - to project. type: string mode: - description: 'mode is Optional: - mode bits used to set permissions - on this file. Must be an octal - value between 0000 and 0777 - or a decimal value between - 0 and 511. YAML accepts both - octal and decimal values, - JSON requires decimal values - for mode bits. If not specified, - the volume defaultMode will - be used. This might be in - conflict with other options - that affect the file mode, - like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer path: - description: path is the relative - path of the file to map the - key to. May not be an absolute - path. May not contain the - path element '..'. May not - start with the string '..'. type: string required: - key @@ -7067,112 +2943,42 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional specify whether - the ConfigMap or its keys must be - defined type: boolean type: object x-kubernetes-map-type: atomic downwardAPI: - description: downwardAPI information about - the downwardAPI data to project properties: items: - description: Items is a list of DownwardAPIVolume - file items: - description: DownwardAPIVolumeFile - represents information to create - the file containing the pod field properties: fieldRef: - description: 'Required: Selects - a field of the pod: only annotations, - labels, name, namespace and - uid are supported.' properties: apiVersion: - description: Version of - the schema the FieldPath - is written in terms of, - defaults to "v1". type: string fieldPath: - description: Path of the - field to select in the - specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: mode - bits used to set permissions - on this file, must be an octal - value between 0000 and 0777 - or a decimal value between - 0 and 511. YAML accepts both - octal and decimal values, - JSON requires decimal values - for mode bits. If not specified, - the volume defaultMode will - be used. This might be in - conflict with other options - that affect the file mode, - like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer path: - description: 'Required: Path - is the relative path name - of the file to be created. - Must not be absolute or contain - the ''..'' path. Must be utf-8 - encoded. The first item of - the relative path must not - start with ''..''' type: string resourceFieldRef: - description: 'Selects a resource - of the container: only resources - limits and requests (limits.cpu, - limits.memory, requests.cpu - and requests.memory) are currently - supported.' properties: containerName: - description: 'Container - name: required for volumes, - optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the - output format of the exposed - resources, defaults to - "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: - resource to select' type: string required: - resource @@ -7185,58 +2991,16 @@ spec: x-kubernetes-list-type: atomic type: object secret: - description: secret information about - the secret data to project properties: items: - description: items if unspecified, - each key-value pair in the Data - field of the referenced Secret will - be projected into the volume as - a file whose name is the key and - content is the value. If specified, - the listed keys will be projected - into the specified paths, and unlisted - keys will not be present. If a key - is specified which is not present - in the Secret, the volume setup - will error unless it is marked optional. - Paths must be relative and may not - contain the '..' path or start with - '..'. items: - description: Maps a string key to - a path within a volume. properties: key: - description: key is the key - to project. type: string mode: - description: 'mode is Optional: - mode bits used to set permissions - on this file. Must be an octal - value between 0000 and 0777 - or a decimal value between - 0 and 511. YAML accepts both - octal and decimal values, - JSON requires decimal values - for mode bits. If not specified, - the volume defaultMode will - be used. This might be in - conflict with other options - that affect the file mode, - like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer path: - description: path is the relative - path of the file to map the - key to. May not be an absolute - path. May not contain the - path element '..'. May not - start with the string '..'. type: string required: - key @@ -7246,59 +3010,19 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional field specify - whether the Secret or its key must - be defined type: boolean type: object x-kubernetes-map-type: atomic serviceAccountToken: - description: serviceAccountToken is information - about the serviceAccountToken data to - project properties: audience: - description: audience is the intended - audience of the token. A recipient - of a token must identify itself - with an identifier specified in - the audience of the token, and otherwise - should reject the token. The audience - defaults to the identifier of the - apiserver. type: string expirationSeconds: - description: expirationSeconds is - the requested duration of validity - of the service account token. As - the token approaches expiration, - the kubelet volume plugin will proactively - rotate the service account token. - The kubelet will start trying to - rotate the token if the token is - older than 80 percent of its time - to live or if the token is older - than 24 hours.Defaults to 1 hour - and must be at least 10 minutes. format: int64 type: integer path: - description: path is the path relative - to the mount point of the file to - project the token into. type: string required: - path @@ -7308,175 +3032,79 @@ spec: x-kubernetes-list-type: atomic type: object quobyte: - description: quobyte represents a Quobyte mount - on the host that shares a pod's lifetime properties: group: - description: group to map volume access to Default - is no group type: string readOnly: - description: readOnly here will force the Quobyte - volume to be mounted with read-only permissions. - Defaults to false. type: boolean registry: - description: registry represents a single or - multiple Quobyte Registry services specified - as a string as host:port pair (multiple entries - are separated with commas) which acts as the - central registry for volumes type: string tenant: - description: tenant owning the given Quobyte - volume in the Backend Used with dynamically - provisioned Quobyte volumes, value is set - by the plugin type: string user: - description: user to map volume access to Defaults - to serivceaccount user type: string volume: - description: volume is a string that references - an already created Quobyte volume by name. type: string required: - registry - volume type: object rbd: - description: 'rbd represents a Rados Block Device - mount on the host that shares a pod''s lifetime. - More info: https://examples.k8s.io/volumes/rbd/README.md' properties: fsType: - description: 'fsType is the filesystem type - of the volume that you want to mount. Tip: - Ensure that the filesystem type is supported - by the host operating system. Examples: "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem - from compromising the machine' type: string image: - description: 'image is the rados image name. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string keyring: - description: 'keyring is the path to key ring - for RBDUser. Default is /etc/ceph/keyring. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string monitors: - description: 'monitors is a collection of Ceph - monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' items: type: string type: array x-kubernetes-list-type: atomic pool: - description: 'pool is the rados pool name. Default - is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string readOnly: - description: 'readOnly here will force the ReadOnly - setting in VolumeMounts. Defaults to false. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: boolean secretRef: - description: 'secretRef is name of the authentication - secret for RBDUser. If provided overrides - keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' properties: name: default: "" - description: 'Name of the referent. This - field is effectively required, but due - to backwards compatibility is allowed - to be empty. Instances of this type with - an empty value here are almost certainly - wrong. TODO: Add other useful fields. - apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is the rados user name. Default - is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string required: - image - monitors type: object scaleIO: - description: scaleIO represents a ScaleIO persistent - volume attached and mounted on Kubernetes nodes. properties: fsType: - description: fsType is the filesystem type to - mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Default is "xfs". type: string gateway: - description: gateway is the host address of - the ScaleIO API Gateway. type: string protectionDomain: - description: protectionDomain is the name of - the ScaleIO Protection Domain for the configured - storage. type: string readOnly: - description: readOnly Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting - in VolumeMounts. type: boolean secretRef: - description: secretRef references to the secret - for ScaleIO user and other sensitive information. - If this is not provided, Login operation will - fail. properties: name: default: "" - description: 'Name of the referent. This - field is effectively required, but due - to backwards compatibility is allowed - to be empty. Instances of this type with - an empty value here are almost certainly - wrong. TODO: Add other useful fields. - apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic sslEnabled: - description: sslEnabled Flag enable/disable - SSL communication with Gateway, default false type: boolean storageMode: - description: storageMode indicates whether the - storage for a volume should be ThickProvisioned - or ThinProvisioned. Default is ThinProvisioned. type: string storagePool: - description: storagePool is the ScaleIO Storage - Pool associated with the protection domain. type: string system: - description: system is the name of the storage - system as configured in ScaleIO. type: string volumeName: - description: volumeName is the name of a volume - already created in the ScaleIO system that - is associated with this volume source. type: string required: - gateway @@ -7484,63 +3112,19 @@ spec: - system type: object secret: - description: 'secret represents a secret that should - populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' properties: defaultMode: - description: 'defaultMode is Optional: mode - bits used to set permissions on created files - by default. Must be an octal value between - 0000 and 0777 or a decimal value between 0 - and 511. YAML accepts both octal and decimal - values, JSON requires decimal values for mode - bits. Defaults to 0644. Directories within - the path are not affected by this setting. - This might be in conflict with other options - that affect the file mode, like fsGroup, and - the result can be other mode bits set.' format: int32 type: integer items: - description: items If unspecified, each key-value - pair in the Data field of the referenced Secret - will be projected into the volume as a file - whose name is the key and content is the value. - If specified, the listed keys will be projected - into the specified paths, and unlisted keys - will not be present. If a key is specified - which is not present in the Secret, the volume - setup will error unless it is marked optional. - Paths must be relative and may not contain - the '..' path or start with '..'. items: - description: Maps a string key to a path within - a volume. properties: key: - description: key is the key to project. type: string mode: - description: 'mode is Optional: mode bits - used to set permissions on this file. - Must be an octal value between 0000 - and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and - decimal values, JSON requires decimal - values for mode bits. If not specified, - the volume defaultMode will be used. - This might be in conflict with other - options that affect the file mode, like - fsGroup, and the result can be other - mode bits set.' format: int32 type: integer path: - description: path is the relative path - of the file to map the key to. May not - be an absolute path. May not contain - the path element '..'. May not start - with the string '..'. type: string required: - key @@ -7549,91 +3133,37 @@ spec: type: array x-kubernetes-list-type: atomic optional: - description: optional field specify whether - the Secret or its keys must be defined type: boolean secretName: - description: 'secretName is the name of the - secret in the pod''s namespace to use. More - info: https://kubernetes.io/docs/concepts/storage/volumes#secret' type: string type: object storageos: - description: storageOS represents a StorageOS volume - attached and mounted on Kubernetes nodes. properties: fsType: - description: fsType is the filesystem type to - mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. type: string readOnly: - description: readOnly defaults to false (read/write). - ReadOnly here will force the ReadOnly setting - in VolumeMounts. type: boolean secretRef: - description: secretRef specifies the secret - to use for obtaining the StorageOS API credentials. If - not specified, default values will be attempted. properties: name: default: "" - description: 'Name of the referent. This - field is effectively required, but due - to backwards compatibility is allowed - to be empty. Instances of this type with - an empty value here are almost certainly - wrong. TODO: Add other useful fields. - apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic volumeName: - description: volumeName is the human-readable - name of the StorageOS volume. Volume names - are only unique within a namespace. type: string volumeNamespace: - description: volumeNamespace specifies the scope - of the volume within StorageOS. If no namespace - is specified then the Pod's namespace will - be used. This allows the Kubernetes name - scoping to be mirrored within StorageOS for - tighter integration. Set VolumeName to any - name to override the default behaviour. Set - to "default" if you are not using namespaces - within StorageOS. Namespaces that do not pre-exist - within StorageOS will be created. type: string type: object vsphereVolume: - description: vsphereVolume represents a vSphere - volume attached and mounted on kubelets host machine properties: fsType: - description: fsType is filesystem type to mount. - Must be a filesystem type supported by the - host operating system. Ex. "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if - unspecified. type: string storagePolicyID: - description: storagePolicyID is the storage - Policy Based Management (SPBM) profile ID - associated with the StoragePolicyName. type: string storagePolicyName: - description: storagePolicyName is the storage - Policy Based Management (SPBM) profile name. type: string volumePath: - description: volumePath is the path that identifies - vSphere volume vmdk type: string required: - volumePath @@ -7645,295 +3175,118 @@ spec: type: object type: object name: - description: Name specifies the name of the addon that will be - used for the backup/restore purpose type: string tasks: - description: Tasks specifies a list of backup/restore tasks and - their configuration parameters items: - description: TaskReference specifies a task and its configuration - parameters properties: addonVolumes: - description: AddonVolumes lets you overwrite the volume - sources used in the VolumeTemplate section of Addon. Make - sure that name of your volume matches with the name of - the volume you want to overwrite. items: - description: AddonVolumeInfo specifies the name and the - source of volume properties: name: - description: Name specifies the name of the volume type: string source: - description: Source specifies the source of this volume. properties: awsElasticBlockStore: - description: 'awsElasticBlockStore represents - an AWS Disk resource that is attached to a kubelet''s - host machine and then exposed to the pod. More - info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' properties: fsType: - description: 'fsType is the filesystem type - of the volume that you want to mount. Tip: - Ensure that the filesystem type is supported - by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred - to be "ext4" if unspecified. More info: - https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem - from compromising the machine' type: string partition: - description: 'partition is the partition in - the volume that you want to mount. If omitted, - the default is to mount by volume name. - Examples: For volume /dev/sda1, you specify - the partition as "1". Similarly, the volume - partition for /dev/sda is "0" (or you can - leave the property empty).' format: int32 type: integer readOnly: - description: 'readOnly value true will force - the readOnly setting in VolumeMounts. More - info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: boolean volumeID: - description: 'volumeID is unique ID of the - persistent disk resource in AWS (Amazon - EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: string required: - volumeID type: object azureDisk: - description: azureDisk represents an Azure Data - Disk mount on the host and bind mount to the - pod. properties: cachingMode: - description: 'cachingMode is the Host Caching - mode: None, Read Only, Read Write.' type: string diskName: - description: diskName is the Name of the data - disk in the blob storage type: string diskURI: - description: diskURI is the URI of data disk - in the blob storage type: string fsType: - description: fsType is Filesystem type to - mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be - "ext4" if unspecified. type: string kind: - description: 'kind expected values are Shared: - multiple blob disks per storage account Dedicated: - single blob disk per storage account Managed: - azure managed data disk (only in managed - availability set). defaults to shared' type: string readOnly: - description: readOnly Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting - in VolumeMounts. type: boolean required: - diskName - diskURI type: object azureFile: - description: azureFile represents an Azure File - Service mount on the host and bind mount to - the pod. properties: readOnly: - description: readOnly defaults to false (read/write). - ReadOnly here will force the ReadOnly setting - in VolumeMounts. type: boolean secretName: - description: secretName is the name of secret - that contains Azure Storage Account Name - and Key type: string shareName: - description: shareName is the azure share - Name type: string required: - secretName - shareName type: object cephfs: - description: cephFS represents a Ceph FS mount - on the host that shares a pod's lifetime properties: monitors: - description: 'monitors is Required: Monitors - is a collection of Ceph monitors More info: - https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' items: type: string type: array x-kubernetes-list-type: atomic path: - description: 'path is Optional: Used as the - mounted root, rather than the full Ceph - tree, default is /' type: string readOnly: - description: 'readOnly is Optional: Defaults - to false (read/write). ReadOnly here will - force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: boolean secretFile: - description: 'secretFile is Optional: SecretFile - is the path to key ring for User, default - is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string secretRef: - description: 'secretRef is Optional: SecretRef - is reference to the authentication secret - for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' properties: name: default: "" - description: 'Name of the referent. This - field is effectively required, but due - to backwards compatibility is allowed - to be empty. Instances of this type - with an empty value here are almost - certainly wrong. TODO: Add other useful - fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is optional: User is the - rados user name, default is admin More info: - https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string required: - monitors type: object cinder: - description: 'cinder represents a cinder volume - attached and mounted on kubelets host machine. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' properties: fsType: - description: 'fsType is the filesystem type - to mount. Must be a filesystem type supported - by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred - to be "ext4" if unspecified. More info: - https://examples.k8s.io/mysql-cinder-pd/README.md' type: string readOnly: - description: 'readOnly defaults to false (read/write). - ReadOnly here will force the ReadOnly setting - in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: boolean secretRef: - description: 'secretRef is optional: points - to a secret object containing parameters - used to connect to OpenStack.' properties: name: default: "" - description: 'Name of the referent. This - field is effectively required, but due - to backwards compatibility is allowed - to be empty. Instances of this type - with an empty value here are almost - certainly wrong. TODO: Add other useful - fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic volumeID: - description: 'volumeID used to identify the - volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string required: - volumeID type: object configMap: - description: configMap represents a configMap - that should populate this volume properties: defaultMode: - description: 'defaultMode is optional: mode - bits used to set permissions on created - files by default. Must be an octal value - between 0000 and 0777 or a decimal value - between 0 and 511. YAML accepts both octal - and decimal values, JSON requires decimal - values for mode bits. Defaults to 0644. - Directories within the path are not affected - by this setting. This might be in conflict - with other options that affect the file - mode, like fsGroup, and the result can be - other mode bits set.' format: int32 type: integer items: - description: items if unspecified, each key-value - pair in the Data field of the referenced - ConfigMap will be projected into the volume - as a file whose name is the key and content - is the value. If specified, the listed keys - will be projected into the specified paths, - and unlisted keys will not be present. If - a key is specified which is not present - in the ConfigMap, the volume setup will - error unless it is marked optional. Paths - must be relative and may not contain the - '..' path or start with '..'. items: - description: Maps a string key to a path - within a volume. properties: key: - description: key is the key to project. type: string mode: - description: 'mode is Optional: mode - bits used to set permissions on this - file. Must be an octal value between - 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal - and decimal values, JSON requires - decimal values for mode bits. If not - specified, the volume defaultMode - will be used. This might be in conflict - with other options that affect the - file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer path: - description: path is the relative path - of the file to map the key to. May - not be an absolute path. May not contain - the path element '..'. May not start - with the string '..'. type: string required: - key @@ -7943,174 +3296,67 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of the referent. This field - is effectively required, but due to backwards - compatibility is allowed to be empty. Instances - of this type with an empty value here are - almost certainly wrong. TODO: Add other - useful fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional specify whether the - ConfigMap or its keys must be defined type: boolean type: object x-kubernetes-map-type: atomic csi: - description: csi (Container Storage Interface) - represents ephemeral storage that is handled - by certain external CSI drivers (Beta feature). properties: driver: - description: driver is the name of the CSI - driver that handles this volume. Consult - with your admin for the correct name as - registered in the cluster. type: string fsType: - description: fsType to mount. Ex. "ext4", - "xfs", "ntfs". If not provided, the empty - value is passed to the associated CSI driver - which will determine the default filesystem - to apply. type: string nodePublishSecretRef: - description: nodePublishSecretRef is a reference - to the secret object containing sensitive - information to pass to the CSI driver to - complete the CSI NodePublishVolume and NodeUnpublishVolume - calls. This field is optional, and may - be empty if no secret is required. If the - secret object contains more than one secret, - all secret references are passed. properties: name: default: "" - description: 'Name of the referent. This - field is effectively required, but due - to backwards compatibility is allowed - to be empty. Instances of this type - with an empty value here are almost - certainly wrong. TODO: Add other useful - fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic readOnly: - description: readOnly specifies a read-only - configuration for the volume. Defaults to - false (read/write). type: boolean volumeAttributes: additionalProperties: type: string - description: volumeAttributes stores driver-specific - properties that are passed to the CSI driver. - Consult your driver's documentation for - supported values. type: object required: - driver type: object downwardAPI: - description: downwardAPI represents downward API - about the pod that should populate this volume properties: defaultMode: - description: 'Optional: mode bits to use on - created files by default. Must be a Optional: - mode bits used to set permissions on created - files by default. Must be an octal value - between 0000 and 0777 or a decimal value - between 0 and 511. YAML accepts both octal - and decimal values, JSON requires decimal - values for mode bits. Defaults to 0644. - Directories within the path are not affected - by this setting. This might be in conflict - with other options that affect the file - mode, like fsGroup, and the result can be - other mode bits set.' format: int32 type: integer items: - description: Items is a list of downward API - volume file items: - description: DownwardAPIVolumeFile represents - information to create the file containing - the pod field properties: fieldRef: - description: 'Required: Selects a field - of the pod: only annotations, labels, - name, namespace and uid are supported.' properties: apiVersion: - description: Version of the schema - the FieldPath is written in terms - of, defaults to "v1". type: string fieldPath: - description: Path of the field to - select in the specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: mode bits used - to set permissions on this file, must - be an octal value between 0000 and - 0777 or a decimal value between 0 - and 511. YAML accepts both octal and - decimal values, JSON requires decimal - values for mode bits. If not specified, - the volume defaultMode will be used. - This might be in conflict with other - options that affect the file mode, - like fsGroup, and the result can be - other mode bits set.' format: int32 type: integer path: - description: 'Required: Path is the - relative path name of the file to - be created. Must not be absolute or - contain the ''..'' path. Must be utf-8 - encoded. The first item of the relative - path must not start with ''..''' type: string resourceFieldRef: - description: 'Selects a resource of - the container: only resources limits - and requests (limits.cpu, limits.memory, - requests.cpu and requests.memory) - are currently supported.' properties: containerName: - description: 'Container name: required - for volumes, optional for env - vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output - format of the exposed resources, - defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource - to select' type: string required: - resource @@ -8123,220 +3369,50 @@ spec: x-kubernetes-list-type: atomic type: object emptyDir: - description: 'emptyDir represents a temporary - directory that shares a pod''s lifetime. More - info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' properties: medium: - description: 'medium represents what type - of storage medium should back this directory. - The default is "" which means to use the - node''s default medium. Must be an empty - string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: anyOf: - type: integer - type: string - description: 'sizeLimit is the total amount - of local storage required for this EmptyDir - volume. The size limit is also applicable - for memory medium. The maximum usage on - memory medium EmptyDir would be the minimum - value between the SizeLimit specified here - and the sum of memory limits of all containers - in a pod. The default is nil which means - that the limit is undefined. More info: - https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object ephemeral: - description: "ephemeral represents a volume that - is handled by a cluster storage driver. The - volume's lifecycle is tied to the pod that defines - it - it will be created before the pod starts, - and deleted when the pod is removed. \n Use - this if: a) the volume is only needed while - the pod runs, b) features of normal volumes - like restoring from snapshot or capacity tracking - are needed, c) the storage driver is specified - through a storage class, and d) the storage - driver supports dynamic volume provisioning - through a PersistentVolumeClaim (see EphemeralVolumeSource - for more information on the connection between - this volume type and PersistentVolumeClaim). - \n Use PersistentVolumeClaim or one of the vendor-specific - APIs for volumes that persist for longer than - the lifecycle of an individual pod. \n Use CSI - for light-weight local ephemeral volumes if - the CSI driver is meant to be used that way - - see the documentation of the driver for more - information. \n A pod can use both types of - ephemeral volumes and persistent volumes at - the same time." properties: volumeClaimTemplate: - description: "Will be used to create a stand-alone - PVC to provision the volume. The pod in - which this EphemeralVolumeSource is embedded - will be the owner of the PVC, i.e. the PVC - will be deleted together with the pod. The - name of the PVC will be `-` where `` is the name - from the `PodSpec.Volumes` array entry. - Pod validation will reject the pod if the - concatenated name is not valid for a PVC - (for example, too long). \n An existing - PVC with that name that is not owned by - the pod will *not* be used for the pod to - avoid using an unrelated volume by mistake. - Starting the pod is then blocked until the - unrelated PVC is removed. If such a pre-created - PVC is meant to be used by the pod, the - PVC has to updated with an owner reference - to the pod once the pod exists. Normally - this should not be necessary, but it may - be useful when manually reconstructing a - broken cluster. \n This field is read-only - and no changes will be made by Kubernetes - to the PVC after it has been created. \n - Required, must not be nil." properties: metadata: - description: May contain labels and annotations - that will be copied into the PVC when - creating it. No other fields are allowed - and will be rejected during validation. properties: annotations: additionalProperties: type: string - description: 'Annotations is an unstructured - key value map stored with a resource - that may be set by external tools - to store and retrieve arbitrary - metadata. They are not queryable - and should be preserved when modifying - objects. More info: http://kubernetes.io/docs/user-guide/annotations' type: object generateName: - description: "GenerateName is an optional - prefix, used by the server, to generate - a unique name ONLY IF the Name field - has not been provided. If this field - is used, the name returned to the - client will be different than the - name passed. This value will also - be combined with a unique suffix. - The provided value has the same - validation rules as the Name field, - and may be truncated by the length - of the suffix required to make the - value unique on the server. \n If - this field is specified and the - generated name exists, the server - will NOT return a 409 - instead, - it will either return 201 Created - or 500 with Reason ServerTimeout - indicating a unique name could not - be found in the time allotted, and - the client should retry (optionally - after the time indicated in the - Retry-After header). \n Applied - only if Name is not specified. More - info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" type: string labels: additionalProperties: type: string - description: 'Map of string keys and - values that can be used to organize - and categorize (scope and select) - objects. May match selectors of - replication controllers and services. - More info: http://kubernetes.io/docs/user-guide/labels' type: object name: - description: 'Name must be unique - within a namespace. Is required - when creating resources, although - some resources may allow a client - to request the generation of an - appropriate name automatically. - Name is primarily intended for creation - idempotence and configuration definition. - Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' type: string namespace: - description: "Namespace defines the - space within each name must be unique. - An empty namespace is equivalent - to the \"default\" namespace, but - \"default\" is the canonical representation. - Not all objects are required to - be scoped to a namespace - the value - of this field for those objects - will be empty. \n Must be a DNS_LABEL. - Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" type: string ownerReferences: - description: List of objects depended - by this object. If ALL objects in - the list have been deleted, this - object will be garbage collected. - If this object is managed by a controller, - then an entry in this list will - point to this controller, with the - controller field set to true. There - cannot be more than one managing - controller. items: - description: OwnerReference contains - enough information to let you - identify an owning object. An - owning object must be in the same - namespace as the dependent, or - be cluster-scoped, so there is - no namespace field. properties: apiVersion: - description: API version of - the referent. type: string blockOwnerDeletion: - description: If true, AND if - the owner has the "foregroundDeletion" - finalizer, then the owner - cannot be deleted from the - key-value store until this - reference is removed. See - https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion - for how the garbage collector - interacts with this field - and enforces the foreground - deletion. Defaults to false. - To set this field, a user - needs "delete" permission - of the owner, otherwise 422 - (Unprocessable Entity) will - be returned. type: boolean controller: - description: If true, this reference - points to the managing controller. type: boolean kind: - description: 'Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: - description: 'UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -8348,56 +3424,19 @@ spec: type: array type: object spec: - description: The specification for the - PersistentVolumeClaim. The entire content - is copied unchanged into the PVC that - gets created from this template. The - same fields as in a PersistentVolumeClaim - are also valid here. properties: accessModes: - description: 'accessModes contains - the desired access modes the volume - should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array x-kubernetes-list-type: atomic dataSource: - description: 'dataSource field can - be used to specify either: * An - existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an external - controller can support the specified - data source, it will create a new - volume based on the contents of - the specified data source. When - the AnyVolumeDataSource feature - gate is enabled, dataSource contents - will be copied to dataSourceRef, - and dataSourceRef contents will - be copied to dataSource when dataSourceRef.namespace - is not specified. If the namespace - is specified, then dataSourceRef - will not be copied to dataSource.' properties: apiGroup: - description: APIGroup is the group - for the resource being referenced. - If APIGroup is not specified, - the specified Kind must be in - the core API group. For any - other third-party types, APIGroup - is required. type: string kind: - description: Kind is the type - of resource being referenced type: string name: - description: Name is the name - of resource being referenced type: string required: - kind @@ -8405,93 +3444,20 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef specifies - the object from which to populate - the volume with data, if a non-empty - volume is desired. This may be any - object from a non-empty API group - (non core object) or a PersistentVolumeClaim - object. When this field is specified, - volume binding will only succeed - if the type of the specified object - matches some installed volume populator - or dynamic provisioner. This field - will replace the functionality of - the dataSource field and as such - if both fields are non-empty, they - must have the same value. For backwards - compatibility, when namespace isn''t - specified in dataSourceRef, both - fields (dataSource and dataSourceRef) - will be set to the same value automatically - if one of them is empty and the - other is non-empty. When namespace - is specified in dataSourceRef, dataSource - isn''t set to the same value and - must be empty. There are three important - differences between dataSource and - dataSourceRef: * While dataSource - only allows two specific types of - objects, dataSourceRef allows any - non-core object, as well as PersistentVolumeClaim - objects. * While dataSource ignores - disallowed values (dropping them), - dataSourceRef preserves all values, - and generates an error if a disallowed - value is specified. * While dataSource - only allows local objects, dataSourceRef - allows objects in any namespaces. - (Beta) Using this field requires - the AnyVolumeDataSource feature - gate to be enabled. (Alpha) Using - the namespace field of dataSourceRef - requires the CrossNamespaceVolumeDataSource - feature gate to be enabled.' properties: apiGroup: - description: APIGroup is the group - for the resource being referenced. - If APIGroup is not specified, - the specified Kind must be in - the core API group. For any - other third-party types, APIGroup - is required. type: string kind: - description: Kind is the type - of resource being referenced type: string name: - description: Name is the name - of resource being referenced type: string namespace: - description: Namespace is the - namespace of resource being - referenced Note that when a - namespace is specified, a gateway.networking.k8s.io/ReferenceGrant - object is required in the referent - namespace to allow that namespace's - owner to accept the reference. - See the ReferenceGrant documentation - for details. (Alpha) This field - requires the CrossNamespaceVolumeDataSource - feature gate to be enabled. type: string required: - kind - name type: object resources: - description: 'resources represents - the minimum resources the volume - should have. If RecoverVolumeExpansionFailure - feature is enabled users are allowed - to specify resource requirements - that are lower than previous value - but must still be higher than capacity - recorded in the status field of - the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: @@ -8500,10 +3466,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes - the maximum amount of compute - resources allowed. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -8512,56 +3474,18 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes - the minimum amount of compute - resources required. If Requests - is omitted for a container, - it defaults to Limits if that - is explicitly specified, otherwise - to an implementation-defined - value. Requests cannot exceed - Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: - description: selector is a label query - over volumes to consider for binding. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, a key, - and an operator that relates - the key and values. properties: key: - description: key is the - label key that the selector - applies to. type: string operator: - description: operator represents - a key's relationship to - a set of values. Valid - operators are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values is an - array of string values. - If the operator is In - or NotIn, the values array - must be non-empty. If - the operator is Exists - or DoesNotExist, the values - array must be empty. This - array is replaced during - a strategic merge patch. items: type: string type: array @@ -8575,61 +3499,16 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a - map of {key,value} pairs. A - single {key,value} in the matchLabels - map is equivalent to an element - of matchExpressions, whose key - field is "key", the operator - is "In", and the values array - contains only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName is - the name of the StorageClass required - by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeAttributesClassName: - description: 'volumeAttributesClassName - may be used to set the VolumeAttributesClass - used by this claim. If specified, - the CSI driver will create or update - the volume with the attributes defined - in the corresponding VolumeAttributesClass. - This has a different purpose than - storageClassName, it can be changed - after the claim is created. An empty - string value means that no VolumeAttributesClass - will be applied to the claim but - it''s not allowed to reset this - field to empty string once it is - set. If unspecified and the PersistentVolumeClaim - is unbound, the default VolumeAttributesClass - will be set by the persistentvolume - controller if it exists. If the - resource referred to by volumeAttributesClass - does not exist, this PersistentVolumeClaim - will be set to a Pending state, - as reflected by the modifyVolumeStatus - field, until such as a resource - exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires - the VolumeAttributesClass feature - gate to be enabled.' type: string volumeMode: - description: volumeMode defines what - type of volume is required by the - claim. Value of Filesystem is implied - when not included in claim spec. type: string volumeName: - description: volumeName is the binding - reference to the PersistentVolume - backing this claim. type: string type: object required: @@ -8637,94 +3516,41 @@ spec: type: object type: object fc: - description: fc represents a Fibre Channel resource - that is attached to a kubelet's host machine - and then exposed to the pod. properties: fsType: - description: 'fsType is the filesystem type - to mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be - "ext4" if unspecified. TODO: how do we prevent - errors in the filesystem from compromising - the machine' type: string lun: - description: 'lun is Optional: FC target lun - number' format: int32 type: integer readOnly: - description: 'readOnly is Optional: Defaults - to false (read/write). ReadOnly here will - force the ReadOnly setting in VolumeMounts.' type: boolean targetWWNs: - description: 'targetWWNs is Optional: FC target - worldwide names (WWNs)' items: type: string type: array x-kubernetes-list-type: atomic wwids: - description: 'wwids Optional: FC volume world - wide identifiers (wwids) Either wwids or - combination of targetWWNs and lun must be - set, but not both simultaneously.' items: type: string type: array x-kubernetes-list-type: atomic type: object flexVolume: - description: flexVolume represents a generic volume - resource that is provisioned/attached using - an exec based plugin. properties: driver: - description: driver is the name of the driver - to use for this volume. type: string fsType: - description: fsType is the filesystem type - to mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". The default filesystem depends - on FlexVolume script. type: string options: additionalProperties: type: string - description: 'options is Optional: this field - holds extra command options if any.' type: object readOnly: - description: 'readOnly is Optional: defaults - to false (read/write). ReadOnly here will - force the ReadOnly setting in VolumeMounts.' type: boolean secretRef: - description: 'secretRef is Optional: secretRef - is reference to the secret object containing - sensitive information to pass to the plugin - scripts. This may be empty if no secret - object is specified. If the secret object - contains more than one secret, all secrets - are passed to the plugin scripts.' properties: name: default: "" - description: 'Name of the referent. This - field is effectively required, but due - to backwards compatibility is allowed - to be empty. Instances of this type - with an empty value here are almost - certainly wrong. TODO: Add other useful - fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic @@ -8732,192 +3558,79 @@ spec: - driver type: object flocker: - description: flocker represents a Flocker volume - attached to a kubelet's host machine. This depends - on the Flocker control service being running properties: datasetName: - description: datasetName is Name of the dataset - stored as metadata -> name on the dataset - for Flocker should be considered as deprecated type: string datasetUUID: - description: datasetUUID is the UUID of the - dataset. This is unique identifier of a - Flocker dataset type: string type: object gcePersistentDisk: - description: 'gcePersistentDisk represents a GCE - Disk resource that is attached to a kubelet''s - host machine and then exposed to the pod. More - info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' properties: fsType: - description: 'fsType is filesystem type of - the volume that you want to mount. Tip: - Ensure that the filesystem type is supported - by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred - to be "ext4" if unspecified. More info: - https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem - from compromising the machine' type: string partition: - description: 'partition is the partition in - the volume that you want to mount. If omitted, - the default is to mount by volume name. - Examples: For volume /dev/sda1, you specify - the partition as "1". Similarly, the volume - partition for /dev/sda is "0" (or you can - leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' format: int32 type: integer pdName: - description: 'pdName is unique name of the - PD resource in GCE. Used to identify the - disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: string readOnly: - description: 'readOnly here will force the - ReadOnly setting in VolumeMounts. Defaults - to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: boolean required: - pdName type: object glusterfs: - description: 'glusterfs represents a Glusterfs - mount on the host that shares a pod''s lifetime. - More info: https://examples.k8s.io/volumes/glusterfs/README.md' properties: endpoints: - description: 'endpoints is the endpoint name - that details Glusterfs topology. More info: - https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string path: - description: 'path is the Glusterfs volume - path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string readOnly: - description: 'readOnly here will force the - Glusterfs volume to be mounted with read-only - permissions. Defaults to false. More info: - https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: boolean required: - endpoints - path type: object hostPath: - description: 'hostPath represents a pre-existing - file or directory on the host machine that is - directly exposed to the container. This is generally - used for system agents or other privileged things - that are allowed to see the host machine. Most - containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict who can - use host directory mounts and who can/can not - mount host directories as read/write.' properties: path: - description: 'path of the directory on the - host. If the path is a symlink, it will - follow the link to the real path. More info: - https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string type: - description: 'type for HostPath Volume Defaults - to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string required: - path type: object iscsi: - description: 'iscsi represents an ISCSI Disk resource - that is attached to a kubelet''s host machine - and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' properties: chapAuthDiscovery: - description: chapAuthDiscovery defines whether - support iSCSI Discovery CHAP authentication type: boolean chapAuthSession: - description: chapAuthSession defines whether - support iSCSI Session CHAP authentication type: boolean fsType: - description: 'fsType is the filesystem type - of the volume that you want to mount. Tip: - Ensure that the filesystem type is supported - by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred - to be "ext4" if unspecified. More info: - https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem - from compromising the machine' type: string initiatorName: - description: initiatorName is the custom iSCSI - Initiator Name. If initiatorName is specified - with iscsiInterface simultaneously, new - iSCSI interface : will be created for the connection. type: string iqn: - description: iqn is the target iSCSI Qualified - Name. type: string iscsiInterface: - description: iscsiInterface is the interface - Name that uses an iSCSI transport. Defaults - to 'default' (tcp). type: string lun: - description: lun represents iSCSI Target Lun - number. format: int32 type: integer portals: - description: portals is the iSCSI Target Portal - List. The portal is either an IP or ip_addr:port - if the port is other than default (typically - TCP ports 860 and 3260). items: type: string type: array x-kubernetes-list-type: atomic readOnly: - description: readOnly here will force the - ReadOnly setting in VolumeMounts. Defaults - to false. type: boolean secretRef: - description: secretRef is the CHAP Secret - for iSCSI target and initiator authentication properties: name: default: "" - description: 'Name of the referent. This - field is effectively required, but due - to backwards compatibility is allowed - to be empty. Instances of this type - with an empty value here are almost - certainly wrong. TODO: Add other useful - fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic targetPortal: - description: targetPortal is iSCSI Target - Portal. The Portal is either an IP or ip_addr:port - if the port is other than default (typically - TCP ports 860 and 3260). type: string required: - iqn @@ -8925,178 +3638,66 @@ spec: - targetPortal type: object nfs: - description: 'nfs represents an NFS mount on the - host that shares a pod''s lifetime More info: - https://kubernetes.io/docs/concepts/storage/volumes#nfs' properties: path: - description: 'path that is exported by the - NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string readOnly: - description: 'readOnly here will force the - NFS export to be mounted with read-only - permissions. Defaults to false. More info: - https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: boolean server: - description: 'server is the hostname or IP - address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string required: - path - server type: object persistentVolumeClaim: - description: 'persistentVolumeClaimVolumeSource - represents a reference to a PersistentVolumeClaim - in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: claimName: - description: 'claimName is the name of a PersistentVolumeClaim - in the same namespace as the pod using this - volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' type: string readOnly: - description: readOnly Will force the ReadOnly - setting in VolumeMounts. Default false. type: boolean required: - claimName type: object photonPersistentDisk: - description: photonPersistentDisk represents a - PhotonController persistent disk attached and - mounted on kubelets host machine properties: fsType: - description: fsType is the filesystem type - to mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be - "ext4" if unspecified. type: string pdID: - description: pdID is the ID that identifies - Photon Controller persistent disk type: string required: - pdID type: object portworxVolume: - description: portworxVolume represents a portworx - volume attached and mounted on kubelets host - machine properties: fsType: - description: fSType represents the filesystem - type to mount Must be a filesystem type - supported by the host operating system. - Ex. "ext4", "xfs". Implicitly inferred to - be "ext4" if unspecified. type: string readOnly: - description: readOnly defaults to false (read/write). - ReadOnly here will force the ReadOnly setting - in VolumeMounts. type: boolean volumeID: - description: volumeID uniquely identifies - a Portworx volume type: string required: - volumeID type: object projected: - description: projected items for all in one resources - secrets, configmaps, and downward API properties: defaultMode: - description: defaultMode are the mode bits - used to set permissions on created files - by default. Must be an octal value between - 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal - values, JSON requires decimal values for - mode bits. Directories within the path are - not affected by this setting. This might - be in conflict with other options that affect - the file mode, like fsGroup, and the result - can be other mode bits set. format: int32 type: integer sources: - description: sources is the list of volume - projections items: - description: Projection that may be projected - along with other supported volume types properties: clusterTrustBundle: - description: "ClusterTrustBundle allows - a pod to access the `.spec.trustBundle` - field of ClusterTrustBundle objects - in an auto-updating file. \n Alpha, - gated by the ClusterTrustBundleProjection - feature gate. \n ClusterTrustBundle - objects can either be selected by - name, or by the combination of signer - name and a label selector. \n Kubelet - performs aggressive normalization - of the PEM contents written into the - pod filesystem. Esoteric PEM features - such as inter-block comments and block - headers are stripped. Certificates - are deduplicated. The ordering of - certificates within the file is arbitrary, - and Kubelet may change the order over - time." properties: labelSelector: - description: Select all ClusterTrustBundles - that match this label selector. Only - has effect if signerName is set. Mutually-exclusive - with name. If unset, interpreted - as "match nothing". If set but - empty, interpreted as "match everything". properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, a - key, and an operator that - relates the key and values. properties: key: - description: key is the - label key that the selector - applies to. type: string operator: - description: operator - represents a key's relationship - to a set of values. - Valid operators are - In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is - an array of string values. - If the operator is In - or NotIn, the values - array must be non-empty. - If the operator is Exists - or DoesNotExist, the - values array must be - empty. This array is - replaced during a strategic - merge patch. items: type: string type: array @@ -9110,103 +3711,31 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in the - matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic name: - description: Select a single ClusterTrustBundle - by object name. Mutually-exclusive - with signerName and labelSelector. type: string optional: - description: If true, don't block - pod startup if the referenced - ClusterTrustBundle(s) aren't available. If - using name, then the named ClusterTrustBundle - is allowed not to exist. If using - signerName, then the combination - of signerName and labelSelector - is allowed to match zero ClusterTrustBundles. type: boolean path: - description: Relative path from - the volume root to write the bundle. type: string signerName: - description: Select all ClusterTrustBundles - that match this signer name. Mutually-exclusive - with name. The contents of all - selected ClusterTrustBundles will - be unified and deduplicated. type: string required: - path type: object configMap: - description: configMap information about - the configMap data to project properties: items: - description: items if unspecified, - each key-value pair in the Data - field of the referenced ConfigMap - will be projected into the volume - as a file whose name is the key - and content is the value. If specified, - the listed keys will be projected - into the specified paths, and - unlisted keys will not be present. - If a key is specified which is - not present in the ConfigMap, - the volume setup will error unless - it is marked optional. Paths must - be relative and may not contain - the '..' path or start with '..'. items: - description: Maps a string key - to a path within a volume. properties: key: - description: key is the key - to project. type: string mode: - description: 'mode is Optional: - mode bits used to set permissions - on this file. Must be an - octal value between 0000 - and 0777 or a decimal value - between 0 and 511. YAML - accepts both octal and decimal - values, JSON requires decimal - values for mode bits. If - not specified, the volume - defaultMode will be used. - This might be in conflict - with other options that - affect the file mode, like - fsGroup, and the result - can be other mode bits set.' format: int32 type: integer path: - description: path is the relative - path of the file to map - the key to. May not be an - absolute path. May not contain - the path element '..'. May - not start with the string - '..'. type: string required: - key @@ -9216,116 +3745,42 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional specify whether - the ConfigMap or its keys must - be defined type: boolean type: object x-kubernetes-map-type: atomic downwardAPI: - description: downwardAPI information - about the downwardAPI data to project properties: items: - description: Items is a list of - DownwardAPIVolume file items: - description: DownwardAPIVolumeFile - represents information to create - the file containing the pod - field properties: fieldRef: - description: 'Required: Selects - a field of the pod: only - annotations, labels, name, - namespace and uid are supported.' properties: apiVersion: - description: Version of - the schema the FieldPath - is written in terms - of, defaults to "v1". type: string fieldPath: - description: Path of the - field to select in the - specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: mode - bits used to set permissions - on this file, must be an - octal value between 0000 - and 0777 or a decimal value - between 0 and 511. YAML - accepts both octal and decimal - values, JSON requires decimal - values for mode bits. If - not specified, the volume - defaultMode will be used. - This might be in conflict - with other options that - affect the file mode, like - fsGroup, and the result - can be other mode bits set.' format: int32 type: integer path: - description: 'Required: Path - is the relative path name - of the file to be created. - Must not be absolute or - contain the ''..'' path. - Must be utf-8 encoded. The - first item of the relative - path must not start with - ''..''' type: string resourceFieldRef: - description: 'Selects a resource - of the container: only resources - limits and requests (limits.cpu, - limits.memory, requests.cpu - and requests.memory) are - currently supported.' properties: containerName: - description: 'Container - name: required for volumes, - optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies - the output format of - the exposed resources, - defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: - resource to select' type: string required: - resource @@ -9338,60 +3793,16 @@ spec: x-kubernetes-list-type: atomic type: object secret: - description: secret information about - the secret data to project properties: items: - description: items if unspecified, - each key-value pair in the Data - field of the referenced Secret - will be projected into the volume - as a file whose name is the key - and content is the value. If specified, - the listed keys will be projected - into the specified paths, and - unlisted keys will not be present. - If a key is specified which is - not present in the Secret, the - volume setup will error unless - it is marked optional. Paths must - be relative and may not contain - the '..' path or start with '..'. items: - description: Maps a string key - to a path within a volume. properties: key: - description: key is the key - to project. type: string mode: - description: 'mode is Optional: - mode bits used to set permissions - on this file. Must be an - octal value between 0000 - and 0777 or a decimal value - between 0 and 511. YAML - accepts both octal and decimal - values, JSON requires decimal - values for mode bits. If - not specified, the volume - defaultMode will be used. - This might be in conflict - with other options that - affect the file mode, like - fsGroup, and the result - can be other mode bits set.' format: int32 type: integer path: - description: path is the relative - path of the file to map - the key to. May not be an - absolute path. May not contain - the path element '..'. May - not start with the string - '..'. type: string required: - key @@ -9401,61 +3812,19 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional field specify - whether the Secret or its key - must be defined type: boolean type: object x-kubernetes-map-type: atomic serviceAccountToken: - description: serviceAccountToken is - information about the serviceAccountToken - data to project properties: audience: - description: audience is the intended - audience of the token. A recipient - of a token must identify itself - with an identifier specified in - the audience of the token, and - otherwise should reject the token. - The audience defaults to the identifier - of the apiserver. type: string expirationSeconds: - description: expirationSeconds is - the requested duration of validity - of the service account token. - As the token approaches expiration, - the kubelet volume plugin will - proactively rotate the service - account token. The kubelet will - start trying to rotate the token - if the token is older than 80 - percent of its time to live or - if the token is older than 24 - hours.Defaults to 1 hour and must - be at least 10 minutes. format: int64 type: integer path: - description: path is the path relative - to the mount point of the file - to project the token into. type: string required: - path @@ -9465,179 +3834,79 @@ spec: x-kubernetes-list-type: atomic type: object quobyte: - description: quobyte represents a Quobyte mount - on the host that shares a pod's lifetime properties: group: - description: group to map volume access to - Default is no group type: string readOnly: - description: readOnly here will force the - Quobyte volume to be mounted with read-only - permissions. Defaults to false. type: boolean registry: - description: registry represents a single - or multiple Quobyte Registry services specified - as a string as host:port pair (multiple - entries are separated with commas) which - acts as the central registry for volumes type: string tenant: - description: tenant owning the given Quobyte - volume in the Backend Used with dynamically - provisioned Quobyte volumes, value is set - by the plugin type: string user: - description: user to map volume access to - Defaults to serivceaccount user type: string volume: - description: volume is a string that references - an already created Quobyte volume by name. type: string required: - registry - volume type: object rbd: - description: 'rbd represents a Rados Block Device - mount on the host that shares a pod''s lifetime. - More info: https://examples.k8s.io/volumes/rbd/README.md' properties: fsType: - description: 'fsType is the filesystem type - of the volume that you want to mount. Tip: - Ensure that the filesystem type is supported - by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred - to be "ext4" if unspecified. More info: - https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem - from compromising the machine' type: string image: - description: 'image is the rados image name. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string keyring: - description: 'keyring is the path to key ring - for RBDUser. Default is /etc/ceph/keyring. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string monitors: - description: 'monitors is a collection of - Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' items: type: string type: array x-kubernetes-list-type: atomic pool: - description: 'pool is the rados pool name. - Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string readOnly: - description: 'readOnly here will force the - ReadOnly setting in VolumeMounts. Defaults - to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: boolean secretRef: - description: 'secretRef is name of the authentication - secret for RBDUser. If provided overrides - keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' properties: name: default: "" - description: 'Name of the referent. This - field is effectively required, but due - to backwards compatibility is allowed - to be empty. Instances of this type - with an empty value here are almost - certainly wrong. TODO: Add other useful - fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is the rados user name. - Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string required: - image - monitors type: object scaleIO: - description: scaleIO represents a ScaleIO persistent - volume attached and mounted on Kubernetes nodes. properties: fsType: - description: fsType is the filesystem type - to mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Default is "xfs". type: string gateway: - description: gateway is the host address of - the ScaleIO API Gateway. type: string protectionDomain: - description: protectionDomain is the name - of the ScaleIO Protection Domain for the - configured storage. type: string readOnly: - description: readOnly Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting - in VolumeMounts. type: boolean secretRef: - description: secretRef references to the secret - for ScaleIO user and other sensitive information. - If this is not provided, Login operation - will fail. properties: name: default: "" - description: 'Name of the referent. This - field is effectively required, but due - to backwards compatibility is allowed - to be empty. Instances of this type - with an empty value here are almost - certainly wrong. TODO: Add other useful - fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic sslEnabled: - description: sslEnabled Flag enable/disable - SSL communication with Gateway, default - false type: boolean storageMode: - description: storageMode indicates whether - the storage for a volume should be ThickProvisioned - or ThinProvisioned. Default is ThinProvisioned. type: string storagePool: - description: storagePool is the ScaleIO Storage - Pool associated with the protection domain. type: string system: - description: system is the name of the storage - system as configured in ScaleIO. type: string volumeName: - description: volumeName is the name of a volume - already created in the ScaleIO system that - is associated with this volume source. type: string required: - gateway @@ -9645,65 +3914,19 @@ spec: - system type: object secret: - description: 'secret represents a secret that - should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' properties: defaultMode: - description: 'defaultMode is Optional: mode - bits used to set permissions on created - files by default. Must be an octal value - between 0000 and 0777 or a decimal value - between 0 and 511. YAML accepts both octal - and decimal values, JSON requires decimal - values for mode bits. Defaults to 0644. - Directories within the path are not affected - by this setting. This might be in conflict - with other options that affect the file - mode, like fsGroup, and the result can be - other mode bits set.' format: int32 type: integer items: - description: items If unspecified, each key-value - pair in the Data field of the referenced - Secret will be projected into the volume - as a file whose name is the key and content - is the value. If specified, the listed keys - will be projected into the specified paths, - and unlisted keys will not be present. If - a key is specified which is not present - in the Secret, the volume setup will error - unless it is marked optional. Paths must - be relative and may not contain the '..' - path or start with '..'. items: - description: Maps a string key to a path - within a volume. properties: key: - description: key is the key to project. type: string mode: - description: 'mode is Optional: mode - bits used to set permissions on this - file. Must be an octal value between - 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal - and decimal values, JSON requires - decimal values for mode bits. If not - specified, the volume defaultMode - will be used. This might be in conflict - with other options that affect the - file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer path: - description: path is the relative path - of the file to map the key to. May - not be an absolute path. May not contain - the path element '..'. May not start - with the string '..'. type: string required: - key @@ -9712,198 +3935,60 @@ spec: type: array x-kubernetes-list-type: atomic optional: - description: optional field specify whether - the Secret or its keys must be defined type: boolean secretName: - description: 'secretName is the name of the - secret in the pod''s namespace to use. More - info: https://kubernetes.io/docs/concepts/storage/volumes#secret' type: string type: object storageos: - description: storageOS represents a StorageOS - volume attached and mounted on Kubernetes nodes. properties: fsType: - description: fsType is the filesystem type - to mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be - "ext4" if unspecified. type: string readOnly: - description: readOnly defaults to false (read/write). - ReadOnly here will force the ReadOnly setting - in VolumeMounts. type: boolean secretRef: - description: secretRef specifies the secret - to use for obtaining the StorageOS API credentials. If - not specified, default values will be attempted. properties: name: default: "" - description: 'Name of the referent. This - field is effectively required, but due - to backwards compatibility is allowed - to be empty. Instances of this type - with an empty value here are almost - certainly wrong. TODO: Add other useful - fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic volumeName: - description: volumeName is the human-readable - name of the StorageOS volume. Volume names - are only unique within a namespace. type: string volumeNamespace: - description: volumeNamespace specifies the - scope of the volume within StorageOS. If - no namespace is specified then the Pod's - namespace will be used. This allows the - Kubernetes name scoping to be mirrored within - StorageOS for tighter integration. Set VolumeName - to any name to override the default behaviour. - Set to "default" if you are not using namespaces - within StorageOS. Namespaces that do not - pre-exist within StorageOS will be created. type: string type: object volumeClaimTemplate: - description: VolumeClaimTemplate specifies a template - for volume to use by the backup/restore executor properties: metadata: - description: May contain labels and annotations - that will be copied into the PVC when creating - it. No other fields are allowed and will - be rejected during validation. properties: annotations: additionalProperties: type: string - description: 'Annotations is an unstructured - key value map stored with a resource - that may be set by external tools to - store and retrieve arbitrary metadata. - They are not queryable and should be - preserved when modifying objects. More - info: http://kubernetes.io/docs/user-guide/annotations' type: object generateName: - description: "GenerateName is an optional - prefix, used by the server, to generate - a unique name ONLY IF the Name field - has not been provided. If this field - is used, the name returned to the client - will be different than the name passed. - This value will also be combined with - a unique suffix. The provided value - has the same validation rules as the - Name field, and may be truncated by - the length of the suffix required to - make the value unique on the server. - \n If this field is specified and the - generated name exists, the server will - NOT return a 409 - instead, it will - either return 201 Created or 500 with - Reason ServerTimeout indicating a unique - name could not be found in the time - allotted, and the client should retry - (optionally after the time indicated - in the Retry-After header). \n Applied - only if Name is not specified. More - info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" type: string labels: additionalProperties: type: string - description: 'Map of string keys and values - that can be used to organize and categorize - (scope and select) objects. May match - selectors of replication controllers - and services. More info: http://kubernetes.io/docs/user-guide/labels' type: object name: - description: 'Name must be unique within - a namespace. Is required when creating - resources, although some resources may - allow a client to request the generation - of an appropriate name automatically. - Name is primarily intended for creation - idempotence and configuration definition. - Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' type: string namespace: - description: "Namespace defines the space - within each name must be unique. An - empty namespace is equivalent to the - \"default\" namespace, but \"default\" - is the canonical representation. Not - all objects are required to be scoped - to a namespace - the value of this field - for those objects will be empty. \n - Must be a DNS_LABEL. Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/namespaces" type: string ownerReferences: - description: List of objects depended - by this object. If ALL objects in the - list have been deleted, this object - will be garbage collected. If this object - is managed by a controller, then an - entry in this list will point to this - controller, with the controller field - set to true. There cannot be more than - one managing controller. items: - description: OwnerReference contains - enough information to let you identify - an owning object. An owning object - must be in the same namespace as the - dependent, or be cluster-scoped, so - there is no namespace field. properties: apiVersion: - description: API version of the - referent. type: string blockOwnerDeletion: - description: If true, AND if the - owner has the "foregroundDeletion" - finalizer, then the owner cannot - be deleted from the key-value - store until this reference is - removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion - for how the garbage collector - interacts with this field and - enforces the foreground deletion. - Defaults to false. To set this - field, a user needs "delete" permission - of the owner, otherwise 422 (Unprocessable - Entity) will be returned. type: boolean controller: - description: If true, this reference - points to the managing controller. type: boolean kind: - description: 'Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: - description: 'UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -9915,53 +4000,19 @@ spec: type: array type: object spec: - description: The specification for the PersistentVolumeClaim. - The entire content is copied unchanged into - the PVC that gets created from this template. - The same fields as in a PersistentVolumeClaim - are also valid here. properties: accessModes: - description: 'accessModes contains the - desired access modes the volume should - have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array x-kubernetes-list-type: atomic dataSource: - description: 'dataSource field can be - used to specify either: * An existing - VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an external controller - can support the specified data source, - it will create a new volume based on - the contents of the specified data source. - When the AnyVolumeDataSource feature - gate is enabled, dataSource contents - will be copied to dataSourceRef, and - dataSourceRef contents will be copied - to dataSource when dataSourceRef.namespace - is not specified. If the namespace is - specified, then dataSourceRef will not - be copied to dataSource.' properties: apiGroup: - description: APIGroup is the group - for the resource being referenced. - If APIGroup is not specified, the - specified Kind must be in the core - API group. For any other third-party - types, APIGroup is required. type: string kind: - description: Kind is the type of resource - being referenced type: string name: - description: Name is the name of resource - being referenced type: string required: - kind @@ -9969,88 +4020,20 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef specifies - the object from which to populate the - volume with data, if a non-empty volume - is desired. This may be any object from - a non-empty API group (non core object) - or a PersistentVolumeClaim object. When - this field is specified, volume binding - will only succeed if the type of the - specified object matches some installed - volume populator or dynamic provisioner. - This field will replace the functionality - of the dataSource field and as such - if both fields are non-empty, they must - have the same value. For backwards compatibility, - when namespace isn''t specified in dataSourceRef, - both fields (dataSource and dataSourceRef) - will be set to the same value automatically - if one of them is empty and the other - is non-empty. When namespace is specified - in dataSourceRef, dataSource isn''t - set to the same value and must be empty. - There are three important differences - between dataSource and dataSourceRef: - * While dataSource only allows two specific - types of objects, dataSourceRef allows - any non-core object, as well as PersistentVolumeClaim - objects. * While dataSource ignores - disallowed values (dropping them), dataSourceRef - preserves all values, and generates - an error if a disallowed value is specified. - * While dataSource only allows local - objects, dataSourceRef allows objects - in any namespaces. (Beta) Using this - field requires the AnyVolumeDataSource - feature gate to be enabled. (Alpha) - Using the namespace field of dataSourceRef - requires the CrossNamespaceVolumeDataSource - feature gate to be enabled.' properties: apiGroup: - description: APIGroup is the group - for the resource being referenced. - If APIGroup is not specified, the - specified Kind must be in the core - API group. For any other third-party - types, APIGroup is required. type: string kind: - description: Kind is the type of resource - being referenced type: string name: - description: Name is the name of resource - being referenced type: string namespace: - description: Namespace is the namespace - of resource being referenced Note - that when a namespace is specified, - a gateway.networking.k8s.io/ReferenceGrant - object is required in the referent - namespace to allow that namespace's - owner to accept the reference. See - the ReferenceGrant documentation - for details. (Alpha) This field - requires the CrossNamespaceVolumeDataSource - feature gate to be enabled. type: string required: - kind - name type: object resources: - description: 'resources represents the - minimum resources the volume should - have. If RecoverVolumeExpansionFailure - feature is enabled users are allowed - to specify resource requirements that - are lower than previous value but must - still be higher than capacity recorded - in the status field of the claim. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: @@ -10059,9 +4042,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the - maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -10070,52 +4050,18 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the - minimum amount of compute resources - required. If Requests is omitted - for a container, it defaults to - Limits if that is explicitly specified, - otherwise to an implementation-defined - value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: - description: selector is a label query - over volumes to consider for binding. properties: matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. properties: key: - description: key is the label - key that the selector applies - to. type: string operator: - description: operator represents - a key's relationship to a - set of values. Valid operators - are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an array - of string values. If the operator - is In or NotIn, the values - array must be non-empty. If - the operator is Exists or - DoesNotExist, the values array - must be empty. This array - is replaced during a strategic - merge patch. items: type: string type: array @@ -10129,89 +4075,30 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map - of {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are - ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName is the - name of the StorageClass required by - the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeAttributesClassName: - description: 'volumeAttributesClassName - may be used to set the VolumeAttributesClass - used by this claim. If specified, the - CSI driver will create or update the - volume with the attributes defined in - the corresponding VolumeAttributesClass. - This has a different purpose than storageClassName, - it can be changed after the claim is - created. An empty string value means - that no VolumeAttributesClass will be - applied to the claim but it''s not allowed - to reset this field to empty string - once it is set. If unspecified and the - PersistentVolumeClaim is unbound, the - default VolumeAttributesClass will be - set by the persistentvolume controller - if it exists. If the resource referred - to by volumeAttributesClass does not - exist, this PersistentVolumeClaim will - be set to a Pending state, as reflected - by the modifyVolumeStatus field, until - such as a resource exists. More info: - https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires the - VolumeAttributesClass feature gate to - be enabled.' type: string volumeMode: - description: volumeMode defines what type - of volume is required by the claim. - Value of Filesystem is implied when - not included in claim spec. type: string volumeName: - description: volumeName is the binding - reference to the PersistentVolume backing - this claim. type: string type: object required: - spec type: object vsphereVolume: - description: vsphereVolume represents a vSphere - volume attached and mounted on kubelets host - machine properties: fsType: - description: fsType is filesystem type to - mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be - "ext4" if unspecified. type: string storagePolicyID: - description: storagePolicyID is the storage - Policy Based Management (SPBM) profile ID - associated with the StoragePolicyName. type: string storagePolicyName: - description: storagePolicyName is the storage - Policy Based Management (SPBM) profile name. type: string volumePath: - description: volumePath is the path that identifies - vSphere volume vmdk type: string required: - volumePath @@ -10220,154 +4107,49 @@ spec: type: object type: array name: - description: Name indicates to the name of the task type: string params: - description: Params specifies parameters for the task. You - must provide the parameter in the Addon desired structure. type: object x-kubernetes-preserve-unknown-fields: true targetVolumes: - description: TargetVolumes specifies which volumes from - the target should be mounted in the backup/restore job/container. properties: volumeClaimTemplates: - description: VolumeClaimTemplates specifies a template - for the PersistentVolumeClaims that will be created - for each Pod in a StatefulSet. items: - description: PersistentVolumeClaim is a user's request - for and claim to a persistent volume properties: apiVersion: - description: 'APIVersion defines the versioned - schema of this representation of an object. - Servers should convert recognized schemas to - the latest internal value, and may reject unrecognized - values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing - the REST resource this object represents. Servers - may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: - description: 'Standard object''s metadata. More - info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' properties: annotations: additionalProperties: type: string - description: 'Annotations is an unstructured - key value map stored with a resource that - may be set by external tools to store and - retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying - objects. More info: http://kubernetes.io/docs/user-guide/annotations' type: object generateName: - description: "GenerateName is an optional - prefix, used by the server, to generate - a unique name ONLY IF the Name field has - not been provided. If this field is used, - the name returned to the client will be - different than the name passed. This value - will also be combined with a unique suffix. - The provided value has the same validation - rules as the Name field, and may be truncated - by the length of the suffix required to - make the value unique on the server. \n - If this field is specified and the generated - name exists, the server will NOT return - a 409 - instead, it will either return 201 - Created or 500 with Reason ServerTimeout - indicating a unique name could not be found - in the time allotted, and the client should - retry (optionally after the time indicated - in the Retry-After header). \n Applied only - if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" type: string labels: additionalProperties: type: string - description: 'Map of string keys and values - that can be used to organize and categorize - (scope and select) objects. May match selectors - of replication controllers and services. - More info: http://kubernetes.io/docs/user-guide/labels' type: object name: - description: 'Name must be unique within a - namespace. Is required when creating resources, - although some resources may allow a client - to request the generation of an appropriate - name automatically. Name is primarily intended - for creation idempotence and configuration - definition. Cannot be updated. More info: - http://kubernetes.io/docs/user-guide/identifiers#names' type: string namespace: - description: "Namespace defines the space - within each name must be unique. An empty - namespace is equivalent to the \"default\" - namespace, but \"default\" is the canonical - representation. Not all objects are required - to be scoped to a namespace - the value - of this field for those objects will be - empty. \n Must be a DNS_LABEL. Cannot be - updated. More info: http://kubernetes.io/docs/user-guide/namespaces" type: string ownerReferences: - description: List of objects depended by this - object. If ALL objects in the list have - been deleted, this object will be garbage - collected. If this object is managed by - a controller, then an entry in this list - will point to this controller, with the - controller field set to true. There cannot - be more than one managing controller. items: - description: OwnerReference contains enough - information to let you identify an owning - object. An owning object must be in the - same namespace as the dependent, or be - cluster-scoped, so there is no namespace - field. properties: apiVersion: - description: API version of the referent. type: string blockOwnerDeletion: - description: If true, AND if the owner - has the "foregroundDeletion" finalizer, - then the owner cannot be deleted from - the key-value store until this reference - is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion - for how the garbage collector interacts - with this field and enforces the foreground - deletion. Defaults to false. To set - this field, a user needs "delete" - permission of the owner, otherwise - 422 (Unprocessable Entity) will be - returned. type: boolean controller: - description: If true, this reference - points to the managing controller. type: boolean kind: - description: 'Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: - description: 'UID of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -10379,49 +4161,19 @@ spec: type: array type: object spec: - description: 'Spec defines the desired characteristics - of a volume requested by a pod author. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: accessModes: - description: 'accessModes contains the desired - access modes the volume should have. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array x-kubernetes-list-type: atomic dataSource: - description: 'dataSource field can be used - to specify either: * An existing VolumeSnapshot - object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an external controller - can support the specified data source, it - will create a new volume based on the contents - of the specified data source. When the AnyVolumeDataSource - feature gate is enabled, dataSource contents - will be copied to dataSourceRef, and dataSourceRef - contents will be copied to dataSource when - dataSourceRef.namespace is not specified. - If the namespace is specified, then dataSourceRef - will not be copied to dataSource.' properties: apiGroup: - description: APIGroup is the group for - the resource being referenced. If APIGroup - is not specified, the specified Kind - must be in the core API group. For any - other third-party types, APIGroup is - required. type: string kind: - description: Kind is the type of resource - being referenced type: string name: - description: Name is the name of resource - being referenced type: string required: - kind @@ -10429,82 +4181,20 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef specifies the - object from which to populate the volume - with data, if a non-empty volume is desired. - This may be any object from a non-empty - API group (non core object) or a PersistentVolumeClaim - object. When this field is specified, volume - binding will only succeed if the type of - the specified object matches some installed - volume populator or dynamic provisioner. - This field will replace the functionality - of the dataSource field and as such if both - fields are non-empty, they must have the - same value. For backwards compatibility, - when namespace isn''t specified in dataSourceRef, - both fields (dataSource and dataSourceRef) - will be set to the same value automatically - if one of them is empty and the other is - non-empty. When namespace is specified in - dataSourceRef, dataSource isn''t set to - the same value and must be empty. There - are three important differences between - dataSource and dataSourceRef: * While dataSource - only allows two specific types of objects, - dataSourceRef allows any non-core object, - as well as PersistentVolumeClaim objects. - * While dataSource ignores disallowed values - (dropping them), dataSourceRef preserves - all values, and generates an error if a - disallowed value is specified. * While dataSource - only allows local objects, dataSourceRef - allows objects in any namespaces. (Beta) - Using this field requires the AnyVolumeDataSource - feature gate to be enabled. (Alpha) Using - the namespace field of dataSourceRef requires - the CrossNamespaceVolumeDataSource feature - gate to be enabled.' properties: apiGroup: - description: APIGroup is the group for - the resource being referenced. If APIGroup - is not specified, the specified Kind - must be in the core API group. For any - other third-party types, APIGroup is - required. type: string kind: - description: Kind is the type of resource - being referenced type: string name: - description: Name is the name of resource - being referenced type: string namespace: - description: Namespace is the namespace - of resource being referenced Note that - when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant - object is required in the referent namespace - to allow that namespace's owner to accept - the reference. See the ReferenceGrant - documentation for details. (Alpha) This - field requires the CrossNamespaceVolumeDataSource - feature gate to be enabled. type: string required: - kind - name type: object resources: - description: 'resources represents the minimum - resources the volume should have. If RecoverVolumeExpansionFailure - feature is enabled users are allowed to - specify resource requirements that are lower - than previous value but must still be higher - than capacity recorded in the status field - of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: @@ -10513,9 +4203,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum - amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -10524,48 +4211,18 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum - amount of compute resources required. - If Requests is omitted for a container, - it defaults to Limits if that is explicitly - specified, otherwise to an implementation-defined - value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: - description: selector is a label query over - volumes to consider for binding. properties: matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. properties: key: - description: key is the label key - that the selector applies to. type: string operator: - description: operator represents - a key's relationship to a set - of values. Valid operators are - In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array - of string values. If the operator - is In or NotIn, the values array - must be non-empty. If the operator - is Exists or DoesNotExist, the - values array must be empty. This - array is replaced during a strategic - merge patch. items: type: string type: array @@ -10579,120 +4236,28 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName is the name - of the StorageClass required by the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeAttributesClassName: - description: 'volumeAttributesClassName may - be used to set the VolumeAttributesClass - used by this claim. If specified, the CSI - driver will create or update the volume - with the attributes defined in the corresponding - VolumeAttributesClass. This has a different - purpose than storageClassName, it can be - changed after the claim is created. An empty - string value means that no VolumeAttributesClass - will be applied to the claim but it''s not - allowed to reset this field to empty string - once it is set. If unspecified and the PersistentVolumeClaim - is unbound, the default VolumeAttributesClass - will be set by the persistentvolume controller - if it exists. If the resource referred to - by volumeAttributesClass does not exist, - this PersistentVolumeClaim will be set to - a Pending state, as reflected by the modifyVolumeStatus - field, until such as a resource exists. - More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires the VolumeAttributesClass - feature gate to be enabled.' type: string volumeMode: - description: volumeMode defines what type - of volume is required by the claim. Value - of Filesystem is implied when not included - in claim spec. type: string volumeName: - description: volumeName is the binding reference - to the PersistentVolume backing this claim. type: string type: object status: - description: 'Status represents the current information/status - of a persistent volume claim. Read-only. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: accessModes: - description: 'accessModes contains the actual - access modes the volume backing the PVC - has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array x-kubernetes-list-type: atomic allocatedResourceStatuses: additionalProperties: - description: When a controller receives - persistentvolume claim update with ClaimResourceStatus - for a resource that it does not recognizes, - then it should ignore that update and - let other controllers handle it. type: string - description: "allocatedResourceStatuses stores - status of resource being resized for the - given PVC. Key names follow standard Kubernetes - label syntax. Valid values are either: * - Un-prefixed keys: - storage - the capacity - of the volume. * Custom resources must use - implementation-defined prefixed names such - as \"example.com/my-custom-resource\" Apart - from above values - keys that are unprefixed - or have kubernetes.io prefix are considered - reserved and hence may not be used. \n ClaimResourceStatus - can be in any of following states: - ControllerResizeInProgress: - State set when resize controller starts - resizing the volume in control-plane. - - ControllerResizeFailed: State set when resize - has failed in resize controller with a terminal - error. - NodeResizePending: State set when - resize controller has finished resizing - the volume but further resizing of volume - is needed on the node. - NodeResizeInProgress: - State set when kubelet starts resizing the - volume. - NodeResizeFailed: State set when - resizing has failed in kubelet with a terminal - error. Transient errors don't set NodeResizeFailed. - For example: if expanding a PVC for more - capacity - this field can be one of the - following states: - pvc.status.allocatedResourceStatus['storage'] - = \"ControllerResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] - = \"ControllerResizeFailed\" - pvc.status.allocatedResourceStatus['storage'] - = \"NodeResizePending\" - pvc.status.allocatedResourceStatus['storage'] - = \"NodeResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] - = \"NodeResizeFailed\" When this field is - not set, it means that no resize operation - is in progress for the given PVC. \n A controller - that receives PVC update with previously - unknown resourceName or ClaimResourceStatus - should ignore the update for the purpose - it was designed. For example - a controller - that only is responsible for resizing capacity - of the volume, should ignore PVC updates - that change other valid resources associated - with PVC. \n This is an alpha field and - requires enabling RecoverVolumeExpansionFailure - feature." type: object x-kubernetes-map-type: granular allocatedResources: @@ -10702,38 +4267,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: "allocatedResources tracks the - resources allocated to a PVC including its - capacity. Key names follow standard Kubernetes - label syntax. Valid values are either: * - Un-prefixed keys: - storage - the capacity - of the volume. * Custom resources must use - implementation-defined prefixed names such - as \"example.com/my-custom-resource\" Apart - from above values - keys that are unprefixed - or have kubernetes.io prefix are considered - reserved and hence may not be used. \n Capacity - reported here may be larger than the actual - capacity when a volume expansion operation - is requested. For storage quota, the larger - value from allocatedResources and PVC.spec.resources - is used. If allocatedResources is not set, - PVC.spec.resources alone is used for quota - calculation. If a volume expansion capacity - request is lowered, allocatedResources is - only lowered if there are no expansion operations - in progress and if the actual volume capacity - is equal or lower than the requested capacity. - \n A controller that receives PVC update - with previously unknown resourceName should - ignore the update for the purpose it was - designed. For example - a controller that - only is responsible for resizing capacity - of the volume, should ignore PVC updates - that change other valid resources associated - with PVC. \n This is an alpha field and - requires enabling RecoverVolumeExpansionFailure - feature." type: object capacity: additionalProperties: @@ -10742,47 +4275,23 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: capacity represents the actual - resources of the underlying volume. type: object conditions: - description: conditions is the current Condition - of persistent volume claim. If underlying - persistent volume is being resized then - the Condition will be set to 'Resizing'. items: - description: PersistentVolumeClaimCondition - contains details about state of pvc properties: lastProbeTime: - description: lastProbeTime is the time - we probed the condition. format: date-time type: string lastTransitionTime: - description: lastTransitionTime is the - time the condition transitioned from - one status to another. format: date-time type: string message: - description: message is the human-readable - message indicating details about last - transition. type: string reason: - description: reason is a unique, this - should be a short, machine understandable - string that gives the reason for condition's - last transition. If it reports "Resizing" - that means the underlying persistent - volume is being resized. type: string status: type: string type: - description: PersistentVolumeClaimConditionType - is a valid value of PersistentVolumeClaimCondition.Type type: string required: - status @@ -10793,117 +4302,37 @@ spec: - type x-kubernetes-list-type: map currentVolumeAttributesClassName: - description: currentVolumeAttributesClassName - is the current name of the VolumeAttributesClass - the PVC is using. When unset, there is no - VolumeAttributeClass applied to this PersistentVolumeClaim - This is an alpha field and requires enabling - VolumeAttributesClass feature. type: string modifyVolumeStatus: - description: ModifyVolumeStatus represents - the status object of ControllerModifyVolume - operation. When this is unset, there is - no ModifyVolume operation being attempted. - This is an alpha field and requires enabling - VolumeAttributesClass feature. properties: status: - description: 'status is the status of - the ControllerModifyVolume operation. - It can be in any of following states: - - Pending Pending indicates that the - PersistentVolumeClaim cannot be modified - due to unmet requirements, such as the - specified VolumeAttributesClass not - existing. - InProgress InProgress indicates - that the volume is being modified. - - Infeasible Infeasible indicates that - the request has been rejected as invalid - by the CSI driver. To resolve the error, - a valid VolumeAttributesClass needs - to be specified. Note: New statuses - can be added in the future. Consumers - should check for unknown statuses and - fail appropriately.' type: string targetVolumeAttributesClassName: - description: targetVolumeAttributesClassName - is the name of the VolumeAttributesClass - the PVC currently being reconciled type: string required: - status type: object phase: - description: phase represents the current - phase of PersistentVolumeClaim. type: string type: object type: object type: array volumeMounts: - description: VolumeMounts specifies the mount for the - volumes specified in `Volumes` section items: - description: VolumeMount describes a mounting of a - Volume within a container. properties: mountPath: - description: Path within the container at which - the volume should be mounted. Must not contain - ':'. type: string mountPropagation: - description: mountPropagation determines how mounts - are propagated from the host to container and - the other way around. When not set, MountPropagationNone - is used. This field is beta in 1.10. When RecursiveReadOnly - is set to IfPossible or to Enabled, MountPropagation - must be None or unspecified (which defaults - to None). type: string name: - description: This must match the Name of a Volume. type: string readOnly: - description: Mounted read-only if true, read-write - otherwise (false or unspecified). Defaults to - false. type: boolean recursiveReadOnly: - description: "RecursiveReadOnly specifies whether - read-only mounts should be handled recursively. - \n If ReadOnly is false, this field has no meaning - and must be unspecified. \n If ReadOnly is true, - and this field is set to Disabled, the mount - is not made recursively read-only. If this - field is set to IfPossible, the mount is made - recursively read-only, if it is supported by - the container runtime. If this field is set - to Enabled, the mount is made recursively read-only - if it is supported by the container runtime, - otherwise the pod will not be started and an - error will be generated to indicate the reason. - \n If this field is set to IfPossible or Enabled, - MountPropagation must be set to None (or be - unspecified, which defaults to None). \n If - this field is not specified, it is treated as - an equivalent of Disabled." type: string subPath: - description: Path within the volume from which - the container's volume should be mounted. Defaults - to "" (volume's root). type: string subPathExpr: - description: Expanded path within the volume from - which the container's volume should be mounted. - Behaves similarly to SubPath but environment - variable references $(VAR_NAME) are expanded - using the container's environment. Defaults - to "" (volume's root). SubPathExpr and SubPath - are mutually exclusive. type: string required: - mountPath @@ -10911,278 +4340,109 @@ spec: type: object type: array volumes: - description: Volumes indicates the list of volumes of - targeted application that should be mounted on the - backup/restore job. items: - description: Volume represents a named volume in a - pod that may be accessed by any container in the - pod. properties: awsElasticBlockStore: - description: 'awsElasticBlockStore represents - an AWS Disk resource that is attached to a kubelet''s - host machine and then exposed to the pod. More - info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' properties: fsType: - description: 'fsType is the filesystem type - of the volume that you want to mount. Tip: - Ensure that the filesystem type is supported - by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred - to be "ext4" if unspecified. More info: - https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem - from compromising the machine' type: string partition: - description: 'partition is the partition in - the volume that you want to mount. If omitted, - the default is to mount by volume name. - Examples: For volume /dev/sda1, you specify - the partition as "1". Similarly, the volume - partition for /dev/sda is "0" (or you can - leave the property empty).' format: int32 type: integer readOnly: - description: 'readOnly value true will force - the readOnly setting in VolumeMounts. More - info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: boolean volumeID: - description: 'volumeID is unique ID of the - persistent disk resource in AWS (Amazon - EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: string required: - volumeID type: object azureDisk: - description: azureDisk represents an Azure Data - Disk mount on the host and bind mount to the - pod. properties: cachingMode: - description: 'cachingMode is the Host Caching - mode: None, Read Only, Read Write.' type: string diskName: - description: diskName is the Name of the data - disk in the blob storage type: string diskURI: - description: diskURI is the URI of data disk - in the blob storage type: string fsType: - description: fsType is Filesystem type to - mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be - "ext4" if unspecified. type: string kind: - description: 'kind expected values are Shared: - multiple blob disks per storage account Dedicated: - single blob disk per storage account Managed: - azure managed data disk (only in managed - availability set). defaults to shared' type: string readOnly: - description: readOnly Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting - in VolumeMounts. type: boolean required: - diskName - diskURI type: object azureFile: - description: azureFile represents an Azure File - Service mount on the host and bind mount to - the pod. properties: readOnly: - description: readOnly defaults to false (read/write). - ReadOnly here will force the ReadOnly setting - in VolumeMounts. type: boolean secretName: - description: secretName is the name of secret - that contains Azure Storage Account Name - and Key type: string shareName: - description: shareName is the azure share - Name type: string required: - secretName - shareName type: object cephfs: - description: cephFS represents a Ceph FS mount - on the host that shares a pod's lifetime properties: monitors: - description: 'monitors is Required: Monitors - is a collection of Ceph monitors More info: - https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' items: type: string type: array x-kubernetes-list-type: atomic path: - description: 'path is Optional: Used as the - mounted root, rather than the full Ceph - tree, default is /' type: string readOnly: - description: 'readOnly is Optional: Defaults - to false (read/write). ReadOnly here will - force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: boolean secretFile: - description: 'secretFile is Optional: SecretFile - is the path to key ring for User, default - is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string secretRef: - description: 'secretRef is Optional: SecretRef - is reference to the authentication secret - for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' properties: name: default: "" - description: 'Name of the referent. This - field is effectively required, but due - to backwards compatibility is allowed - to be empty. Instances of this type - with an empty value here are almost - certainly wrong. TODO: Add other useful - fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is optional: User is the - rados user name, default is admin More info: - https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string required: - monitors type: object cinder: - description: 'cinder represents a cinder volume - attached and mounted on kubelets host machine. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' properties: fsType: - description: 'fsType is the filesystem type - to mount. Must be a filesystem type supported - by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred - to be "ext4" if unspecified. More info: - https://examples.k8s.io/mysql-cinder-pd/README.md' type: string readOnly: - description: 'readOnly defaults to false (read/write). - ReadOnly here will force the ReadOnly setting - in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: boolean secretRef: - description: 'secretRef is optional: points - to a secret object containing parameters - used to connect to OpenStack.' properties: name: default: "" - description: 'Name of the referent. This - field is effectively required, but due - to backwards compatibility is allowed - to be empty. Instances of this type - with an empty value here are almost - certainly wrong. TODO: Add other useful - fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic volumeID: - description: 'volumeID used to identify the - volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string required: - volumeID type: object configMap: - description: configMap represents a configMap - that should populate this volume properties: defaultMode: - description: 'defaultMode is optional: mode - bits used to set permissions on created - files by default. Must be an octal value - between 0000 and 0777 or a decimal value - between 0 and 511. YAML accepts both octal - and decimal values, JSON requires decimal - values for mode bits. Defaults to 0644. - Directories within the path are not affected - by this setting. This might be in conflict - with other options that affect the file - mode, like fsGroup, and the result can be - other mode bits set.' format: int32 type: integer items: - description: items if unspecified, each key-value - pair in the Data field of the referenced - ConfigMap will be projected into the volume - as a file whose name is the key and content - is the value. If specified, the listed keys - will be projected into the specified paths, - and unlisted keys will not be present. If - a key is specified which is not present - in the ConfigMap, the volume setup will - error unless it is marked optional. Paths - must be relative and may not contain the - '..' path or start with '..'. items: - description: Maps a string key to a path - within a volume. properties: key: - description: key is the key to project. type: string mode: - description: 'mode is Optional: mode - bits used to set permissions on this - file. Must be an octal value between - 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal - and decimal values, JSON requires - decimal values for mode bits. If not - specified, the volume defaultMode - will be used. This might be in conflict - with other options that affect the - file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer path: - description: path is the relative path - of the file to map the key to. May - not be an absolute path. May not contain - the path element '..'. May not start - with the string '..'. type: string required: - key @@ -11192,174 +4452,67 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of the referent. This field - is effectively required, but due to backwards - compatibility is allowed to be empty. Instances - of this type with an empty value here are - almost certainly wrong. TODO: Add other - useful fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional specify whether the - ConfigMap or its keys must be defined type: boolean type: object x-kubernetes-map-type: atomic csi: - description: csi (Container Storage Interface) - represents ephemeral storage that is handled - by certain external CSI drivers (Beta feature). properties: driver: - description: driver is the name of the CSI - driver that handles this volume. Consult - with your admin for the correct name as - registered in the cluster. type: string fsType: - description: fsType to mount. Ex. "ext4", - "xfs", "ntfs". If not provided, the empty - value is passed to the associated CSI driver - which will determine the default filesystem - to apply. type: string nodePublishSecretRef: - description: nodePublishSecretRef is a reference - to the secret object containing sensitive - information to pass to the CSI driver to - complete the CSI NodePublishVolume and NodeUnpublishVolume - calls. This field is optional, and may - be empty if no secret is required. If the - secret object contains more than one secret, - all secret references are passed. properties: name: default: "" - description: 'Name of the referent. This - field is effectively required, but due - to backwards compatibility is allowed - to be empty. Instances of this type - with an empty value here are almost - certainly wrong. TODO: Add other useful - fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic readOnly: - description: readOnly specifies a read-only - configuration for the volume. Defaults to - false (read/write). type: boolean volumeAttributes: additionalProperties: type: string - description: volumeAttributes stores driver-specific - properties that are passed to the CSI driver. - Consult your driver's documentation for - supported values. type: object required: - driver type: object downwardAPI: - description: downwardAPI represents downward API - about the pod that should populate this volume properties: defaultMode: - description: 'Optional: mode bits to use on - created files by default. Must be a Optional: - mode bits used to set permissions on created - files by default. Must be an octal value - between 0000 and 0777 or a decimal value - between 0 and 511. YAML accepts both octal - and decimal values, JSON requires decimal - values for mode bits. Defaults to 0644. - Directories within the path are not affected - by this setting. This might be in conflict - with other options that affect the file - mode, like fsGroup, and the result can be - other mode bits set.' format: int32 type: integer items: - description: Items is a list of downward API - volume file items: - description: DownwardAPIVolumeFile represents - information to create the file containing - the pod field properties: fieldRef: - description: 'Required: Selects a field - of the pod: only annotations, labels, - name, namespace and uid are supported.' properties: apiVersion: - description: Version of the schema - the FieldPath is written in terms - of, defaults to "v1". type: string fieldPath: - description: Path of the field to - select in the specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: mode bits used - to set permissions on this file, must - be an octal value between 0000 and - 0777 or a decimal value between 0 - and 511. YAML accepts both octal and - decimal values, JSON requires decimal - values for mode bits. If not specified, - the volume defaultMode will be used. - This might be in conflict with other - options that affect the file mode, - like fsGroup, and the result can be - other mode bits set.' format: int32 type: integer path: - description: 'Required: Path is the - relative path name of the file to - be created. Must not be absolute or - contain the ''..'' path. Must be utf-8 - encoded. The first item of the relative - path must not start with ''..''' type: string resourceFieldRef: - description: 'Selects a resource of - the container: only resources limits - and requests (limits.cpu, limits.memory, - requests.cpu and requests.memory) - are currently supported.' properties: containerName: - description: 'Container name: required - for volumes, optional for env - vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output - format of the exposed resources, - defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource - to select' type: string required: - resource @@ -11372,220 +4525,50 @@ spec: x-kubernetes-list-type: atomic type: object emptyDir: - description: 'emptyDir represents a temporary - directory that shares a pod''s lifetime. More - info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' properties: medium: - description: 'medium represents what type - of storage medium should back this directory. - The default is "" which means to use the - node''s default medium. Must be an empty - string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: anyOf: - type: integer - type: string - description: 'sizeLimit is the total amount - of local storage required for this EmptyDir - volume. The size limit is also applicable - for memory medium. The maximum usage on - memory medium EmptyDir would be the minimum - value between the SizeLimit specified here - and the sum of memory limits of all containers - in a pod. The default is nil which means - that the limit is undefined. More info: - https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object ephemeral: - description: "ephemeral represents a volume that - is handled by a cluster storage driver. The - volume's lifecycle is tied to the pod that defines - it - it will be created before the pod starts, - and deleted when the pod is removed. \n Use - this if: a) the volume is only needed while - the pod runs, b) features of normal volumes - like restoring from snapshot or capacity tracking - are needed, c) the storage driver is specified - through a storage class, and d) the storage - driver supports dynamic volume provisioning - through a PersistentVolumeClaim (see EphemeralVolumeSource - for more information on the connection between - this volume type and PersistentVolumeClaim). - \n Use PersistentVolumeClaim or one of the vendor-specific - APIs for volumes that persist for longer than - the lifecycle of an individual pod. \n Use CSI - for light-weight local ephemeral volumes if - the CSI driver is meant to be used that way - - see the documentation of the driver for more - information. \n A pod can use both types of - ephemeral volumes and persistent volumes at - the same time." properties: volumeClaimTemplate: - description: "Will be used to create a stand-alone - PVC to provision the volume. The pod in - which this EphemeralVolumeSource is embedded - will be the owner of the PVC, i.e. the PVC - will be deleted together with the pod. The - name of the PVC will be `-` where `` is the name - from the `PodSpec.Volumes` array entry. - Pod validation will reject the pod if the - concatenated name is not valid for a PVC - (for example, too long). \n An existing - PVC with that name that is not owned by - the pod will *not* be used for the pod to - avoid using an unrelated volume by mistake. - Starting the pod is then blocked until the - unrelated PVC is removed. If such a pre-created - PVC is meant to be used by the pod, the - PVC has to updated with an owner reference - to the pod once the pod exists. Normally - this should not be necessary, but it may - be useful when manually reconstructing a - broken cluster. \n This field is read-only - and no changes will be made by Kubernetes - to the PVC after it has been created. \n - Required, must not be nil." properties: metadata: - description: May contain labels and annotations - that will be copied into the PVC when - creating it. No other fields are allowed - and will be rejected during validation. properties: annotations: additionalProperties: type: string - description: 'Annotations is an unstructured - key value map stored with a resource - that may be set by external tools - to store and retrieve arbitrary - metadata. They are not queryable - and should be preserved when modifying - objects. More info: http://kubernetes.io/docs/user-guide/annotations' type: object generateName: - description: "GenerateName is an optional - prefix, used by the server, to generate - a unique name ONLY IF the Name field - has not been provided. If this field - is used, the name returned to the - client will be different than the - name passed. This value will also - be combined with a unique suffix. - The provided value has the same - validation rules as the Name field, - and may be truncated by the length - of the suffix required to make the - value unique on the server. \n If - this field is specified and the - generated name exists, the server - will NOT return a 409 - instead, - it will either return 201 Created - or 500 with Reason ServerTimeout - indicating a unique name could not - be found in the time allotted, and - the client should retry (optionally - after the time indicated in the - Retry-After header). \n Applied - only if Name is not specified. More - info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" type: string labels: additionalProperties: type: string - description: 'Map of string keys and - values that can be used to organize - and categorize (scope and select) - objects. May match selectors of - replication controllers and services. - More info: http://kubernetes.io/docs/user-guide/labels' type: object name: - description: 'Name must be unique - within a namespace. Is required - when creating resources, although - some resources may allow a client - to request the generation of an - appropriate name automatically. - Name is primarily intended for creation - idempotence and configuration definition. - Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' type: string namespace: - description: "Namespace defines the - space within each name must be unique. - An empty namespace is equivalent - to the \"default\" namespace, but - \"default\" is the canonical representation. - Not all objects are required to - be scoped to a namespace - the value - of this field for those objects - will be empty. \n Must be a DNS_LABEL. - Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" type: string ownerReferences: - description: List of objects depended - by this object. If ALL objects in - the list have been deleted, this - object will be garbage collected. - If this object is managed by a controller, - then an entry in this list will - point to this controller, with the - controller field set to true. There - cannot be more than one managing - controller. items: - description: OwnerReference contains - enough information to let you - identify an owning object. An - owning object must be in the same - namespace as the dependent, or - be cluster-scoped, so there is - no namespace field. properties: apiVersion: - description: API version of - the referent. type: string blockOwnerDeletion: - description: If true, AND if - the owner has the "foregroundDeletion" - finalizer, then the owner - cannot be deleted from the - key-value store until this - reference is removed. See - https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion - for how the garbage collector - interacts with this field - and enforces the foreground - deletion. Defaults to false. - To set this field, a user - needs "delete" permission - of the owner, otherwise 422 - (Unprocessable Entity) will - be returned. type: boolean controller: - description: If true, this reference - points to the managing controller. type: boolean kind: - description: 'Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: - description: 'UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -11597,56 +4580,19 @@ spec: type: array type: object spec: - description: The specification for the - PersistentVolumeClaim. The entire content - is copied unchanged into the PVC that - gets created from this template. The - same fields as in a PersistentVolumeClaim - are also valid here. properties: accessModes: - description: 'accessModes contains - the desired access modes the volume - should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array x-kubernetes-list-type: atomic dataSource: - description: 'dataSource field can - be used to specify either: * An - existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an external - controller can support the specified - data source, it will create a new - volume based on the contents of - the specified data source. When - the AnyVolumeDataSource feature - gate is enabled, dataSource contents - will be copied to dataSourceRef, - and dataSourceRef contents will - be copied to dataSource when dataSourceRef.namespace - is not specified. If the namespace - is specified, then dataSourceRef - will not be copied to dataSource.' properties: apiGroup: - description: APIGroup is the group - for the resource being referenced. - If APIGroup is not specified, - the specified Kind must be in - the core API group. For any - other third-party types, APIGroup - is required. type: string kind: - description: Kind is the type - of resource being referenced type: string name: - description: Name is the name - of resource being referenced type: string required: - kind @@ -11654,93 +4600,20 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef specifies - the object from which to populate - the volume with data, if a non-empty - volume is desired. This may be any - object from a non-empty API group - (non core object) or a PersistentVolumeClaim - object. When this field is specified, - volume binding will only succeed - if the type of the specified object - matches some installed volume populator - or dynamic provisioner. This field - will replace the functionality of - the dataSource field and as such - if both fields are non-empty, they - must have the same value. For backwards - compatibility, when namespace isn''t - specified in dataSourceRef, both - fields (dataSource and dataSourceRef) - will be set to the same value automatically - if one of them is empty and the - other is non-empty. When namespace - is specified in dataSourceRef, dataSource - isn''t set to the same value and - must be empty. There are three important - differences between dataSource and - dataSourceRef: * While dataSource - only allows two specific types of - objects, dataSourceRef allows any - non-core object, as well as PersistentVolumeClaim - objects. * While dataSource ignores - disallowed values (dropping them), - dataSourceRef preserves all values, - and generates an error if a disallowed - value is specified. * While dataSource - only allows local objects, dataSourceRef - allows objects in any namespaces. - (Beta) Using this field requires - the AnyVolumeDataSource feature - gate to be enabled. (Alpha) Using - the namespace field of dataSourceRef - requires the CrossNamespaceVolumeDataSource - feature gate to be enabled.' properties: apiGroup: - description: APIGroup is the group - for the resource being referenced. - If APIGroup is not specified, - the specified Kind must be in - the core API group. For any - other third-party types, APIGroup - is required. type: string kind: - description: Kind is the type - of resource being referenced type: string name: - description: Name is the name - of resource being referenced type: string namespace: - description: Namespace is the - namespace of resource being - referenced Note that when a - namespace is specified, a gateway.networking.k8s.io/ReferenceGrant - object is required in the referent - namespace to allow that namespace's - owner to accept the reference. - See the ReferenceGrant documentation - for details. (Alpha) This field - requires the CrossNamespaceVolumeDataSource - feature gate to be enabled. type: string required: - kind - name type: object resources: - description: 'resources represents - the minimum resources the volume - should have. If RecoverVolumeExpansionFailure - feature is enabled users are allowed - to specify resource requirements - that are lower than previous value - but must still be higher than capacity - recorded in the status field of - the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: @@ -11749,10 +4622,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes - the maximum amount of compute - resources allowed. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -11761,56 +4630,18 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes - the minimum amount of compute - resources required. If Requests - is omitted for a container, - it defaults to Limits if that - is explicitly specified, otherwise - to an implementation-defined - value. Requests cannot exceed - Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: - description: selector is a label query - over volumes to consider for binding. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, a key, - and an operator that relates - the key and values. properties: key: - description: key is the - label key that the selector - applies to. type: string operator: - description: operator represents - a key's relationship to - a set of values. Valid - operators are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values is an - array of string values. - If the operator is In - or NotIn, the values array - must be non-empty. If - the operator is Exists - or DoesNotExist, the values - array must be empty. This - array is replaced during - a strategic merge patch. items: type: string type: array @@ -11824,61 +4655,16 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a - map of {key,value} pairs. A - single {key,value} in the matchLabels - map is equivalent to an element - of matchExpressions, whose key - field is "key", the operator - is "In", and the values array - contains only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName is - the name of the StorageClass required - by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeAttributesClassName: - description: 'volumeAttributesClassName - may be used to set the VolumeAttributesClass - used by this claim. If specified, - the CSI driver will create or update - the volume with the attributes defined - in the corresponding VolumeAttributesClass. - This has a different purpose than - storageClassName, it can be changed - after the claim is created. An empty - string value means that no VolumeAttributesClass - will be applied to the claim but - it''s not allowed to reset this - field to empty string once it is - set. If unspecified and the PersistentVolumeClaim - is unbound, the default VolumeAttributesClass - will be set by the persistentvolume - controller if it exists. If the - resource referred to by volumeAttributesClass - does not exist, this PersistentVolumeClaim - will be set to a Pending state, - as reflected by the modifyVolumeStatus - field, until such as a resource - exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires - the VolumeAttributesClass feature - gate to be enabled.' type: string volumeMode: - description: volumeMode defines what - type of volume is required by the - claim. Value of Filesystem is implied - when not included in claim spec. type: string volumeName: - description: volumeName is the binding - reference to the PersistentVolume - backing this claim. type: string type: object required: @@ -11886,94 +4672,41 @@ spec: type: object type: object fc: - description: fc represents a Fibre Channel resource - that is attached to a kubelet's host machine - and then exposed to the pod. properties: fsType: - description: 'fsType is the filesystem type - to mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be - "ext4" if unspecified. TODO: how do we prevent - errors in the filesystem from compromising - the machine' type: string lun: - description: 'lun is Optional: FC target lun - number' format: int32 type: integer readOnly: - description: 'readOnly is Optional: Defaults - to false (read/write). ReadOnly here will - force the ReadOnly setting in VolumeMounts.' type: boolean targetWWNs: - description: 'targetWWNs is Optional: FC target - worldwide names (WWNs)' items: type: string type: array x-kubernetes-list-type: atomic wwids: - description: 'wwids Optional: FC volume world - wide identifiers (wwids) Either wwids or - combination of targetWWNs and lun must be - set, but not both simultaneously.' items: type: string type: array x-kubernetes-list-type: atomic type: object flexVolume: - description: flexVolume represents a generic volume - resource that is provisioned/attached using - an exec based plugin. properties: driver: - description: driver is the name of the driver - to use for this volume. type: string fsType: - description: fsType is the filesystem type - to mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". The default filesystem depends - on FlexVolume script. type: string options: additionalProperties: type: string - description: 'options is Optional: this field - holds extra command options if any.' type: object readOnly: - description: 'readOnly is Optional: defaults - to false (read/write). ReadOnly here will - force the ReadOnly setting in VolumeMounts.' type: boolean secretRef: - description: 'secretRef is Optional: secretRef - is reference to the secret object containing - sensitive information to pass to the plugin - scripts. This may be empty if no secret - object is specified. If the secret object - contains more than one secret, all secrets - are passed to the plugin scripts.' properties: name: default: "" - description: 'Name of the referent. This - field is effectively required, but due - to backwards compatibility is allowed - to be empty. Instances of this type - with an empty value here are almost - certainly wrong. TODO: Add other useful - fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic @@ -11981,192 +4714,79 @@ spec: - driver type: object flocker: - description: flocker represents a Flocker volume - attached to a kubelet's host machine. This depends - on the Flocker control service being running properties: datasetName: - description: datasetName is Name of the dataset - stored as metadata -> name on the dataset - for Flocker should be considered as deprecated type: string datasetUUID: - description: datasetUUID is the UUID of the - dataset. This is unique identifier of a - Flocker dataset type: string type: object gcePersistentDisk: - description: 'gcePersistentDisk represents a GCE - Disk resource that is attached to a kubelet''s - host machine and then exposed to the pod. More - info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' properties: fsType: - description: 'fsType is filesystem type of - the volume that you want to mount. Tip: - Ensure that the filesystem type is supported - by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred - to be "ext4" if unspecified. More info: - https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem - from compromising the machine' type: string partition: - description: 'partition is the partition in - the volume that you want to mount. If omitted, - the default is to mount by volume name. - Examples: For volume /dev/sda1, you specify - the partition as "1". Similarly, the volume - partition for /dev/sda is "0" (or you can - leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' format: int32 type: integer pdName: - description: 'pdName is unique name of the - PD resource in GCE. Used to identify the - disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: string readOnly: - description: 'readOnly here will force the - ReadOnly setting in VolumeMounts. Defaults - to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: boolean required: - pdName type: object glusterfs: - description: 'glusterfs represents a Glusterfs - mount on the host that shares a pod''s lifetime. - More info: https://examples.k8s.io/volumes/glusterfs/README.md' properties: endpoints: - description: 'endpoints is the endpoint name - that details Glusterfs topology. More info: - https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string path: - description: 'path is the Glusterfs volume - path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string readOnly: - description: 'readOnly here will force the - Glusterfs volume to be mounted with read-only - permissions. Defaults to false. More info: - https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: boolean required: - endpoints - path type: object hostPath: - description: 'hostPath represents a pre-existing - file or directory on the host machine that is - directly exposed to the container. This is generally - used for system agents or other privileged things - that are allowed to see the host machine. Most - containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict who can - use host directory mounts and who can/can not - mount host directories as read/write.' properties: path: - description: 'path of the directory on the - host. If the path is a symlink, it will - follow the link to the real path. More info: - https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string type: - description: 'type for HostPath Volume Defaults - to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string required: - path type: object iscsi: - description: 'iscsi represents an ISCSI Disk resource - that is attached to a kubelet''s host machine - and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' properties: chapAuthDiscovery: - description: chapAuthDiscovery defines whether - support iSCSI Discovery CHAP authentication type: boolean chapAuthSession: - description: chapAuthSession defines whether - support iSCSI Session CHAP authentication type: boolean fsType: - description: 'fsType is the filesystem type - of the volume that you want to mount. Tip: - Ensure that the filesystem type is supported - by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred - to be "ext4" if unspecified. More info: - https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem - from compromising the machine' type: string initiatorName: - description: initiatorName is the custom iSCSI - Initiator Name. If initiatorName is specified - with iscsiInterface simultaneously, new - iSCSI interface : will be created for the connection. type: string iqn: - description: iqn is the target iSCSI Qualified - Name. type: string iscsiInterface: - description: iscsiInterface is the interface - Name that uses an iSCSI transport. Defaults - to 'default' (tcp). type: string lun: - description: lun represents iSCSI Target Lun - number. format: int32 type: integer portals: - description: portals is the iSCSI Target Portal - List. The portal is either an IP or ip_addr:port - if the port is other than default (typically - TCP ports 860 and 3260). items: type: string type: array x-kubernetes-list-type: atomic readOnly: - description: readOnly here will force the - ReadOnly setting in VolumeMounts. Defaults - to false. type: boolean secretRef: - description: secretRef is the CHAP Secret - for iSCSI target and initiator authentication properties: name: default: "" - description: 'Name of the referent. This - field is effectively required, but due - to backwards compatibility is allowed - to be empty. Instances of this type - with an empty value here are almost - certainly wrong. TODO: Add other useful - fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic targetPortal: - description: targetPortal is iSCSI Target - Portal. The Portal is either an IP or ip_addr:port - if the port is other than default (typically - TCP ports 860 and 3260). type: string required: - iqn @@ -12174,182 +4794,68 @@ spec: - targetPortal type: object name: - description: 'name of the volume. Must be a DNS_LABEL - and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string nfs: - description: 'nfs represents an NFS mount on the - host that shares a pod''s lifetime More info: - https://kubernetes.io/docs/concepts/storage/volumes#nfs' properties: path: - description: 'path that is exported by the - NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string readOnly: - description: 'readOnly here will force the - NFS export to be mounted with read-only - permissions. Defaults to false. More info: - https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: boolean server: - description: 'server is the hostname or IP - address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string required: - path - server type: object persistentVolumeClaim: - description: 'persistentVolumeClaimVolumeSource - represents a reference to a PersistentVolumeClaim - in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: claimName: - description: 'claimName is the name of a PersistentVolumeClaim - in the same namespace as the pod using this - volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' type: string readOnly: - description: readOnly Will force the ReadOnly - setting in VolumeMounts. Default false. type: boolean required: - claimName type: object photonPersistentDisk: - description: photonPersistentDisk represents a - PhotonController persistent disk attached and - mounted on kubelets host machine properties: fsType: - description: fsType is the filesystem type - to mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be - "ext4" if unspecified. type: string pdID: - description: pdID is the ID that identifies - Photon Controller persistent disk type: string required: - pdID type: object portworxVolume: - description: portworxVolume represents a portworx - volume attached and mounted on kubelets host - machine properties: fsType: - description: fSType represents the filesystem - type to mount Must be a filesystem type - supported by the host operating system. - Ex. "ext4", "xfs". Implicitly inferred to - be "ext4" if unspecified. type: string readOnly: - description: readOnly defaults to false (read/write). - ReadOnly here will force the ReadOnly setting - in VolumeMounts. type: boolean volumeID: - description: volumeID uniquely identifies - a Portworx volume type: string required: - volumeID type: object projected: - description: projected items for all in one resources - secrets, configmaps, and downward API properties: defaultMode: - description: defaultMode are the mode bits - used to set permissions on created files - by default. Must be an octal value between - 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal - values, JSON requires decimal values for - mode bits. Directories within the path are - not affected by this setting. This might - be in conflict with other options that affect - the file mode, like fsGroup, and the result - can be other mode bits set. format: int32 type: integer sources: - description: sources is the list of volume - projections items: - description: Projection that may be projected - along with other supported volume types properties: clusterTrustBundle: - description: "ClusterTrustBundle allows - a pod to access the `.spec.trustBundle` - field of ClusterTrustBundle objects - in an auto-updating file. \n Alpha, - gated by the ClusterTrustBundleProjection - feature gate. \n ClusterTrustBundle - objects can either be selected by - name, or by the combination of signer - name and a label selector. \n Kubelet - performs aggressive normalization - of the PEM contents written into the - pod filesystem. Esoteric PEM features - such as inter-block comments and block - headers are stripped. Certificates - are deduplicated. The ordering of - certificates within the file is arbitrary, - and Kubelet may change the order over - time." properties: labelSelector: - description: Select all ClusterTrustBundles - that match this label selector. Only - has effect if signerName is set. Mutually-exclusive - with name. If unset, interpreted - as "match nothing". If set but - empty, interpreted as "match everything". properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, a - key, and an operator that - relates the key and values. properties: key: - description: key is the - label key that the selector - applies to. type: string operator: - description: operator - represents a key's relationship - to a set of values. - Valid operators are - In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is - an array of string values. - If the operator is In - or NotIn, the values - array must be non-empty. - If the operator is Exists - or DoesNotExist, the - values array must be - empty. This array is - replaced during a strategic - merge patch. items: type: string type: array @@ -12363,103 +4869,31 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in the - matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic name: - description: Select a single ClusterTrustBundle - by object name. Mutually-exclusive - with signerName and labelSelector. type: string optional: - description: If true, don't block - pod startup if the referenced - ClusterTrustBundle(s) aren't available. If - using name, then the named ClusterTrustBundle - is allowed not to exist. If using - signerName, then the combination - of signerName and labelSelector - is allowed to match zero ClusterTrustBundles. type: boolean path: - description: Relative path from - the volume root to write the bundle. type: string signerName: - description: Select all ClusterTrustBundles - that match this signer name. Mutually-exclusive - with name. The contents of all - selected ClusterTrustBundles will - be unified and deduplicated. type: string required: - path type: object configMap: - description: configMap information about - the configMap data to project properties: items: - description: items if unspecified, - each key-value pair in the Data - field of the referenced ConfigMap - will be projected into the volume - as a file whose name is the key - and content is the value. If specified, - the listed keys will be projected - into the specified paths, and - unlisted keys will not be present. - If a key is specified which is - not present in the ConfigMap, - the volume setup will error unless - it is marked optional. Paths must - be relative and may not contain - the '..' path or start with '..'. items: - description: Maps a string key - to a path within a volume. properties: key: - description: key is the key - to project. type: string mode: - description: 'mode is Optional: - mode bits used to set permissions - on this file. Must be an - octal value between 0000 - and 0777 or a decimal value - between 0 and 511. YAML - accepts both octal and decimal - values, JSON requires decimal - values for mode bits. If - not specified, the volume - defaultMode will be used. - This might be in conflict - with other options that - affect the file mode, like - fsGroup, and the result - can be other mode bits set.' format: int32 type: integer path: - description: path is the relative - path of the file to map - the key to. May not be an - absolute path. May not contain - the path element '..'. May - not start with the string - '..'. type: string required: - key @@ -12469,116 +4903,42 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional specify whether - the ConfigMap or its keys must - be defined type: boolean type: object x-kubernetes-map-type: atomic downwardAPI: - description: downwardAPI information - about the downwardAPI data to project properties: items: - description: Items is a list of - DownwardAPIVolume file items: - description: DownwardAPIVolumeFile - represents information to create - the file containing the pod - field properties: fieldRef: - description: 'Required: Selects - a field of the pod: only - annotations, labels, name, - namespace and uid are supported.' properties: apiVersion: - description: Version of - the schema the FieldPath - is written in terms - of, defaults to "v1". type: string fieldPath: - description: Path of the - field to select in the - specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: mode - bits used to set permissions - on this file, must be an - octal value between 0000 - and 0777 or a decimal value - between 0 and 511. YAML - accepts both octal and decimal - values, JSON requires decimal - values for mode bits. If - not specified, the volume - defaultMode will be used. - This might be in conflict - with other options that - affect the file mode, like - fsGroup, and the result - can be other mode bits set.' format: int32 type: integer path: - description: 'Required: Path - is the relative path name - of the file to be created. - Must not be absolute or - contain the ''..'' path. - Must be utf-8 encoded. The - first item of the relative - path must not start with - ''..''' type: string resourceFieldRef: - description: 'Selects a resource - of the container: only resources - limits and requests (limits.cpu, - limits.memory, requests.cpu - and requests.memory) are - currently supported.' properties: containerName: - description: 'Container - name: required for volumes, - optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies - the output format of - the exposed resources, - defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: - resource to select' type: string required: - resource @@ -12591,60 +4951,16 @@ spec: x-kubernetes-list-type: atomic type: object secret: - description: secret information about - the secret data to project properties: items: - description: items if unspecified, - each key-value pair in the Data - field of the referenced Secret - will be projected into the volume - as a file whose name is the key - and content is the value. If specified, - the listed keys will be projected - into the specified paths, and - unlisted keys will not be present. - If a key is specified which is - not present in the Secret, the - volume setup will error unless - it is marked optional. Paths must - be relative and may not contain - the '..' path or start with '..'. items: - description: Maps a string key - to a path within a volume. properties: key: - description: key is the key - to project. type: string mode: - description: 'mode is Optional: - mode bits used to set permissions - on this file. Must be an - octal value between 0000 - and 0777 or a decimal value - between 0 and 511. YAML - accepts both octal and decimal - values, JSON requires decimal - values for mode bits. If - not specified, the volume - defaultMode will be used. - This might be in conflict - with other options that - affect the file mode, like - fsGroup, and the result - can be other mode bits set.' format: int32 type: integer path: - description: path is the relative - path of the file to map - the key to. May not be an - absolute path. May not contain - the path element '..'. May - not start with the string - '..'. type: string required: - key @@ -12654,61 +4970,19 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. - apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional field specify - whether the Secret or its key - must be defined type: boolean type: object x-kubernetes-map-type: atomic serviceAccountToken: - description: serviceAccountToken is - information about the serviceAccountToken - data to project properties: audience: - description: audience is the intended - audience of the token. A recipient - of a token must identify itself - with an identifier specified in - the audience of the token, and - otherwise should reject the token. - The audience defaults to the identifier - of the apiserver. type: string expirationSeconds: - description: expirationSeconds is - the requested duration of validity - of the service account token. - As the token approaches expiration, - the kubelet volume plugin will - proactively rotate the service - account token. The kubelet will - start trying to rotate the token - if the token is older than 80 - percent of its time to live or - if the token is older than 24 - hours.Defaults to 1 hour and must - be at least 10 minutes. format: int64 type: integer path: - description: path is the path relative - to the mount point of the file - to project the token into. type: string required: - path @@ -12718,179 +4992,79 @@ spec: x-kubernetes-list-type: atomic type: object quobyte: - description: quobyte represents a Quobyte mount - on the host that shares a pod's lifetime properties: group: - description: group to map volume access to - Default is no group type: string readOnly: - description: readOnly here will force the - Quobyte volume to be mounted with read-only - permissions. Defaults to false. type: boolean registry: - description: registry represents a single - or multiple Quobyte Registry services specified - as a string as host:port pair (multiple - entries are separated with commas) which - acts as the central registry for volumes type: string tenant: - description: tenant owning the given Quobyte - volume in the Backend Used with dynamically - provisioned Quobyte volumes, value is set - by the plugin type: string user: - description: user to map volume access to - Defaults to serivceaccount user type: string volume: - description: volume is a string that references - an already created Quobyte volume by name. type: string required: - registry - volume type: object rbd: - description: 'rbd represents a Rados Block Device - mount on the host that shares a pod''s lifetime. - More info: https://examples.k8s.io/volumes/rbd/README.md' properties: fsType: - description: 'fsType is the filesystem type - of the volume that you want to mount. Tip: - Ensure that the filesystem type is supported - by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred - to be "ext4" if unspecified. More info: - https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem - from compromising the machine' type: string image: - description: 'image is the rados image name. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string keyring: - description: 'keyring is the path to key ring - for RBDUser. Default is /etc/ceph/keyring. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string monitors: - description: 'monitors is a collection of - Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' items: type: string type: array x-kubernetes-list-type: atomic pool: - description: 'pool is the rados pool name. - Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string readOnly: - description: 'readOnly here will force the - ReadOnly setting in VolumeMounts. Defaults - to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: boolean secretRef: - description: 'secretRef is name of the authentication - secret for RBDUser. If provided overrides - keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' properties: name: default: "" - description: 'Name of the referent. This - field is effectively required, but due - to backwards compatibility is allowed - to be empty. Instances of this type - with an empty value here are almost - certainly wrong. TODO: Add other useful - fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is the rados user name. - Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string required: - image - monitors type: object scaleIO: - description: scaleIO represents a ScaleIO persistent - volume attached and mounted on Kubernetes nodes. properties: fsType: - description: fsType is the filesystem type - to mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Default is "xfs". type: string gateway: - description: gateway is the host address of - the ScaleIO API Gateway. type: string protectionDomain: - description: protectionDomain is the name - of the ScaleIO Protection Domain for the - configured storage. type: string readOnly: - description: readOnly Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting - in VolumeMounts. type: boolean secretRef: - description: secretRef references to the secret - for ScaleIO user and other sensitive information. - If this is not provided, Login operation - will fail. properties: name: default: "" - description: 'Name of the referent. This - field is effectively required, but due - to backwards compatibility is allowed - to be empty. Instances of this type - with an empty value here are almost - certainly wrong. TODO: Add other useful - fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic sslEnabled: - description: sslEnabled Flag enable/disable - SSL communication with Gateway, default - false type: boolean storageMode: - description: storageMode indicates whether - the storage for a volume should be ThickProvisioned - or ThinProvisioned. Default is ThinProvisioned. type: string storagePool: - description: storagePool is the ScaleIO Storage - Pool associated with the protection domain. type: string system: - description: system is the name of the storage - system as configured in ScaleIO. type: string volumeName: - description: volumeName is the name of a volume - already created in the ScaleIO system that - is associated with this volume source. type: string required: - gateway @@ -12898,65 +5072,19 @@ spec: - system type: object secret: - description: 'secret represents a secret that - should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' properties: defaultMode: - description: 'defaultMode is Optional: mode - bits used to set permissions on created - files by default. Must be an octal value - between 0000 and 0777 or a decimal value - between 0 and 511. YAML accepts both octal - and decimal values, JSON requires decimal - values for mode bits. Defaults to 0644. - Directories within the path are not affected - by this setting. This might be in conflict - with other options that affect the file - mode, like fsGroup, and the result can be - other mode bits set.' format: int32 type: integer items: - description: items If unspecified, each key-value - pair in the Data field of the referenced - Secret will be projected into the volume - as a file whose name is the key and content - is the value. If specified, the listed keys - will be projected into the specified paths, - and unlisted keys will not be present. If - a key is specified which is not present - in the Secret, the volume setup will error - unless it is marked optional. Paths must - be relative and may not contain the '..' - path or start with '..'. items: - description: Maps a string key to a path - within a volume. properties: key: - description: key is the key to project. type: string mode: - description: 'mode is Optional: mode - bits used to set permissions on this - file. Must be an octal value between - 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal - and decimal values, JSON requires - decimal values for mode bits. If not - specified, the volume defaultMode - will be used. This might be in conflict - with other options that affect the - file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer path: - description: path is the relative path - of the file to map the key to. May - not be an absolute path. May not contain - the path element '..'. May not start - with the string '..'. type: string required: - key @@ -12965,93 +5093,37 @@ spec: type: array x-kubernetes-list-type: atomic optional: - description: optional field specify whether - the Secret or its keys must be defined type: boolean secretName: - description: 'secretName is the name of the - secret in the pod''s namespace to use. More - info: https://kubernetes.io/docs/concepts/storage/volumes#secret' type: string type: object storageos: - description: storageOS represents a StorageOS - volume attached and mounted on Kubernetes nodes. properties: fsType: - description: fsType is the filesystem type - to mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be - "ext4" if unspecified. type: string readOnly: - description: readOnly defaults to false (read/write). - ReadOnly here will force the ReadOnly setting - in VolumeMounts. type: boolean secretRef: - description: secretRef specifies the secret - to use for obtaining the StorageOS API credentials. If - not specified, default values will be attempted. properties: name: default: "" - description: 'Name of the referent. This - field is effectively required, but due - to backwards compatibility is allowed - to be empty. Instances of this type - with an empty value here are almost - certainly wrong. TODO: Add other useful - fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic volumeName: - description: volumeName is the human-readable - name of the StorageOS volume. Volume names - are only unique within a namespace. type: string volumeNamespace: - description: volumeNamespace specifies the - scope of the volume within StorageOS. If - no namespace is specified then the Pod's - namespace will be used. This allows the - Kubernetes name scoping to be mirrored within - StorageOS for tighter integration. Set VolumeName - to any name to override the default behaviour. - Set to "default" if you are not using namespaces - within StorageOS. Namespaces that do not - pre-exist within StorageOS will be created. type: string type: object vsphereVolume: - description: vsphereVolume represents a vSphere - volume attached and mounted on kubelets host - machine properties: fsType: - description: fsType is filesystem type to - mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be - "ext4" if unspecified. type: string storagePolicyID: - description: storagePolicyID is the storage - Policy Based Management (SPBM) profile ID - associated with the StoragePolicyName. type: string storagePolicyName: - description: storagePolicyName is the storage - Policy Based Management (SPBM) profile name. type: string volumePath: - description: volumePath is the path that identifies - vSphere volume vmdk type: string required: - volumePath @@ -13062,127 +5134,61 @@ spec: type: array type: object variables: - description: Variables specifies a list of variables and - their sources that will be used to resolve the task. items: - description: EnvVar represents an environment variable - present in a Container. properties: name: - description: Name of the environment variable. Must - be a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) are - expanded using the previously defined environment - variables in the container and any service environment - variables. If a variable cannot be resolved, the - reference in the input string will be unchanged. - Double $$ are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" - will produce the string literal "$(VAR_NAME)". Escaped - references will never be expanded, regardless of - whether the variable exists or not. Defaults to - "".' type: string valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. properties: configMapKeyRef: - description: Selects a key of a ConfigMap. properties: key: - description: The key to select. type: string name: default: "" - description: 'Name of the referent. This field - is effectively required, but due to backwards - compatibility is allowed to be empty. Instances - of this type with an empty value here are - almost certainly wrong. TODO: Add other - useful fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the ConfigMap - or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of the pod: supports - metadata.name, metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs.' properties: apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". type: string fieldPath: - description: Path of the field to select in - the specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' properties: containerName: - description: 'Container name: required for - volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output format of - the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to select' type: string required: - resource type: object x-kubernetes-map-type: atomic secretKeyRef: - description: Selects a key of a secret in the - pod's namespace properties: key: - description: The key of the secret to select - from. Must be a valid secret key. type: string name: default: "" - description: 'Name of the referent. This field - is effectively required, but due to backwards - compatibility is allowed to be empty. Instances - of this type with an empty value here are - almost certainly wrong. TODO: Add other - useful fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the Secret or - its key must be defined type: boolean required: - key @@ -13197,260 +5203,125 @@ spec: type: array type: object dataSource: - description: DataSource specifies the information about the data that - will be restored properties: components: - description: Components specifies the components that will be - restored. If you keep this field empty, then all the components - that were backed up in the desired Snapshot will be restored. items: type: string type: array encryptionSecret: - description: EncryptionSecret refers to the Secret containing - the encryption key which will be used to encode/decode the backed - up data. You can refer to a Secret of a different namespace. - If you don't provide the namespace field, KubeStash will look - for the Secret in the same namespace as the RestoreSession. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string required: - name type: object namespace: - description: Namespace specifies the namespace of the DataSource - (i.e. Repository, Snapshot). type: string pitr: - description: PITR stands for Point-In-Time Recovery. You can provide - a target time instead of specifying a particular Snapshot. KubeStash - will automatically find the latest Snapshot that satisfies the - targeted time and restore it. properties: exclusive: - description: Exclusive specifies whether to exclude the Snapshot - that falls in the exact time specified in the `targetTime` - field. By default, KubeStash will select the Snapshot that - fall in the exact time. type: boolean targetTime: - description: TargetTime specifies the desired date and time - at which you want to roll back your application data format: date-time type: string type: object repository: - description: Repository points to the Repository name from which - the data will be restored type: string snapshot: - description: Snapshot specifies the Snapshot name that will be - restored. If you want to use Point-In-Time recovery option, - don't specify this field. Specify `pitr` field instead. type: string type: object hooks: - description: Hooks specifies the restore hooks that should be executed - before and/or after the restore. properties: postRestore: - description: PostRestore specifies a list of hooks that will be - executed after restore items: - description: HookInfo specifies the information about the backup/restore - hooks properties: executionPolicy: default: Always - description: 'ExecutionPolicy specifies when to execute - the hook. Valid values are: - "Always": KubeStash will - execute this hook no matter the backup/restore failed. - This is the default execution policy. - "OnSuccess": KubeStash - will execute this hook only if the backup/restore has - succeeded. - "OnFailure": KubeStash will execute this - hook only if the backup/restore has failed.' enum: - Always - OnSuccess - OnFailure type: string hookTemplate: - description: HookTemplate points to a HookTemplate CR that - will be used to execute the hook. You can refer to a HookTemplate - from other namespaces as long as your current namespace - is allowed by the `usagePolicy` in the respective HookTemplate. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string required: - name type: object maxRetry: - description: MaxRetry specifies how many times KubeStash - should retry the hook execution in case of failure. The - default value of this field is 0 which means no retry. format: int32 minimum: 0 type: integer name: - description: Name specifies a name for the hook type: string params: - description: Params specifies parameters for the hook. You - must provide the parameter in the HookTemplates desired - structure. type: object x-kubernetes-preserve-unknown-fields: true runtimeSettings: - description: RuntimeSettings specifies runtime configurations - for the hook executor Job. Use this field only for `Function` - type hook executor. properties: container: properties: env: - description: List of environment variables to set - in the container. Cannot be updated. items: - description: EnvVar represents an environment - variable present in a Container. properties: name: - description: Name of the environment variable. - Must be a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) - are expanded using the previously defined - environment variables in the container and - any service environment variables. If a - variable cannot be resolved, the reference - in the input string will be unchanged. Double - $$ are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal - "$(VAR_NAME)". Escaped references will never - be expanded, regardless of whether the variable - exists or not. Defaults to "".' type: string valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. properties: configMapKeyRef: - description: Selects a key of a ConfigMap. properties: key: - description: The key to select. type: string name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the ConfigMap - or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of the pod: - supports metadata.name, metadata.namespace, - `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, status.podIPs.' properties: apiVersion: - description: Version of the schema - the FieldPath is written in terms - of, defaults to "v1". type: string fieldPath: - description: Path of the field to - select in the specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource of the - container: only resources limits and - requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' properties: containerName: - description: 'Container name: required - for volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output - format of the exposed resources, - defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to - select' type: string required: - resource type: object x-kubernetes-map-type: atomic secretKeyRef: - description: Selects a key of a secret - in the pod's namespace properties: key: - description: The key of the secret - to select from. Must be a valid - secret key. type: string name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the Secret - or its key must be defined type: boolean required: - key @@ -13462,74 +5333,31 @@ spec: type: object type: array envFrom: - description: List of sources to populate environment - variables in the container. The keys defined within - a source must be a C_IDENTIFIER. All invalid keys - will be reported as an event when the container - is starting. When a key exists in multiple sources, - the value associated with the last source will - take precedence. Values defined by an Env with - a duplicate key will take precedence. Cannot be - updated. items: - description: EnvFromSource represents the source - of a set of ConfigMaps properties: configMapRef: - description: The ConfigMap to select from properties: name: default: "" - description: 'Name of the referent. This - field is effectively required, but due - to backwards compatibility is allowed - to be empty. Instances of this type - with an empty value here are almost - certainly wrong. TODO: Add other useful - fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the ConfigMap - must be defined type: boolean type: object x-kubernetes-map-type: atomic prefix: - description: An optional identifier to prepend - to each key in the ConfigMap. Must be a - C_IDENTIFIER. type: string secretRef: - description: The Secret to select from properties: name: default: "" - description: 'Name of the referent. This - field is effectively required, but due - to backwards compatibility is allowed - to be empty. Instances of this type - with an empty value here are almost - certainly wrong. TODO: Add other useful - fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the Secret - must be defined type: boolean type: object x-kubernetes-map-type: atomic type: object type: array ionice: - description: 'Settings to configure `ionice` to - throttle the load on disk. More info: http://kennystechtalk.blogspot.com/2015/04/throttling-cpu-usage-with-linux-cgroups.html - More info: https://oakbytes.wordpress.com/2012/06/06/linux-scheduler-cfs-and-nice/' properties: class: format: int32 @@ -13539,68 +5367,27 @@ spec: type: integer type: object lifecycle: - description: Actions that the management system - should take in response to container lifecycle - events. Cannot be updated. properties: postStart: - description: 'PostStart is called immediately - after a container is created. If the handler - fails, the container is terminated and restarted - according to its restart policy. Other management - of the container blocks until the hook completes. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: Exec specifies the action to - take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it is - not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to - explicitly call out to that shell. - Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the http - request to perform. properties: host: - description: Host name to connect to, - defaults to the pod IP. You probably - want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers to set in - the request. HTTP allows repeated - headers. items: - description: HTTPHeader describes - a custom header to be used in HTTP - probes properties: name: - description: The header field - name. This will be canonicalized - upon output, so case-variant - names will be understood as - the same header. type: string value: - description: The header field - value type: string required: - name @@ -13609,129 +5396,58 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the HTTP - server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. type: string required: - port type: object sleep: - description: Sleep represents the duration - that the container should sleep before - being terminated. properties: seconds: - description: Seconds is the number of - seconds to sleep. format: int64 type: integer required: - seconds type: object tcpSocket: - description: Deprecated. TCPSocket is NOT - supported as a LifecycleHandler and kept - for the backward compatibility. There - are no validation of this field and lifecycle - hooks will fail in runtime when tcp handler - is specified. properties: host: - description: 'Optional: Host name to - connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: - description: 'PreStop is called immediately - before a container is terminated due to an - API request or management event such as liveness/startup - probe failure, preemption, resource contention, - etc. The handler is not called if the container - crashes or exits. The Pod''s termination grace - period countdown begins before the PreStop - hook is executed. Regardless of the outcome - of the handler, the container will eventually - terminate within the Pod''s termination grace - period (unless delayed by finalizers). Other - management of the container blocks until the - hook completes or until the termination grace - period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: Exec specifies the action to - take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it is - not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to - explicitly call out to that shell. - Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the http - request to perform. properties: host: - description: Host name to connect to, - defaults to the pod IP. You probably - want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers to set in - the request. HTTP allows repeated - headers. items: - description: HTTPHeader describes - a custom header to be used in HTTP - probes properties: name: - description: The header field - name. This will be canonicalized - upon output, so case-variant - names will be understood as - the same header. type: string value: - description: The header field - value type: string required: - name @@ -13740,58 +5456,33 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the HTTP - server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. type: string required: - port type: object sleep: - description: Sleep represents the duration - that the container should sleep before - being terminated. properties: seconds: - description: Seconds is the number of - seconds to sleep. format: int64 type: integer required: - seconds type: object tcpSocket: - description: Deprecated. TCPSocket is NOT - supported as a LifecycleHandler and kept - for the backward compatibility. There - are no validation of this field and lifecycle - hooks will fail in runtime when tcp handler - is specified. properties: host: - description: 'Optional: Host name to - connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -13799,79 +5490,38 @@ spec: type: object type: object livenessProbe: - description: 'Periodic probe of container liveness. - Container will be restarted if the probe fails. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line - to execute inside the container, the working - directory for the command is root ('/') - in the container's filesystem. The command - is simply exec'd, it is not run inside - a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, - you need to explicitly call out to that - shell. Exit status of 0 is treated as - live/healthy and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive failures for - the probe to be considered failed after having - succeeded. Defaults to 3. Minimum value is - 1. format: int32 type: integer grpc: - description: GRPC specifies an action involving - a GRPC port. properties: port: - description: Port number of the gRPC service. - Number must be in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name of the - service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default - behavior is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request - to perform. properties: host: - description: Host name to connect to, defaults - to the pod IP. You probably want to set - "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the - request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom - header to be used in HTTP probes properties: name: - description: The header field name. - This will be canonicalized upon - output, so case-variant names will - be understood as the same header. type: string value: - description: The header field value type: string required: - name @@ -13880,175 +5530,84 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the HTTP - server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container - has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform - the probe. Default to 10 seconds. Minimum - value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for - the probe to be considered successful after - having failed. Defaults to 1. Must be 1 for - liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving - a TCP port. properties: host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds the - pod needs to terminate gracefully upon probe - failure. The grace period is the duration - in seconds after the processes running in - the pod are sent a termination signal and - the time when the processes are forcibly halted - with a kill signal. Set this value longer - than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this value overrides - the value provided by the pod spec. Value - must be non-negative integer. The value zero - indicates stop immediately via the kill signal - (no opportunity to shut down). This is a beta - field and requires enabling ProbeTerminationGracePeriod - feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which - the probe times out. Defaults to 1 second. - Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object nice: - description: 'Settings to configure `nice` to throttle - the load on cpu. More info: http://kennystechtalk.blogspot.com/2015/04/throttling-cpu-usage-with-linux-cgroups.html - More info: https://oakbytes.wordpress.com/2012/06/06/linux-scheduler-cfs-and-nice/' properties: adjustment: format: int32 type: integer type: object readinessProbe: - description: 'Periodic probe of container service - readiness. Container will be removed from service - endpoints if the probe fails. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line - to execute inside the container, the working - directory for the command is root ('/') - in the container's filesystem. The command - is simply exec'd, it is not run inside - a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, - you need to explicitly call out to that - shell. Exit status of 0 is treated as - live/healthy and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive failures for - the probe to be considered failed after having - succeeded. Defaults to 3. Minimum value is - 1. format: int32 type: integer grpc: - description: GRPC specifies an action involving - a GRPC port. properties: port: - description: Port number of the gRPC service. - Number must be in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name of the - service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default - behavior is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request - to perform. properties: host: - description: Host name to connect to, defaults - to the pod IP. You probably want to set - "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the - request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom - header to be used in HTTP probes properties: name: - description: The header field name. - This will be canonicalized upon - output, so case-variant names will - be understood as the same header. type: string value: - description: The header field value type: string required: - name @@ -14057,112 +5616,51 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the HTTP - server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container - has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform - the probe. Default to 10 seconds. Minimum - value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for - the probe to be considered successful after - having failed. Defaults to 1. Must be 1 for - liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving - a TCP port. properties: host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds the - pod needs to terminate gracefully upon probe - failure. The grace period is the duration - in seconds after the processes running in - the pod are sent a termination signal and - the time when the processes are forcibly halted - with a kill signal. Set this value longer - than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this value overrides - the value provided by the pod spec. Value - must be non-negative integer. The value zero - indicates stop immediately via the kill signal - (no opportunity to shut down). This is a beta - field and requires enabling ProbeTerminationGracePeriod - feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which - the probe times out. Defaults to 1 second. - Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object resources: - description: 'Compute Resources required by container. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' properties: claims: - description: "Claims lists the names of resources, - defined in spec.resourceClaims, that are used - by this container. \n This is an alpha field - and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. - It can only be set for containers." items: - description: ResourceClaim references one - entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name - of one entry in pod.spec.resourceClaims - of the Pod where this field is used. - It makes that resource available inside - a container. type: string required: - name @@ -14178,8 +5676,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount - of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -14188,231 +5684,77 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum - amount of compute resources required. If Requests - is omitted for a container, it defaults to - Limits if that is explicitly specified, otherwise - to an implementation-defined value. Requests - cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: - description: 'Security options the pod should run - with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls - whether a process can gain more privileges - than its parent process. This bool directly - controls if the no_new_privs flag will be - set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run - as Privileged 2) has CAP_SYS_ADMIN Note that - this field cannot be set when spec.os.name - is windows.' type: boolean appArmorProfile: - description: appArmorProfile is the AppArmor - options to use by this container. If set, - this profile overrides the pod's appArmorProfile. - Note that this field cannot be set when spec.os.name - is windows. properties: localhostProfile: - description: localhostProfile indicates - a profile loaded on the node that should - be used. The profile must be preconfigured - on the node to work. Must match the loaded - name of the profile. Must be set if and - only if type is "Localhost". type: string type: - description: 'type indicates which kind - of AppArmor profile will be applied. Valid - options are: Localhost - a profile pre-loaded - on the node. RuntimeDefault - the container - runtime''s default profile. Unconfined - - no AppArmor enforcement.' type: string required: - type type: object capabilities: - description: The capabilities to add/drop when - running containers. Defaults to the default - set of capabilities granted by the container - runtime. Note that this field cannot be set - when spec.os.name is windows. properties: add: - description: Added capabilities items: - description: Capability represent POSIX - capabilities type type: string type: array x-kubernetes-list-type: atomic drop: - description: Removed capabilities items: - description: Capability represent POSIX - capabilities type type: string type: array x-kubernetes-list-type: atomic type: object privileged: - description: Run container in privileged mode. - Processes in privileged containers are essentially - equivalent to root on the host. Defaults to - false. Note that this field cannot be set - when spec.os.name is windows. type: boolean procMount: - description: procMount denotes the type of proc - mount to use for the containers. The default - is DefaultProcMount which uses the container - runtime defaults for readonly paths and masked - paths. This requires the ProcMountType feature - flag to be enabled. Note that this field cannot - be set when spec.os.name is windows. type: string readOnlyRootFilesystem: - description: Whether this container has a read-only - root filesystem. Default is false. Note that - this field cannot be set when spec.os.name - is windows. type: boolean runAsGroup: - description: The GID to run the entrypoint of - the container process. Uses runtime default - if unset. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes - precedence. Note that this field cannot be - set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: - description: Indicates that the container must - run as a non-root user. If true, the Kubelet - will validate the image at runtime to ensure - that it does not run as UID 0 (root) and fail - to start the container if it does. If unset - or false, no such validation will be performed. - May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes - precedence. type: boolean runAsUser: - description: The UID to run the entrypoint of - the container process. Defaults to user specified - in image metadata if unspecified. May also - be set in PodSecurityContext. If set in both - SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name - is windows. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be applied - to the container. If unspecified, the container - runtime will allocate a random SELinux context - for each container. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes - precedence. Note that this field cannot be - set when spec.os.name is windows. properties: level: - description: Level is SELinux level label - that applies to the container. type: string role: - description: Role is a SELinux role label - that applies to the container. type: string type: - description: Type is a SELinux type label - that applies to the container. type: string user: - description: User is a SELinux user label - that applies to the container. type: string type: object seccompProfile: - description: The seccomp options to use by this - container. If seccomp options are provided - at both the pod & container level, the container - options override the pod options. Note that - this field cannot be set when spec.os.name - is windows. properties: localhostProfile: - description: localhostProfile indicates - a profile defined in a file on the node - should be used. The profile must be preconfigured - on the node to work. Must be a descending - path, relative to the kubelet's configured - seccomp profile location. Must be set - if type is "Localhost". Must NOT be set - for any other type. type: string type: - description: "type indicates which kind - of seccomp profile will be applied. Valid - options are: \n Localhost - a profile - defined in a file on the node should be - used. RuntimeDefault - the container runtime - default profile should be used. Unconfined - - no profile should be applied." type: string required: - type type: object windowsOptions: - description: The Windows specific settings applied - to all containers. If unspecified, the options - from the PodSecurityContext will be used. - If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes - precedence. Note that this field cannot be - set when spec.os.name is linux. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is where - the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential - spec named by the GMSACredentialSpecName - field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName is the - name of the GMSA credential spec to use. type: string hostProcess: - description: HostProcess determines if a - container should be run as a 'Host Process' - container. All of a Pod's containers must - have the same effective HostProcess value - (it is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). - In addition, if HostProcess is true then - HostNetwork must also be set to true. type: boolean runAsUserName: - description: The UserName in Windows to - run the entrypoint of the container process. - Defaults to the user specified in image - metadata if unspecified. May also be set - in PodSecurityContext. If set in both - SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. type: string type: object type: object @@ -14420,80 +5762,22 @@ spec: pod: properties: affinity: - description: If specified, the pod's scheduling - constraints properties: nodeAffinity: - description: Describes node affinity scheduling - rules for the pod. properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to - schedule pods to nodes that satisfy the - affinity expressions specified by this - field, but it may choose a node that violates - one or more of the expressions. The node - that is most preferred is the one with - the greatest sum of weights, i.e. for - each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a - sum by iterating through the elements - of this field and adding "weight" to the - sum if the node matches the corresponding - matchExpressions; the node(s) with the - highest sum are the most preferred. items: - description: An empty preferred scheduling - term matches all objects with implicit - weight 0 (i.e. it's a no-op). A null - preferred scheduling term matches no - objects (i.e. is also a no-op). properties: preference: - description: A node selector term, - associated with the corresponding - weight. properties: matchExpressions: - description: A list of node selector - requirements by node's labels. items: - description: A node selector - requirement is a selector - that contains values, a key, - and an operator that relates - the key and values. properties: key: - description: The label key - that the selector applies - to. type: string operator: - description: Represents - a key's relationship to - a set of values. Valid - operators are In, NotIn, - Exists, DoesNotExist. - Gt, and Lt. type: string values: - description: An array of - string values. If the - operator is In or NotIn, - the values array must - be non-empty. If the operator - is Exists or DoesNotExist, - the values array must - be empty. If the operator - is Gt or Lt, the values - array must have a single - element, which will be - interpreted as an integer. - This array is replaced - during a strategic merge - patch. items: type: string type: array @@ -14505,44 +5789,13 @@ spec: type: array x-kubernetes-list-type: atomic matchFields: - description: A list of node selector - requirements by node's fields. items: - description: A node selector - requirement is a selector - that contains values, a key, - and an operator that relates - the key and values. properties: key: - description: The label key - that the selector applies - to. type: string operator: - description: Represents - a key's relationship to - a set of values. Valid - operators are In, NotIn, - Exists, DoesNotExist. - Gt, and Lt. type: string values: - description: An array of - string values. If the - operator is In or NotIn, - the values array must - be non-empty. If the operator - is Exists or DoesNotExist, - the values array must - be empty. If the operator - is Gt or Lt, the values - array must have a single - element, which will be - interpreted as an integer. - This array is replaced - during a strategic merge - patch. items: type: string type: array @@ -14556,9 +5809,6 @@ spec: type: object x-kubernetes-map-type: atomic weight: - description: Weight associated with - matching the corresponding nodeSelectorTerm, - in the range 1-100. format: int32 type: integer required: @@ -14568,65 +5818,18 @@ spec: type: array x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements - specified by this field are not met at - scheduling time, the pod will not be scheduled - onto the node. If the affinity requirements - specified by this field cease to be met - at some point during pod execution (e.g. - due to an update), the system may or may - not try to eventually evict the pod from - its node. properties: nodeSelectorTerms: - description: Required. A list of node - selector terms. The terms are ORed. items: - description: A null or empty node - selector term matches no objects. - The requirements of them are ANDed. - The TopologySelectorTerm type implements - a subset of the NodeSelectorTerm. properties: matchExpressions: - description: A list of node selector - requirements by node's labels. items: - description: A node selector - requirement is a selector - that contains values, a key, - and an operator that relates - the key and values. properties: key: - description: The label key - that the selector applies - to. type: string operator: - description: Represents - a key's relationship to - a set of values. Valid - operators are In, NotIn, - Exists, DoesNotExist. - Gt, and Lt. type: string values: - description: An array of - string values. If the - operator is In or NotIn, - the values array must - be non-empty. If the operator - is Exists or DoesNotExist, - the values array must - be empty. If the operator - is Gt or Lt, the values - array must have a single - element, which will be - interpreted as an integer. - This array is replaced - during a strategic merge - patch. items: type: string type: array @@ -14638,44 +5841,13 @@ spec: type: array x-kubernetes-list-type: atomic matchFields: - description: A list of node selector - requirements by node's fields. items: - description: A node selector - requirement is a selector - that contains values, a key, - and an operator that relates - the key and values. properties: key: - description: The label key - that the selector applies - to. type: string operator: - description: Represents - a key's relationship to - a set of values. Valid - operators are In, NotIn, - Exists, DoesNotExist. - Gt, and Lt. type: string values: - description: An array of - string values. If the - operator is In or NotIn, - the values array must - be non-empty. If the operator - is Exists or DoesNotExist, - the values array must - be empty. If the operator - is Gt or Lt, the values - array must have a single - element, which will be - interpreted as an integer. - This array is replaced - during a strategic merge - patch. items: type: string type: array @@ -14696,87 +5868,22 @@ spec: x-kubernetes-map-type: atomic type: object podAffinity: - description: Describes pod affinity scheduling - rules (e.g. co-locate this pod in the same - node, zone, etc. as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to - schedule pods to nodes that satisfy the - affinity expressions specified by this - field, but it may choose a node that violates - one or more of the expressions. The node - that is most preferred is the one with - the greatest sum of weights, i.e. for - each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a - sum by iterating through the elements - of this field and adding "weight" to the - sum if the node has pods which matches - the corresponding podAffinityTerm; the - node(s) with the highest sum are the most - preferred. items: - description: The weights of all of the - matched WeightedPodAffinityTerm fields - are added per-node to find the most - preferred node(s) properties: podAffinityTerm: - description: Required. A pod affinity - term, associated with the corresponding - weight. properties: labelSelector: - description: A label query over - a set of resources, in this - case pods. If it's null, this - PodAffinityTerm matches with - no Pods. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key and - values. properties: key: - description: key is - the label key that - the selector applies - to. type: string operator: - description: operator - represents a key's - relationship to a - set of values. Valid - operators are In, - NotIn, Exists and - DoesNotExist. type: string values: - description: values - is an array of string - values. If the operator - is In or NotIn, the - values array must - be non-empty. If the - operator is Exists - or DoesNotExist, the - values array must - be empty. This array - is replaced during - a strategic merge - patch. items: type: string type: array @@ -14790,129 +5897,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in - the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is - a set of pod label keys to select - which pods will be taken into - consideration. The keys are - used to lookup values from the - incoming pod labels, those key-value - labels are merged with `labelSelector` - as `key in (value)` to select - the group of existing pods which - pods will be taken into consideration - for the incoming pod's pod (anti) - affinity. Keys that don't exist - in the incoming pod labels will - be ignored. The default value - is empty. The same key is forbidden - to exist in both matchLabelKeys - and labelSelector. Also, matchLabelKeys - cannot be set when labelSelector - isn't set. This is an alpha - field and requires enabling - MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys - is a set of pod label keys to - select which pods will be taken - into consideration. The keys - are used to lookup values from - the incoming pod labels, those - key-value labels are merged - with `labelSelector` as `key - notin (value)` to select the - group of existing pods which - pods will be taken into consideration - for the incoming pod's pod (anti) - affinity. Keys that don't exist - in the incoming pod labels will - be ignored. The default value - is empty. The same key is forbidden - to exist in both mismatchLabelKeys - and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector - isn't set. This is an alpha - field and requires enabling - MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over - the set of namespaces that the - term applies to. The term is - applied to the union of the - namespaces selected by this - field and the ones listed in - the namespaces field. null selector - and null or empty namespaces - list means "this pod's namespace". - An empty selector ({}) matches - all namespaces. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key and - values. properties: key: - description: key is - the label key that - the selector applies - to. type: string operator: - description: operator - represents a key's - relationship to a - set of values. Valid - operators are In, - NotIn, Exists and - DoesNotExist. type: string values: - description: values - is an array of string - values. If the operator - is In or NotIn, the - values array must - be non-empty. If the - operator is Exists - or DoesNotExist, the - values array must - be empty. This array - is replaced during - a strategic merge - patch. items: type: string type: array @@ -14926,55 +5933,20 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in - the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies - a static list of namespace names - that the term applies to. The - term is applied to the union - of the namespaces listed in - this field and the ones selected - by namespaceSelector. null or - empty namespaces list and null - namespaceSelector means "this - pod's namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: - description: This pod should be - co-located (affinity) or not - co-located (anti-affinity) with - the pods matching the labelSelector - in the specified namespaces, - where co-located is defined - as running on a node whose value - of the label with key topologyKey - matches that of any node on - which any of the selected pods - is running. Empty topologyKey - is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with - matching the corresponding podAffinityTerm, - in the range 1-100. format: int32 type: integer required: @@ -14984,72 +5956,18 @@ spec: type: array x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements - specified by this field are not met at - scheduling time, the pod will not be scheduled - onto the node. If the affinity requirements - specified by this field cease to be met - at some point during pod execution (e.g. - due to a pod label update), the system - may or may not try to eventually evict - the pod from its node. When there are - multiple elements, the lists of nodes - corresponding to each podAffinityTerm - are intersected, i.e. all terms must be - satisfied. items: - description: Defines a set of pods (namely - those matching the labelSelector relative - to the given namespace(s)) that this - pod should be co-located (affinity) - or not co-located (anti-affinity) with, - where co-located is defined as running - on a node whose value of the label with - key matches that of any - node on which a pod of the set of pods - is running properties: labelSelector: - description: A label query over a - set of resources, in this case pods. - If it's null, this PodAffinityTerm - matches with no Pods. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, a key, - and an operator that relates - the key and values. properties: key: - description: key is the - label key that the selector - applies to. type: string operator: - description: operator represents - a key's relationship to - a set of values. Valid - operators are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values is an - array of string values. - If the operator is In - or NotIn, the values array - must be non-empty. If - the operator is Exists - or DoesNotExist, the values - array must be empty. This - array is replaced during - a strategic merge patch. items: type: string type: array @@ -15063,115 +5981,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a - map of {key,value} pairs. A - single {key,value} in the matchLabels - map is equivalent to an element - of matchExpressions, whose key - field is "key", the operator - is "In", and the values array - contains only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set - of pod label keys to select which - pods will be taken into consideration. - The keys are used to lookup values - from the incoming pod labels, those - key-value labels are merged with - `labelSelector` as `key in (value)` - to select the group of existing - pods which pods will be taken into - consideration for the incoming pod's - pod (anti) affinity. Keys that don't - exist in the incoming pod labels - will be ignored. The default value - is empty. The same key is forbidden - to exist in both matchLabelKeys - and labelSelector. Also, matchLabelKeys - cannot be set when labelSelector - isn't set. This is an alpha field - and requires enabling MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys is - a set of pod label keys to select - which pods will be taken into consideration. - The keys are used to lookup values - from the incoming pod labels, those - key-value labels are merged with - `labelSelector` as `key notin (value)` - to select the group of existing - pods which pods will be taken into - consideration for the incoming pod's - pod (anti) affinity. Keys that don't - exist in the incoming pod labels - will be ignored. The default value - is empty. The same key is forbidden - to exist in both mismatchLabelKeys - and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector - isn't set. This is an alpha field - and requires enabling MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the - set of namespaces that the term - applies to. The term is applied - to the union of the namespaces selected - by this field and the ones listed - in the namespaces field. null selector - and null or empty namespaces list - means "this pod's namespace". An - empty selector ({}) matches all - namespaces. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, a key, - and an operator that relates - the key and values. properties: key: - description: key is the - label key that the selector - applies to. type: string operator: - description: operator represents - a key's relationship to - a set of values. Valid - operators are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values is an - array of string values. - If the operator is In - or NotIn, the values array - must be non-empty. If - the operator is Exists - or DoesNotExist, the values - array must be empty. This - array is replaced during - a strategic merge patch. items: type: string type: array @@ -15185,43 +6017,15 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a - map of {key,value} pairs. A - single {key,value} in the matchLabels - map is equivalent to an element - of matchExpressions, whose key - field is "key", the operator - is "In", and the values array - contains only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies - a static list of namespace names - that the term applies to. The term - is applied to the union of the namespaces - listed in this field and the ones - selected by namespaceSelector. null - or empty namespaces list and null - namespaceSelector means "this pod's - namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: - description: This pod should be co-located - (affinity) or not co-located (anti-affinity) - with the pods matching the labelSelector - in the specified namespaces, where - co-located is defined as running - on a node whose value of the label - with key topologyKey matches that - of any node on which any of the - selected pods is running. Empty - topologyKey is not allowed. type: string required: - topologyKey @@ -15230,87 +6034,22 @@ spec: x-kubernetes-list-type: atomic type: object podAntiAffinity: - description: Describes pod anti-affinity scheduling - rules (e.g. avoid putting this pod in the - same node, zone, etc. as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to - schedule pods to nodes that satisfy the - anti-affinity expressions specified by - this field, but it may choose a node that - violates one or more of the expressions. - The node that is most preferred is the - one with the greatest sum of weights, - i.e. for each node that meets all of the - scheduling requirements (resource request, - requiredDuringScheduling anti-affinity - expressions, etc.), compute a sum by iterating - through the elements of this field and - adding "weight" to the sum if the node - has pods which matches the corresponding - podAffinityTerm; the node(s) with the - highest sum are the most preferred. items: - description: The weights of all of the - matched WeightedPodAffinityTerm fields - are added per-node to find the most - preferred node(s) properties: podAffinityTerm: - description: Required. A pod affinity - term, associated with the corresponding - weight. properties: labelSelector: - description: A label query over - a set of resources, in this - case pods. If it's null, this - PodAffinityTerm matches with - no Pods. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key and - values. properties: key: - description: key is - the label key that - the selector applies - to. type: string operator: - description: operator - represents a key's - relationship to a - set of values. Valid - operators are In, - NotIn, Exists and - DoesNotExist. type: string values: - description: values - is an array of string - values. If the operator - is In or NotIn, the - values array must - be non-empty. If the - operator is Exists - or DoesNotExist, the - values array must - be empty. This array - is replaced during - a strategic merge - patch. items: type: string type: array @@ -15324,129 +6063,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in - the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is - a set of pod label keys to select - which pods will be taken into - consideration. The keys are - used to lookup values from the - incoming pod labels, those key-value - labels are merged with `labelSelector` - as `key in (value)` to select - the group of existing pods which - pods will be taken into consideration - for the incoming pod's pod (anti) - affinity. Keys that don't exist - in the incoming pod labels will - be ignored. The default value - is empty. The same key is forbidden - to exist in both matchLabelKeys - and labelSelector. Also, matchLabelKeys - cannot be set when labelSelector - isn't set. This is an alpha - field and requires enabling - MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys - is a set of pod label keys to - select which pods will be taken - into consideration. The keys - are used to lookup values from - the incoming pod labels, those - key-value labels are merged - with `labelSelector` as `key - notin (value)` to select the - group of existing pods which - pods will be taken into consideration - for the incoming pod's pod (anti) - affinity. Keys that don't exist - in the incoming pod labels will - be ignored. The default value - is empty. The same key is forbidden - to exist in both mismatchLabelKeys - and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector - isn't set. This is an alpha - field and requires enabling - MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over - the set of namespaces that the - term applies to. The term is - applied to the union of the - namespaces selected by this - field and the ones listed in - the namespaces field. null selector - and null or empty namespaces - list means "this pod's namespace". - An empty selector ({}) matches - all namespaces. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key and - values. properties: key: - description: key is - the label key that - the selector applies - to. type: string operator: - description: operator - represents a key's - relationship to a - set of values. Valid - operators are In, - NotIn, Exists and - DoesNotExist. type: string values: - description: values - is an array of string - values. If the operator - is In or NotIn, the - values array must - be non-empty. If the - operator is Exists - or DoesNotExist, the - values array must - be empty. This array - is replaced during - a strategic merge - patch. items: type: string type: array @@ -15460,55 +6099,20 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in - the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies - a static list of namespace names - that the term applies to. The - term is applied to the union - of the namespaces listed in - this field and the ones selected - by namespaceSelector. null or - empty namespaces list and null - namespaceSelector means "this - pod's namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: - description: This pod should be - co-located (affinity) or not - co-located (anti-affinity) with - the pods matching the labelSelector - in the specified namespaces, - where co-located is defined - as running on a node whose value - of the label with key topologyKey - matches that of any node on - which any of the selected pods - is running. Empty topologyKey - is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with - matching the corresponding podAffinityTerm, - in the range 1-100. format: int32 type: integer required: @@ -15518,72 +6122,18 @@ spec: type: array x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements - specified by this field are not met at - scheduling time, the pod will not be scheduled - onto the node. If the anti-affinity requirements - specified by this field cease to be met - at some point during pod execution (e.g. - due to a pod label update), the system - may or may not try to eventually evict - the pod from its node. When there are - multiple elements, the lists of nodes - corresponding to each podAffinityTerm - are intersected, i.e. all terms must be - satisfied. items: - description: Defines a set of pods (namely - those matching the labelSelector relative - to the given namespace(s)) that this - pod should be co-located (affinity) - or not co-located (anti-affinity) with, - where co-located is defined as running - on a node whose value of the label with - key matches that of any - node on which a pod of the set of pods - is running properties: labelSelector: - description: A label query over a - set of resources, in this case pods. - If it's null, this PodAffinityTerm - matches with no Pods. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, a key, - and an operator that relates - the key and values. properties: key: - description: key is the - label key that the selector - applies to. type: string operator: - description: operator represents - a key's relationship to - a set of values. Valid - operators are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values is an - array of string values. - If the operator is In - or NotIn, the values array - must be non-empty. If - the operator is Exists - or DoesNotExist, the values - array must be empty. This - array is replaced during - a strategic merge patch. items: type: string type: array @@ -15597,115 +6147,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a - map of {key,value} pairs. A - single {key,value} in the matchLabels - map is equivalent to an element - of matchExpressions, whose key - field is "key", the operator - is "In", and the values array - contains only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set - of pod label keys to select which - pods will be taken into consideration. - The keys are used to lookup values - from the incoming pod labels, those - key-value labels are merged with - `labelSelector` as `key in (value)` - to select the group of existing - pods which pods will be taken into - consideration for the incoming pod's - pod (anti) affinity. Keys that don't - exist in the incoming pod labels - will be ignored. The default value - is empty. The same key is forbidden - to exist in both matchLabelKeys - and labelSelector. Also, matchLabelKeys - cannot be set when labelSelector - isn't set. This is an alpha field - and requires enabling MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys is - a set of pod label keys to select - which pods will be taken into consideration. - The keys are used to lookup values - from the incoming pod labels, those - key-value labels are merged with - `labelSelector` as `key notin (value)` - to select the group of existing - pods which pods will be taken into - consideration for the incoming pod's - pod (anti) affinity. Keys that don't - exist in the incoming pod labels - will be ignored. The default value - is empty. The same key is forbidden - to exist in both mismatchLabelKeys - and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector - isn't set. This is an alpha field - and requires enabling MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the - set of namespaces that the term - applies to. The term is applied - to the union of the namespaces selected - by this field and the ones listed - in the namespaces field. null selector - and null or empty namespaces list - means "this pod's namespace". An - empty selector ({}) matches all - namespaces. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, a key, - and an operator that relates - the key and values. properties: key: - description: key is the - label key that the selector - applies to. type: string operator: - description: operator represents - a key's relationship to - a set of values. Valid - operators are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values is an - array of string values. - If the operator is In - or NotIn, the values array - must be non-empty. If - the operator is Exists - or DoesNotExist, the values - array must be empty. This - array is replaced during - a strategic merge patch. items: type: string type: array @@ -15719,43 +6183,15 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a - map of {key,value} pairs. A - single {key,value} in the matchLabels - map is equivalent to an element - of matchExpressions, whose key - field is "key", the operator - is "In", and the values array - contains only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies - a static list of namespace names - that the term applies to. The term - is applied to the union of the namespaces - listed in this field and the ones - selected by namespaceSelector. null - or empty namespaces list and null - namespaceSelector means "this pod's - namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: - description: This pod should be co-located - (affinity) or not co-located (anti-affinity) - with the pods matching the labelSelector - in the specified namespaces, where - co-located is defined as running - on a node whose value of the label - with key topologyKey matches that - of any node on which any of the - selected pods is running. Empty - topologyKey is not allowed. type: string required: - topologyKey @@ -15765,305 +6201,106 @@ spec: type: object type: object automountServiceAccountToken: - description: AutomountServiceAccountToken indicates - whether a service account token should be automatically - mounted. type: boolean enableServiceLinks: - description: 'EnableServiceLinks indicates whether - information about services should be injected - into pod''s environment variables, matching the - syntax of Docker links. Optional: Defaults to - true.' type: boolean imagePullSecrets: - description: 'ImagePullSecrets is an optional list - of references to secrets in the same namespace - to use for pulling any of the images used by this - PodRuntimeSettings. If specified, these secrets - will be passed to individual puller implementations - for them to use. For example, in the case of docker, - only DockerConfig type secrets are honored. More - info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' items: - description: LocalObjectReference contains enough - information to let you locate the referenced - object inside the same namespace. properties: name: default: "" - description: 'Name of the referent. This field - is effectively required, but due to backwards - compatibility is allowed to be empty. Instances - of this type with an empty value here are - almost certainly wrong. TODO: Add other - useful fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic type: array nodeName: - description: NodeName is a request to schedule this - pod onto a specific node. If it is non-empty, - the scheduler simply schedules this pod onto that - node, assuming that it fits resource requirements. type: string nodeSelector: additionalProperties: type: string - description: 'NodeSelector is a selector which must - be true for the pod to fit on a node. Selector - which must match a node''s labels for the pod - to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' type: object podAnnotations: additionalProperties: type: string - description: PodAnnotations are the annotations - that will be attached with the respective Pod type: object podLabels: additionalProperties: type: string - description: PodLabels are the labels that will - be attached with the respective Pod type: object priority: - description: The priority value. Various system - components use this field to find the priority - of the pod. When Priority Admission Controller - is enabled, it prevents users from setting this - field. The admission controller populates this - field from PriorityClassName. The higher the value, - the higher the priority. format: int32 type: integer priorityClassName: - description: If specified, indicates the pod's priority. - "system-node-critical" and "system-cluster-critical" - are two special keywords which indicate the highest - priorities with the former being the highest priority. - Any other name must be defined by creating a PriorityClass - object with that name. If not specified, the pod - priority will be default or zero if there is no - default. type: string readinessGates: - description: 'If specified, all readiness gates - will be evaluated for pod readiness. A pod is - ready when all its containers are ready AND all - conditions specified in the readiness gates have - status equal to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/0007-pod-ready%2B%2B.md' items: - description: PodReadinessGate contains the reference - to a pod condition properties: conditionType: - description: ConditionType refers to a condition - in the pod's condition list with matching - type. type: string required: - conditionType type: object type: array runtimeClassName: - description: 'RuntimeClassName refers to a RuntimeClass - object in the node.k8s.io group, which should - be used to run this pod. If no RuntimeClass resource - matches the named class, the pod will not be run. - If unset or empty, the "legacy" RuntimeClass will - be used, which is an implicit class with an empty - definition that uses the default runtime handler. - More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md - This is an alpha feature and may change in the - future.' type: string schedulerName: - description: If specified, the pod will be dispatched - by specified scheduler. If not specified, the - pod will be dispatched by default scheduler. type: string securityContext: - description: 'Security options the pod should run - with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: appArmorProfile: - description: appArmorProfile is the AppArmor - options to use by the containers in this pod. - Note that this field cannot be set when spec.os.name - is windows. properties: localhostProfile: - description: localhostProfile indicates - a profile loaded on the node that should - be used. The profile must be preconfigured - on the node to work. Must match the loaded - name of the profile. Must be set if and - only if type is "Localhost". type: string type: - description: 'type indicates which kind - of AppArmor profile will be applied. Valid - options are: Localhost - a profile pre-loaded - on the node. RuntimeDefault - the container - runtime''s default profile. Unconfined - - no AppArmor enforcement.' type: string required: - type type: object fsGroup: - description: "A special supplemental group that - applies to all containers in a pod. Some volume - types allow the Kubelet to change the ownership - of that volume to be owned by the pod: \n - 1. The owning GID will be the FSGroup 2. The - setgid bit is set (new files created in the - volume will be owned by FSGroup) 3. The permission - bits are OR'd with rw-rw---- \n If unset, - the Kubelet will not modify the ownership - and permissions of any volume. Note that this - field cannot be set when spec.os.name is windows." format: int64 type: integer fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines behavior - of changing ownership and permission of the - volume before being exposed inside Pod. This - field will only apply to volume types which - support fsGroup based ownership(and permissions). - It will have no effect on ephemeral volume - types such as: secret, configmaps and emptydir. - Valid values are "OnRootMismatch" and "Always". - If not specified, "Always" is used. Note that - this field cannot be set when spec.os.name - is windows.' type: string runAsGroup: - description: The GID to run the entrypoint of - the container process. Uses runtime default - if unset. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes - precedence for that container. Note that this - field cannot be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: - description: Indicates that the container must - run as a non-root user. If true, the Kubelet - will validate the image at runtime to ensure - that it does not run as UID 0 (root) and fail - to start the container if it does. If unset - or false, no such validation will be performed. - May also be set in SecurityContext. If set - in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes - precedence. type: boolean runAsUser: - description: The UID to run the entrypoint of - the container process. Defaults to user specified - in image metadata if unspecified. May also - be set in SecurityContext. If set in both - SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence - for that container. Note that this field cannot - be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be applied - to all containers. If unspecified, the container - runtime will allocate a random SELinux context - for each container. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes - precedence for that container. Note that this - field cannot be set when spec.os.name is windows. properties: level: - description: Level is SELinux level label - that applies to the container. type: string role: - description: Role is a SELinux role label - that applies to the container. type: string type: - description: Type is a SELinux type label - that applies to the container. type: string user: - description: User is a SELinux user label - that applies to the container. type: string type: object seccompProfile: - description: The seccomp options to use by the - containers in this pod. Note that this field - cannot be set when spec.os.name is windows. properties: localhostProfile: - description: localhostProfile indicates - a profile defined in a file on the node - should be used. The profile must be preconfigured - on the node to work. Must be a descending - path, relative to the kubelet's configured - seccomp profile location. Must be set - if type is "Localhost". Must NOT be set - for any other type. type: string type: - description: "type indicates which kind - of seccomp profile will be applied. Valid - options are: \n Localhost - a profile - defined in a file on the node should be - used. RuntimeDefault - the container runtime - default profile should be used. Unconfined - - no profile should be applied." type: string required: - type type: object supplementalGroups: - description: A list of groups applied to the - first process run in each container, in addition - to the container's primary GID, the fsGroup - (if specified), and group memberships defined - in the container image for the uid of the - container process. If unspecified, no additional - groups are added to any container. Note that - group memberships defined in the container - image for the uid of the container process - are still effective, even if they are not - included in this list. Note that this field - cannot be set when spec.os.name is windows. items: format: int64 type: integer type: array x-kubernetes-list-type: atomic sysctls: - description: Sysctls hold a list of namespaced - sysctls used for the pod. Pods with unsupported - sysctls (by the container runtime) might fail - to launch. Note that this field cannot be - set when spec.os.name is windows. items: - description: Sysctl defines a kernel parameter - to be set properties: name: - description: Name of a property to set type: string value: - description: Value of a property to set type: string required: - name @@ -16072,154 +6309,52 @@ spec: type: array x-kubernetes-list-type: atomic windowsOptions: - description: The Windows specific settings applied - to all containers. If unspecified, the options - within a container's SecurityContext will - be used. If set in both SecurityContext and - PodSecurityContext, the value specified in - SecurityContext takes precedence. Note that - this field cannot be set when spec.os.name - is linux. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is where - the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential - spec named by the GMSACredentialSpecName - field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName is the - name of the GMSA credential spec to use. type: string hostProcess: - description: HostProcess determines if a - container should be run as a 'Host Process' - container. All of a Pod's containers must - have the same effective HostProcess value - (it is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). - In addition, if HostProcess is true then - HostNetwork must also be set to true. type: boolean runAsUserName: - description: The UserName in Windows to - run the entrypoint of the container process. - Defaults to the user specified in image - metadata if unspecified. May also be set - in PodSecurityContext. If set in both - SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. type: string type: object type: object serviceAccountAnnotations: additionalProperties: type: string - description: ServiceAccountAnnotations are the annotations - that will be attached with the respective ServiceAccount type: object serviceAccountName: - description: 'ServiceAccountName is the name of - the ServiceAccount to use to run this pod. More - info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' type: string tolerations: - description: If specified, the pod's tolerations. items: - description: The pod this Toleration is attached - to tolerates any taint that matches the triple - using the matching operator - . properties: effect: - description: Effect indicates the taint effect - to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, - PreferNoSchedule and NoExecute. type: string key: - description: Key is the taint key that the - toleration applies to. Empty means match - all taint keys. If the key is empty, operator - must be Exists; this combination means to - match all values and all keys. type: string operator: - description: Operator represents a key's relationship - to the value. Valid operators are Exists - and Equal. Defaults to Equal. Exists is - equivalent to wildcard for value, so that - a pod can tolerate all taints of a particular - category. type: string tolerationSeconds: - description: TolerationSeconds represents - the period of time the toleration (which - must be of effect NoExecute, otherwise this - field is ignored) tolerates the taint. By - default, it is not set, which means tolerate - the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict - immediately) by the system. format: int64 type: integer value: - description: Value is the taint value the - toleration matches to. If the operator is - Exists, the value should be empty, otherwise - just a regular string. type: string type: object type: array topologySpreadConstraints: - description: TopologySpreadConstraints describes - how a group of pods ought to spread across topology - domains. Scheduler will schedule pods in a way - which abides by the constraints. All topologySpreadConstraints - are ANDed. items: - description: TopologySpreadConstraint specifies - how to spread matching pods among the given - topology. properties: labelSelector: - description: LabelSelector is used to find - matching pods. Pods that match this label - selector are counted to determine the number - of pods in their corresponding topology - domain. properties: matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. properties: key: - description: key is the label key - that the selector applies to. type: string operator: - description: operator represents - a key's relationship to a set - of values. Valid operators are - In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array - of string values. If the operator - is In or NotIn, the values array - must be non-empty. If the operator - is Exists or DoesNotExist, the - values array must be empty. This - array is replaced during a strategic - merge patch. items: type: string type: array @@ -16233,161 +6368,27 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: "MatchLabelKeys is a set of pod - label keys to select the pods over which - spreading will be calculated. The keys are - used to lookup values from the incoming - pod labels, those key-value labels are ANDed - with labelSelector to select the group of - existing pods over which spreading will - be calculated for the incoming pod. The - same key is forbidden to exist in both MatchLabelKeys - and LabelSelector. MatchLabelKeys cannot - be set when LabelSelector isn't set. Keys - that don't exist in the incoming pod labels - will be ignored. A null or empty list means - only match against labelSelector. \n This - is a beta field and requires the MatchLabelKeysInPodTopologySpread - feature gate to be enabled (enabled by default)." items: type: string type: array x-kubernetes-list-type: atomic maxSkew: - description: 'MaxSkew describes the degree - to which pods may be unevenly distributed. - When `whenUnsatisfiable=DoNotSchedule`, - it is the maximum permitted difference between - the number of matching pods in the target - topology and the global minimum. The global - minimum is the minimum number of matching - pods in an eligible domain or zero if the - number of eligible domains is less than - MinDomains. For example, in a 3-zone cluster, - MaxSkew is set to 1, and pods with the same - labelSelector spread as 2/2/1: In this case, - the global minimum is 1. | zone1 | zone2 - | zone3 | | P P | P P | P | - if - MaxSkew is 1, incoming pod can only be scheduled - to zone3 to become 2/2/2; scheduling it - onto zone1(zone2) would make the ActualSkew(3-1) - on zone1(zone2) violate MaxSkew(1). - if - MaxSkew is 2, incoming pod can be scheduled - onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, - it is used to give higher precedence to - topologies that satisfy it. It''s a required - field. Default value is 1 and 0 is not allowed.' format: int32 type: integer minDomains: - description: "MinDomains indicates a minimum - number of eligible domains. When the number - of eligible domains with matching topology - keys is less than minDomains, Pod Topology - Spread treats \"global minimum\" as 0, and - then the calculation of Skew is performed. - And when the number of eligible domains - with matching topology keys equals or greater - than minDomains, this value has no effect - on scheduling. As a result, when the number - of eligible domains is less than minDomains, - scheduler won't schedule more than maxSkew - Pods to those domains. If value is nil, - the constraint behaves as if MinDomains - is equal to 1. Valid values are integers - greater than 0. When value is not nil, WhenUnsatisfiable - must be DoNotSchedule. \n For example, in - a 3-zone cluster, MaxSkew is set to 2, MinDomains - is set to 5 and pods with the same labelSelector - spread as 2/2/2: | zone1 | zone2 | zone3 - | | P P | P P | P P | The number of - domains is less than 5(MinDomains), so \"global - minimum\" is treated as 0. In this situation, - new pod with the same labelSelector cannot - be scheduled, because computed skew will - be 3(3 - 0) if new Pod is scheduled to any - of the three zones, it will violate MaxSkew." format: int32 type: integer nodeAffinityPolicy: - description: "NodeAffinityPolicy indicates - how we will treat Pod's nodeAffinity/nodeSelector - when calculating pod topology spread skew. - Options are: - Honor: only nodes matching - nodeAffinity/nodeSelector are included in - the calculations. - Ignore: nodeAffinity/nodeSelector - are ignored. All nodes are included in the - calculations. \n If this value is nil, the - behavior is equivalent to the Honor policy. - This is a beta-level feature default enabled - by the NodeInclusionPolicyInPodTopologySpread - feature flag." type: string nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates how - we will treat node taints when calculating - pod topology spread skew. Options are: - - Honor: nodes without taints, along with - tainted nodes for which the incoming pod - has a toleration, are included. - Ignore: - node taints are ignored. All nodes are included. - \n If this value is nil, the behavior is - equivalent to the Ignore policy. This is - a beta-level feature default enabled by - the NodeInclusionPolicyInPodTopologySpread - feature flag." type: string topologyKey: - description: TopologyKey is the key of node - labels. Nodes that have a label with this - key and identical values are considered - to be in the same topology. We consider - each as a "bucket", and try - to put balanced number of pods into each - bucket. We define a domain as a particular - instance of a topology. Also, we define - an eligible domain as a domain whose nodes - meet the requirements of nodeAffinityPolicy - and nodeTaintsPolicy. e.g. If TopologyKey - is "kubernetes.io/hostname", each Node is - a domain of that topology. And, if TopologyKey - is "topology.kubernetes.io/zone", each zone - is a domain of that topology. It's a required - field. type: string whenUnsatisfiable: - description: 'WhenUnsatisfiable indicates - how to deal with a pod if it doesn''t satisfy - the spread constraint. - DoNotSchedule (default) - tells the scheduler not to schedule it. - - ScheduleAnyway tells the scheduler to - schedule the pod in any location, but giving - higher precedence to topologies that would - help reduce the skew. A constraint is considered - "Unsatisfiable" for an incoming pod if and - only if every possible node assignment for - that pod would violate "MaxSkew" on some - topology. For example, in a 3-zone cluster, - MaxSkew is set to 1, and pods with the same - labelSelector spread as 3/1/1: | zone1 | - zone2 | zone3 | | P P P | P | P | - If WhenUnsatisfiable is set to DoNotSchedule, - incoming pod can only be scheduled to zone2(zone3) - to become 3/2/1(3/1/2) as ActualSkew(2-1) - on zone2(zone3) satisfies MaxSkew(1). In - other words, the cluster can still be imbalanced, - but scheduler won''t make it *more* imbalanced. - It''s a required field.' type: string required: - maxSkew @@ -16402,135 +6403,63 @@ spec: type: object type: object timeout: - description: Timeout specifies a duration in seconds that - KubeStash should wait for the hook execution to be completed. - If the hook execution does not finish within this time - period, KubeStash will consider this hook execution as - failure. Then, it will be re-tried according to MaxRetry - policy. type: string variables: - description: Variables specifies a list of variables and - their sources that will be used to resolve the HookTemplate. items: - description: EnvVar represents an environment variable - present in a Container. properties: name: - description: Name of the environment variable. Must - be a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) are - expanded using the previously defined environment - variables in the container and any service environment - variables. If a variable cannot be resolved, the - reference in the input string will be unchanged. - Double $$ are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" - will produce the string literal "$(VAR_NAME)". Escaped - references will never be expanded, regardless of - whether the variable exists or not. Defaults to - "".' type: string valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. properties: configMapKeyRef: - description: Selects a key of a ConfigMap. properties: key: - description: The key to select. type: string name: default: "" - description: 'Name of the referent. This field - is effectively required, but due to backwards - compatibility is allowed to be empty. Instances - of this type with an empty value here are - almost certainly wrong. TODO: Add other - useful fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the ConfigMap - or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of the pod: supports - metadata.name, metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs.' properties: apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". type: string fieldPath: - description: Path of the field to select in - the specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' properties: containerName: - description: 'Container name: required for - volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output format of - the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to select' type: string required: - resource type: object x-kubernetes-map-type: atomic secretKeyRef: - description: Selects a key of a secret in the - pod's namespace properties: key: - description: The key of the secret to select - from. Must be a valid secret key. type: string name: default: "" - description: 'Name of the referent. This field - is effectively required, but due to backwards - compatibility is allowed to be empty. Instances - of this type with an empty value here are - almost certainly wrong. TODO: Add other - useful fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the Secret or - its key must be defined type: boolean required: - key @@ -16542,63 +6471,21 @@ spec: type: object type: array volumeMounts: - description: VolumeMounts specifies the mount for the volumes - specified in `Volumes` section Use this field only for - `Function` type hook executor. items: - description: VolumeMount describes a mounting of a Volume - within a container. properties: mountPath: - description: Path within the container at which the - volume should be mounted. Must not contain ':'. type: string mountPropagation: - description: mountPropagation determines how mounts - are propagated from the host to container and the - other way around. When not set, MountPropagationNone - is used. This field is beta in 1.10. When RecursiveReadOnly - is set to IfPossible or to Enabled, MountPropagation - must be None or unspecified (which defaults to None). type: string name: - description: This must match the Name of a Volume. type: string readOnly: - description: Mounted read-only if true, read-write - otherwise (false or unspecified). Defaults to false. type: boolean recursiveReadOnly: - description: "RecursiveReadOnly specifies whether - read-only mounts should be handled recursively. - \n If ReadOnly is false, this field has no meaning - and must be unspecified. \n If ReadOnly is true, - and this field is set to Disabled, the mount is - not made recursively read-only. If this field is - set to IfPossible, the mount is made recursively - read-only, if it is supported by the container runtime. - \ If this field is set to Enabled, the mount is - made recursively read-only if it is supported by - the container runtime, otherwise the pod will not - be started and an error will be generated to indicate - the reason. \n If this field is set to IfPossible - or Enabled, MountPropagation must be set to None - (or be unspecified, which defaults to None). \n - If this field is not specified, it is treated as - an equivalent of Disabled." type: string subPath: - description: Path within the volume from which the - container's volume should be mounted. Defaults to - "" (volume's root). type: string subPathExpr: - description: Expanded path within the volume from - which the container's volume should be mounted. - Behaves similarly to SubPath but environment variable - references $(VAR_NAME) are expanded using the container's - environment. Defaults to "" (volume's root). SubPathExpr - and SubPath are mutually exclusive. type: string required: - mountPath @@ -16606,264 +6493,109 @@ spec: type: object type: array volumes: - description: Volumes indicates the list of volumes of targeted - application that should be mounted on the hook executor. - Use this field only for `Function` type hook executor. items: - description: Volume represents a named volume in a pod - that may be accessed by any container in the pod. properties: awsElasticBlockStore: - description: 'awsElasticBlockStore represents an AWS - Disk resource that is attached to a kubelet''s host - machine and then exposed to the pod. More info: - https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' properties: fsType: - description: 'fsType is the filesystem type of - the volume that you want to mount. Tip: Ensure - that the filesystem type is supported by the - host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if - unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem - from compromising the machine' type: string partition: - description: 'partition is the partition in the - volume that you want to mount. If omitted, the - default is to mount by volume name. Examples: - For volume /dev/sda1, you specify the partition - as "1". Similarly, the volume partition for - /dev/sda is "0" (or you can leave the property - empty).' format: int32 type: integer readOnly: - description: 'readOnly value true will force the - readOnly setting in VolumeMounts. More info: - https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: boolean volumeID: - description: 'volumeID is unique ID of the persistent - disk resource in AWS (Amazon EBS volume). More - info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: string required: - volumeID type: object azureDisk: - description: azureDisk represents an Azure Data Disk - mount on the host and bind mount to the pod. properties: cachingMode: - description: 'cachingMode is the Host Caching - mode: None, Read Only, Read Write.' type: string diskName: - description: diskName is the Name of the data - disk in the blob storage type: string diskURI: - description: diskURI is the URI of data disk in - the blob storage type: string fsType: - description: fsType is Filesystem type to mount. - Must be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified. type: string kind: - description: 'kind expected values are Shared: - multiple blob disks per storage account Dedicated: - single blob disk per storage account Managed: - azure managed data disk (only in managed availability - set). defaults to shared' type: string readOnly: - description: readOnly Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting - in VolumeMounts. type: boolean required: - diskName - diskURI type: object azureFile: - description: azureFile represents an Azure File Service - mount on the host and bind mount to the pod. properties: readOnly: - description: readOnly defaults to false (read/write). - ReadOnly here will force the ReadOnly setting - in VolumeMounts. type: boolean secretName: - description: secretName is the name of secret - that contains Azure Storage Account Name and - Key type: string shareName: - description: shareName is the azure share Name type: string required: - secretName - shareName type: object cephfs: - description: cephFS represents a Ceph FS mount on - the host that shares a pod's lifetime properties: monitors: - description: 'monitors is Required: Monitors is - a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' items: type: string type: array x-kubernetes-list-type: atomic path: - description: 'path is Optional: Used as the mounted - root, rather than the full Ceph tree, default - is /' type: string readOnly: - description: 'readOnly is Optional: Defaults to - false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. More info: - https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: boolean secretFile: - description: 'secretFile is Optional: SecretFile - is the path to key ring for User, default is - /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string secretRef: - description: 'secretRef is Optional: SecretRef - is reference to the authentication secret for - User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' properties: name: default: "" - description: 'Name of the referent. This field - is effectively required, but due to backwards - compatibility is allowed to be empty. Instances - of this type with an empty value here are - almost certainly wrong. TODO: Add other - useful fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is optional: User is the rados - user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string required: - monitors type: object cinder: - description: 'cinder represents a cinder volume attached - and mounted on kubelets host machine. More info: - https://examples.k8s.io/mysql-cinder-pd/README.md' properties: fsType: - description: 'fsType is the filesystem type to - mount. Must be a filesystem type supported by - the host operating system. Examples: "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string readOnly: - description: 'readOnly defaults to false (read/write). - ReadOnly here will force the ReadOnly setting - in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: boolean secretRef: - description: 'secretRef is optional: points to - a secret object containing parameters used to - connect to OpenStack.' properties: name: default: "" - description: 'Name of the referent. This field - is effectively required, but due to backwards - compatibility is allowed to be empty. Instances - of this type with an empty value here are - almost certainly wrong. TODO: Add other - useful fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic volumeID: - description: 'volumeID used to identify the volume - in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string required: - volumeID type: object configMap: - description: configMap represents a configMap that - should populate this volume properties: defaultMode: - description: 'defaultMode is optional: mode bits - used to set permissions on created files by - default. Must be an octal value between 0000 - and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. - Defaults to 0644. Directories within the path - are not affected by this setting. This might - be in conflict with other options that affect - the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer items: - description: items if unspecified, each key-value - pair in the Data field of the referenced ConfigMap - will be projected into the volume as a file - whose name is the key and content is the value. - If specified, the listed keys will be projected - into the specified paths, and unlisted keys - will not be present. If a key is specified which - is not present in the ConfigMap, the volume - setup will error unless it is marked optional. - Paths must be relative and may not contain the - '..' path or start with '..'. items: - description: Maps a string key to a path within - a volume. properties: key: - description: key is the key to project. type: string mode: - description: 'mode is Optional: mode bits - used to set permissions on this file. - Must be an octal value between 0000 and - 0777 or a decimal value between 0 and - 511. YAML accepts both octal and decimal - values, JSON requires decimal values for - mode bits. If not specified, the volume - defaultMode will be used. This might be - in conflict with other options that affect - the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer path: - description: path is the relative path of - the file to map the key to. May not be - an absolute path. May not contain the - path element '..'. May not start with - the string '..'. type: string required: - key @@ -16873,166 +6605,67 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of the referent. This field - is effectively required, but due to backwards - compatibility is allowed to be empty. Instances - of this type with an empty value here are almost - certainly wrong. TODO: Add other useful fields. - apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional specify whether the ConfigMap - or its keys must be defined type: boolean type: object x-kubernetes-map-type: atomic csi: - description: csi (Container Storage Interface) represents - ephemeral storage that is handled by certain external - CSI drivers (Beta feature). properties: driver: - description: driver is the name of the CSI driver - that handles this volume. Consult with your - admin for the correct name as registered in - the cluster. type: string fsType: - description: fsType to mount. Ex. "ext4", "xfs", - "ntfs". If not provided, the empty value is - passed to the associated CSI driver which will - determine the default filesystem to apply. type: string nodePublishSecretRef: - description: nodePublishSecretRef is a reference - to the secret object containing sensitive information - to pass to the CSI driver to complete the CSI - NodePublishVolume and NodeUnpublishVolume calls. - This field is optional, and may be empty if - no secret is required. If the secret object - contains more than one secret, all secret references - are passed. properties: name: default: "" - description: 'Name of the referent. This field - is effectively required, but due to backwards - compatibility is allowed to be empty. Instances - of this type with an empty value here are - almost certainly wrong. TODO: Add other - useful fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic readOnly: - description: readOnly specifies a read-only configuration - for the volume. Defaults to false (read/write). type: boolean volumeAttributes: additionalProperties: type: string - description: volumeAttributes stores driver-specific - properties that are passed to the CSI driver. - Consult your driver's documentation for supported - values. type: object required: - driver type: object downwardAPI: - description: downwardAPI represents downward API about - the pod that should populate this volume properties: defaultMode: - description: 'Optional: mode bits to use on created - files by default. Must be a Optional: mode bits - used to set permissions on created files by - default. Must be an octal value between 0000 - and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. - Defaults to 0644. Directories within the path - are not affected by this setting. This might - be in conflict with other options that affect - the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer items: - description: Items is a list of downward API volume - file items: - description: DownwardAPIVolumeFile represents - information to create the file containing - the pod field properties: fieldRef: - description: 'Required: Selects a field - of the pod: only annotations, labels, - name, namespace and uid are supported.' properties: apiVersion: - description: Version of the schema the - FieldPath is written in terms of, - defaults to "v1". type: string fieldPath: - description: Path of the field to select - in the specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: mode bits used to - set permissions on this file, must be - an octal value between 0000 and 0777 or - a decimal value between 0 and 511. YAML - accepts both octal and decimal values, - JSON requires decimal values for mode - bits. If not specified, the volume defaultMode - will be used. This might be in conflict - with other options that affect the file - mode, like fsGroup, and the result can - be other mode bits set.' format: int32 type: integer path: - description: 'Required: Path is the relative - path name of the file to be created. Must - not be absolute or contain the ''..'' - path. Must be utf-8 encoded. The first - item of the relative path must not start - with ''..''' type: string resourceFieldRef: - description: 'Selects a resource of the - container: only resources limits and requests - (limits.cpu, limits.memory, requests.cpu - and requests.memory) are currently supported.' properties: containerName: - description: 'Container name: required - for volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output format - of the exposed resources, defaults - to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to - select' type: string required: - resource @@ -17045,204 +6678,50 @@ spec: x-kubernetes-list-type: atomic type: object emptyDir: - description: 'emptyDir represents a temporary directory - that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' properties: medium: - description: 'medium represents what type of storage - medium should back this directory. The default - is "" which means to use the node''s default - medium. Must be an empty string (default) or - Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: anyOf: - type: integer - type: string - description: 'sizeLimit is the total amount of - local storage required for this EmptyDir volume. - The size limit is also applicable for memory - medium. The maximum usage on memory medium EmptyDir - would be the minimum value between the SizeLimit - specified here and the sum of memory limits - of all containers in a pod. The default is nil - which means that the limit is undefined. More - info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object ephemeral: - description: "ephemeral represents a volume that is - handled by a cluster storage driver. The volume's - lifecycle is tied to the pod that defines it - it - will be created before the pod starts, and deleted - when the pod is removed. \n Use this if: a) the - volume is only needed while the pod runs, b) features - of normal volumes like restoring from snapshot or - capacity tracking are needed, c) the storage driver - is specified through a storage class, and d) the - storage driver supports dynamic volume provisioning - through a PersistentVolumeClaim (see EphemeralVolumeSource - for more information on the connection between this - volume type and PersistentVolumeClaim). \n Use PersistentVolumeClaim - or one of the vendor-specific APIs for volumes that - persist for longer than the lifecycle of an individual - pod. \n Use CSI for light-weight local ephemeral - volumes if the CSI driver is meant to be used that - way - see the documentation of the driver for more - information. \n A pod can use both types of ephemeral - volumes and persistent volumes at the same time." properties: volumeClaimTemplate: - description: "Will be used to create a stand-alone - PVC to provision the volume. The pod in which - this EphemeralVolumeSource is embedded will - be the owner of the PVC, i.e. the PVC will be - deleted together with the pod. The name of - the PVC will be `-` where - `` is the name from the `PodSpec.Volumes` - array entry. Pod validation will reject the - pod if the concatenated name is not valid for - a PVC (for example, too long). \n An existing - PVC with that name that is not owned by the - pod will *not* be used for the pod to avoid - using an unrelated volume by mistake. Starting - the pod is then blocked until the unrelated - PVC is removed. If such a pre-created PVC is - meant to be used by the pod, the PVC has to - updated with an owner reference to the pod once - the pod exists. Normally this should not be - necessary, but it may be useful when manually - reconstructing a broken cluster. \n This field - is read-only and no changes will be made by - Kubernetes to the PVC after it has been created. - \n Required, must not be nil." properties: metadata: - description: May contain labels and annotations - that will be copied into the PVC when creating - it. No other fields are allowed and will - be rejected during validation. properties: annotations: additionalProperties: type: string - description: 'Annotations is an unstructured - key value map stored with a resource - that may be set by external tools to - store and retrieve arbitrary metadata. - They are not queryable and should be - preserved when modifying objects. More - info: http://kubernetes.io/docs/user-guide/annotations' type: object generateName: - description: "GenerateName is an optional - prefix, used by the server, to generate - a unique name ONLY IF the Name field - has not been provided. If this field - is used, the name returned to the client - will be different than the name passed. - This value will also be combined with - a unique suffix. The provided value - has the same validation rules as the - Name field, and may be truncated by - the length of the suffix required to - make the value unique on the server. - \n If this field is specified and the - generated name exists, the server will - NOT return a 409 - instead, it will - either return 201 Created or 500 with - Reason ServerTimeout indicating a unique - name could not be found in the time - allotted, and the client should retry - (optionally after the time indicated - in the Retry-After header). \n Applied - only if Name is not specified. More - info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" type: string labels: additionalProperties: type: string - description: 'Map of string keys and values - that can be used to organize and categorize - (scope and select) objects. May match - selectors of replication controllers - and services. More info: http://kubernetes.io/docs/user-guide/labels' type: object name: - description: 'Name must be unique within - a namespace. Is required when creating - resources, although some resources may - allow a client to request the generation - of an appropriate name automatically. - Name is primarily intended for creation - idempotence and configuration definition. - Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' type: string namespace: - description: "Namespace defines the space - within each name must be unique. An - empty namespace is equivalent to the - \"default\" namespace, but \"default\" - is the canonical representation. Not - all objects are required to be scoped - to a namespace - the value of this field - for those objects will be empty. \n - Must be a DNS_LABEL. Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/namespaces" type: string ownerReferences: - description: List of objects depended - by this object. If ALL objects in the - list have been deleted, this object - will be garbage collected. If this object - is managed by a controller, then an - entry in this list will point to this - controller, with the controller field - set to true. There cannot be more than - one managing controller. items: - description: OwnerReference contains - enough information to let you identify - an owning object. An owning object - must be in the same namespace as the - dependent, or be cluster-scoped, so - there is no namespace field. properties: apiVersion: - description: API version of the - referent. type: string blockOwnerDeletion: - description: If true, AND if the - owner has the "foregroundDeletion" - finalizer, then the owner cannot - be deleted from the key-value - store until this reference is - removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion - for how the garbage collector - interacts with this field and - enforces the foreground deletion. - Defaults to false. To set this - field, a user needs "delete" permission - of the owner, otherwise 422 (Unprocessable - Entity) will be returned. type: boolean controller: - description: If true, this reference - points to the managing controller. type: boolean kind: - description: 'Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: - description: 'UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -17254,53 +6733,19 @@ spec: type: array type: object spec: - description: The specification for the PersistentVolumeClaim. - The entire content is copied unchanged into - the PVC that gets created from this template. - The same fields as in a PersistentVolumeClaim - are also valid here. properties: accessModes: - description: 'accessModes contains the - desired access modes the volume should - have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array x-kubernetes-list-type: atomic dataSource: - description: 'dataSource field can be - used to specify either: * An existing - VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an external controller - can support the specified data source, - it will create a new volume based on - the contents of the specified data source. - When the AnyVolumeDataSource feature - gate is enabled, dataSource contents - will be copied to dataSourceRef, and - dataSourceRef contents will be copied - to dataSource when dataSourceRef.namespace - is not specified. If the namespace is - specified, then dataSourceRef will not - be copied to dataSource.' properties: apiGroup: - description: APIGroup is the group - for the resource being referenced. - If APIGroup is not specified, the - specified Kind must be in the core - API group. For any other third-party - types, APIGroup is required. type: string kind: - description: Kind is the type of resource - being referenced type: string name: - description: Name is the name of resource - being referenced type: string required: - kind @@ -17308,88 +6753,20 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef specifies - the object from which to populate the - volume with data, if a non-empty volume - is desired. This may be any object from - a non-empty API group (non core object) - or a PersistentVolumeClaim object. When - this field is specified, volume binding - will only succeed if the type of the - specified object matches some installed - volume populator or dynamic provisioner. - This field will replace the functionality - of the dataSource field and as such - if both fields are non-empty, they must - have the same value. For backwards compatibility, - when namespace isn''t specified in dataSourceRef, - both fields (dataSource and dataSourceRef) - will be set to the same value automatically - if one of them is empty and the other - is non-empty. When namespace is specified - in dataSourceRef, dataSource isn''t - set to the same value and must be empty. - There are three important differences - between dataSource and dataSourceRef: - * While dataSource only allows two specific - types of objects, dataSourceRef allows - any non-core object, as well as PersistentVolumeClaim - objects. * While dataSource ignores - disallowed values (dropping them), dataSourceRef - preserves all values, and generates - an error if a disallowed value is specified. - * While dataSource only allows local - objects, dataSourceRef allows objects - in any namespaces. (Beta) Using this - field requires the AnyVolumeDataSource - feature gate to be enabled. (Alpha) - Using the namespace field of dataSourceRef - requires the CrossNamespaceVolumeDataSource - feature gate to be enabled.' properties: apiGroup: - description: APIGroup is the group - for the resource being referenced. - If APIGroup is not specified, the - specified Kind must be in the core - API group. For any other third-party - types, APIGroup is required. type: string kind: - description: Kind is the type of resource - being referenced type: string name: - description: Name is the name of resource - being referenced type: string namespace: - description: Namespace is the namespace - of resource being referenced Note - that when a namespace is specified, - a gateway.networking.k8s.io/ReferenceGrant - object is required in the referent - namespace to allow that namespace's - owner to accept the reference. See - the ReferenceGrant documentation - for details. (Alpha) This field - requires the CrossNamespaceVolumeDataSource - feature gate to be enabled. type: string required: - kind - name type: object resources: - description: 'resources represents the - minimum resources the volume should - have. If RecoverVolumeExpansionFailure - feature is enabled users are allowed - to specify resource requirements that - are lower than previous value but must - still be higher than capacity recorded - in the status field of the claim. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: @@ -17398,9 +6775,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the - maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -17409,52 +6783,18 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the - minimum amount of compute resources - required. If Requests is omitted - for a container, it defaults to - Limits if that is explicitly specified, - otherwise to an implementation-defined - value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: - description: selector is a label query - over volumes to consider for binding. properties: matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. properties: key: - description: key is the label - key that the selector applies - to. type: string operator: - description: operator represents - a key's relationship to a - set of values. Valid operators - are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an array - of string values. If the operator - is In or NotIn, the values - array must be non-empty. If - the operator is Exists or - DoesNotExist, the values array - must be empty. This array - is replaced during a strategic - merge patch. items: type: string type: array @@ -17468,60 +6808,16 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map - of {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are - ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName is the - name of the StorageClass required by - the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeAttributesClassName: - description: 'volumeAttributesClassName - may be used to set the VolumeAttributesClass - used by this claim. If specified, the - CSI driver will create or update the - volume with the attributes defined in - the corresponding VolumeAttributesClass. - This has a different purpose than storageClassName, - it can be changed after the claim is - created. An empty string value means - that no VolumeAttributesClass will be - applied to the claim but it''s not allowed - to reset this field to empty string - once it is set. If unspecified and the - PersistentVolumeClaim is unbound, the - default VolumeAttributesClass will be - set by the persistentvolume controller - if it exists. If the resource referred - to by volumeAttributesClass does not - exist, this PersistentVolumeClaim will - be set to a Pending state, as reflected - by the modifyVolumeStatus field, until - such as a resource exists. More info: - https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires the - VolumeAttributesClass feature gate to - be enabled.' type: string volumeMode: - description: volumeMode defines what type - of volume is required by the claim. - Value of Filesystem is implied when - not included in claim spec. type: string volumeName: - description: volumeName is the binding - reference to the PersistentVolume backing - this claim. type: string type: object required: @@ -17529,91 +6825,41 @@ spec: type: object type: object fc: - description: fc represents a Fibre Channel resource - that is attached to a kubelet's host machine and - then exposed to the pod. properties: fsType: - description: 'fsType is the filesystem type to - mount. Must be a filesystem type supported by - the host operating system. Ex. "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if - unspecified. TODO: how do we prevent errors - in the filesystem from compromising the machine' type: string lun: - description: 'lun is Optional: FC target lun number' format: int32 type: integer readOnly: - description: 'readOnly is Optional: Defaults to - false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts.' type: boolean targetWWNs: - description: 'targetWWNs is Optional: FC target - worldwide names (WWNs)' items: type: string type: array x-kubernetes-list-type: atomic wwids: - description: 'wwids Optional: FC volume world - wide identifiers (wwids) Either wwids or combination - of targetWWNs and lun must be set, but not both - simultaneously.' items: type: string type: array x-kubernetes-list-type: atomic type: object flexVolume: - description: flexVolume represents a generic volume - resource that is provisioned/attached using an exec - based plugin. properties: driver: - description: driver is the name of the driver - to use for this volume. type: string fsType: - description: fsType is the filesystem type to - mount. Must be a filesystem type supported by - the host operating system. Ex. "ext4", "xfs", - "ntfs". The default filesystem depends on FlexVolume - script. type: string options: additionalProperties: type: string - description: 'options is Optional: this field - holds extra command options if any.' type: object readOnly: - description: 'readOnly is Optional: defaults to - false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts.' type: boolean secretRef: - description: 'secretRef is Optional: secretRef - is reference to the secret object containing - sensitive information to pass to the plugin - scripts. This may be empty if no secret object - is specified. If the secret object contains - more than one secret, all secrets are passed - to the plugin scripts.' properties: name: default: "" - description: 'Name of the referent. This field - is effectively required, but due to backwards - compatibility is allowed to be empty. Instances - of this type with an empty value here are - almost certainly wrong. TODO: Add other - useful fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic @@ -17621,182 +6867,79 @@ spec: - driver type: object flocker: - description: flocker represents a Flocker volume attached - to a kubelet's host machine. This depends on the - Flocker control service being running properties: datasetName: - description: datasetName is Name of the dataset - stored as metadata -> name on the dataset for - Flocker should be considered as deprecated type: string datasetUUID: - description: datasetUUID is the UUID of the dataset. - This is unique identifier of a Flocker dataset type: string type: object gcePersistentDisk: - description: 'gcePersistentDisk represents a GCE Disk - resource that is attached to a kubelet''s host machine - and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' properties: fsType: - description: 'fsType is filesystem type of the - volume that you want to mount. Tip: Ensure that - the filesystem type is supported by the host - operating system. Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem - from compromising the machine' type: string partition: - description: 'partition is the partition in the - volume that you want to mount. If omitted, the - default is to mount by volume name. Examples: - For volume /dev/sda1, you specify the partition - as "1". Similarly, the volume partition for - /dev/sda is "0" (or you can leave the property - empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' format: int32 type: integer pdName: - description: 'pdName is unique name of the PD - resource in GCE. Used to identify the disk in - GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: string readOnly: - description: 'readOnly here will force the ReadOnly - setting in VolumeMounts. Defaults to false. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: boolean required: - pdName type: object glusterfs: - description: 'glusterfs represents a Glusterfs mount - on the host that shares a pod''s lifetime. More - info: https://examples.k8s.io/volumes/glusterfs/README.md' properties: endpoints: - description: 'endpoints is the endpoint name that - details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string path: - description: 'path is the Glusterfs volume path. - More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string readOnly: - description: 'readOnly here will force the Glusterfs - volume to be mounted with read-only permissions. - Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: boolean required: - endpoints - path type: object hostPath: - description: 'hostPath represents a pre-existing file - or directory on the host machine that is directly - exposed to the container. This is generally used - for system agents or other privileged things that - are allowed to see the host machine. Most containers - will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict who can use - host directory mounts and who can/can not mount - host directories as read/write.' properties: path: - description: 'path of the directory on the host. - If the path is a symlink, it will follow the - link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string type: - description: 'type for HostPath Volume Defaults - to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string required: - path type: object iscsi: - description: 'iscsi represents an ISCSI Disk resource - that is attached to a kubelet''s host machine and - then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' properties: chapAuthDiscovery: - description: chapAuthDiscovery defines whether - support iSCSI Discovery CHAP authentication type: boolean chapAuthSession: - description: chapAuthSession defines whether support - iSCSI Session CHAP authentication type: boolean fsType: - description: 'fsType is the filesystem type of - the volume that you want to mount. Tip: Ensure - that the filesystem type is supported by the - host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if - unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem - from compromising the machine' type: string initiatorName: - description: initiatorName is the custom iSCSI - Initiator Name. If initiatorName is specified - with iscsiInterface simultaneously, new iSCSI - interface : will - be created for the connection. type: string iqn: - description: iqn is the target iSCSI Qualified - Name. type: string iscsiInterface: - description: iscsiInterface is the interface Name - that uses an iSCSI transport. Defaults to 'default' - (tcp). type: string lun: - description: lun represents iSCSI Target Lun number. format: int32 type: integer portals: - description: portals is the iSCSI Target Portal - List. The portal is either an IP or ip_addr:port - if the port is other than default (typically - TCP ports 860 and 3260). items: type: string type: array x-kubernetes-list-type: atomic readOnly: - description: readOnly here will force the ReadOnly - setting in VolumeMounts. Defaults to false. type: boolean secretRef: - description: secretRef is the CHAP Secret for - iSCSI target and initiator authentication properties: name: default: "" - description: 'Name of the referent. This field - is effectively required, but due to backwards - compatibility is allowed to be empty. Instances - of this type with an empty value here are - almost certainly wrong. TODO: Add other - useful fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic targetPortal: - description: targetPortal is iSCSI Target Portal. - The Portal is either an IP or ip_addr:port if - the port is other than default (typically TCP - ports 860 and 3260). type: string required: - iqn @@ -17804,171 +6947,68 @@ spec: - targetPortal type: object name: - description: 'name of the volume. Must be a DNS_LABEL - and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string nfs: - description: 'nfs represents an NFS mount on the host - that shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' properties: path: - description: 'path that is exported by the NFS - server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string readOnly: - description: 'readOnly here will force the NFS - export to be mounted with read-only permissions. - Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: boolean server: - description: 'server is the hostname or IP address - of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string required: - path - server type: object persistentVolumeClaim: - description: 'persistentVolumeClaimVolumeSource represents - a reference to a PersistentVolumeClaim in the same - namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: claimName: - description: 'claimName is the name of a PersistentVolumeClaim - in the same namespace as the pod using this - volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' type: string readOnly: - description: readOnly Will force the ReadOnly - setting in VolumeMounts. Default false. type: boolean required: - claimName type: object photonPersistentDisk: - description: photonPersistentDisk represents a PhotonController - persistent disk attached and mounted on kubelets - host machine properties: fsType: - description: fsType is the filesystem type to - mount. Must be a filesystem type supported by - the host operating system. Ex. "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if - unspecified. type: string pdID: - description: pdID is the ID that identifies Photon - Controller persistent disk type: string required: - pdID type: object portworxVolume: - description: portworxVolume represents a portworx - volume attached and mounted on kubelets host machine properties: fsType: - description: fSType represents the filesystem - type to mount Must be a filesystem type supported - by the host operating system. Ex. "ext4", "xfs". - Implicitly inferred to be "ext4" if unspecified. type: string readOnly: - description: readOnly defaults to false (read/write). - ReadOnly here will force the ReadOnly setting - in VolumeMounts. type: boolean volumeID: - description: volumeID uniquely identifies a Portworx - volume type: string required: - volumeID type: object projected: - description: projected items for all in one resources - secrets, configmaps, and downward API properties: defaultMode: - description: defaultMode are the mode bits used - to set permissions on created files by default. - Must be an octal value between 0000 and 0777 - or a decimal value between 0 and 511. YAML accepts - both octal and decimal values, JSON requires - decimal values for mode bits. Directories within - the path are not affected by this setting. This - might be in conflict with other options that - affect the file mode, like fsGroup, and the - result can be other mode bits set. format: int32 type: integer sources: - description: sources is the list of volume projections items: - description: Projection that may be projected - along with other supported volume types properties: clusterTrustBundle: - description: "ClusterTrustBundle allows - a pod to access the `.spec.trustBundle` - field of ClusterTrustBundle objects in - an auto-updating file. \n Alpha, gated - by the ClusterTrustBundleProjection feature - gate. \n ClusterTrustBundle objects can - either be selected by name, or by the - combination of signer name and a label - selector. \n Kubelet performs aggressive - normalization of the PEM contents written - into the pod filesystem. Esoteric PEM - features such as inter-block comments - and block headers are stripped. Certificates - are deduplicated. The ordering of certificates - within the file is arbitrary, and Kubelet - may change the order over time." properties: labelSelector: - description: Select all ClusterTrustBundles - that match this label selector. Only - has effect if signerName is set. Mutually-exclusive - with name. If unset, interpreted - as "match nothing". If set but empty, - interpreted as "match everything". properties: matchExpressions: - description: matchExpressions is - a list of label selector requirements. - The requirements are ANDed. items: - description: A label selector - requirement is a selector that - contains values, a key, and - an operator that relates the - key and values. properties: key: - description: key is the label - key that the selector applies - to. type: string operator: - description: operator represents - a key's relationship to - a set of values. Valid operators - are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an - array of string values. - If the operator is In or - NotIn, the values array - must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be - empty. This array is replaced - during a strategic merge - patch. items: type: string type: array @@ -17982,99 +7022,31 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map - of {key,value} pairs. A single - {key,value} in the matchLabels - map is equivalent to an element - of matchExpressions, whose key - field is "key", the operator is - "In", and the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic name: - description: Select a single ClusterTrustBundle - by object name. Mutually-exclusive - with signerName and labelSelector. type: string optional: - description: If true, don't block pod - startup if the referenced ClusterTrustBundle(s) - aren't available. If using name, - then the named ClusterTrustBundle - is allowed not to exist. If using - signerName, then the combination of - signerName and labelSelector is allowed - to match zero ClusterTrustBundles. type: boolean path: - description: Relative path from the - volume root to write the bundle. type: string signerName: - description: Select all ClusterTrustBundles - that match this signer name. Mutually-exclusive - with name. The contents of all selected - ClusterTrustBundles will be unified - and deduplicated. type: string required: - path type: object configMap: - description: configMap information about - the configMap data to project properties: items: - description: items if unspecified, each - key-value pair in the Data field of - the referenced ConfigMap will be projected - into the volume as a file whose name - is the key and content is the value. - If specified, the listed keys will - be projected into the specified paths, - and unlisted keys will not be present. - If a key is specified which is not - present in the ConfigMap, the volume - setup will error unless it is marked - optional. Paths must be relative and - may not contain the '..' path or start - with '..'. items: - description: Maps a string key to - a path within a volume. properties: key: - description: key is the key to - project. type: string mode: - description: 'mode is Optional: - mode bits used to set permissions - on this file. Must be an octal - value between 0000 and 0777 - or a decimal value between 0 - and 511. YAML accepts both octal - and decimal values, JSON requires - decimal values for mode bits. - If not specified, the volume - defaultMode will be used. This - might be in conflict with other - options that affect the file - mode, like fsGroup, and the - result can be other mode bits - set.' format: int32 type: integer path: - description: path is the relative - path of the file to map the - key to. May not be an absolute - path. May not contain the path - element '..'. May not start - with the string '..'. type: string required: - key @@ -18084,108 +7056,42 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value here - are almost certainly wrong. TODO: - Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional specify whether - the ConfigMap or its keys must be - defined type: boolean type: object x-kubernetes-map-type: atomic downwardAPI: - description: downwardAPI information about - the downwardAPI data to project properties: items: - description: Items is a list of DownwardAPIVolume - file items: - description: DownwardAPIVolumeFile - represents information to create - the file containing the pod field properties: fieldRef: - description: 'Required: Selects - a field of the pod: only annotations, - labels, name, namespace and - uid are supported.' properties: apiVersion: - description: Version of the - schema the FieldPath is - written in terms of, defaults - to "v1". type: string fieldPath: - description: Path of the field - to select in the specified - API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: mode bits - used to set permissions on this - file, must be an octal value - between 0000 and 0777 or a decimal - value between 0 and 511. YAML - accepts both octal and decimal - values, JSON requires decimal - values for mode bits. If not - specified, the volume defaultMode - will be used. This might be - in conflict with other options - that affect the file mode, like - fsGroup, and the result can - be other mode bits set.' format: int32 type: integer path: - description: 'Required: Path is the - relative path name of the file - to be created. Must not be absolute - or contain the ''..'' path. - Must be utf-8 encoded. The first - item of the relative path must - not start with ''..''' type: string resourceFieldRef: - description: 'Selects a resource - of the container: only resources - limits and requests (limits.cpu, - limits.memory, requests.cpu - and requests.memory) are currently - supported.' properties: containerName: - description: 'Container name: - required for volumes, optional - for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the - output format of the exposed - resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource - to select' type: string required: - resource @@ -18198,57 +7104,16 @@ spec: x-kubernetes-list-type: atomic type: object secret: - description: secret information about the - secret data to project properties: items: - description: items if unspecified, each - key-value pair in the Data field of - the referenced Secret will be projected - into the volume as a file whose name - is the key and content is the value. - If specified, the listed keys will - be projected into the specified paths, - and unlisted keys will not be present. - If a key is specified which is not - present in the Secret, the volume - setup will error unless it is marked - optional. Paths must be relative and - may not contain the '..' path or start - with '..'. items: - description: Maps a string key to - a path within a volume. properties: key: - description: key is the key to - project. type: string mode: - description: 'mode is Optional: - mode bits used to set permissions - on this file. Must be an octal - value between 0000 and 0777 - or a decimal value between 0 - and 511. YAML accepts both octal - and decimal values, JSON requires - decimal values for mode bits. - If not specified, the volume - defaultMode will be used. This - might be in conflict with other - options that affect the file - mode, like fsGroup, and the - result can be other mode bits - set.' format: int32 type: integer path: - description: path is the relative - path of the file to map the - key to. May not be an absolute - path. May not contain the path - element '..'. May not start - with the string '..'. type: string required: - key @@ -18258,56 +7123,19 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value here - are almost certainly wrong. TODO: - Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional field specify - whether the Secret or its key must - be defined type: boolean type: object x-kubernetes-map-type: atomic serviceAccountToken: - description: serviceAccountToken is information - about the serviceAccountToken data to - project properties: audience: - description: audience is the intended - audience of the token. A recipient - of a token must identify itself with - an identifier specified in the audience - of the token, and otherwise should - reject the token. The audience defaults - to the identifier of the apiserver. type: string expirationSeconds: - description: expirationSeconds is the - requested duration of validity of - the service account token. As the - token approaches expiration, the kubelet - volume plugin will proactively rotate - the service account token. The kubelet - will start trying to rotate the token - if the token is older than 80 percent - of its time to live or if the token - is older than 24 hours.Defaults to - 1 hour and must be at least 10 minutes. format: int64 type: integer path: - description: path is the path relative - to the mount point of the file to - project the token into. type: string required: - path @@ -18317,174 +7145,79 @@ spec: x-kubernetes-list-type: atomic type: object quobyte: - description: quobyte represents a Quobyte mount on - the host that shares a pod's lifetime properties: group: - description: group to map volume access to Default - is no group type: string readOnly: - description: readOnly here will force the Quobyte - volume to be mounted with read-only permissions. - Defaults to false. type: boolean registry: - description: registry represents a single or multiple - Quobyte Registry services specified as a string - as host:port pair (multiple entries are separated - with commas) which acts as the central registry - for volumes type: string tenant: - description: tenant owning the given Quobyte volume - in the Backend Used with dynamically provisioned - Quobyte volumes, value is set by the plugin type: string user: - description: user to map volume access to Defaults - to serivceaccount user type: string volume: - description: volume is a string that references - an already created Quobyte volume by name. type: string required: - registry - volume type: object rbd: - description: 'rbd represents a Rados Block Device - mount on the host that shares a pod''s lifetime. - More info: https://examples.k8s.io/volumes/rbd/README.md' properties: fsType: - description: 'fsType is the filesystem type of - the volume that you want to mount. Tip: Ensure - that the filesystem type is supported by the - host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if - unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem - from compromising the machine' type: string image: - description: 'image is the rados image name. More - info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string keyring: - description: 'keyring is the path to key ring - for RBDUser. Default is /etc/ceph/keyring. More - info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string monitors: - description: 'monitors is a collection of Ceph - monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' items: type: string type: array x-kubernetes-list-type: atomic pool: - description: 'pool is the rados pool name. Default - is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string readOnly: - description: 'readOnly here will force the ReadOnly - setting in VolumeMounts. Defaults to false. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: boolean secretRef: - description: 'secretRef is name of the authentication - secret for RBDUser. If provided overrides keyring. - Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' properties: name: default: "" - description: 'Name of the referent. This field - is effectively required, but due to backwards - compatibility is allowed to be empty. Instances - of this type with an empty value here are - almost certainly wrong. TODO: Add other - useful fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is the rados user name. Default - is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string required: - image - monitors type: object scaleIO: - description: scaleIO represents a ScaleIO persistent - volume attached and mounted on Kubernetes nodes. properties: fsType: - description: fsType is the filesystem type to - mount. Must be a filesystem type supported by - the host operating system. Ex. "ext4", "xfs", - "ntfs". Default is "xfs". type: string gateway: - description: gateway is the host address of the - ScaleIO API Gateway. type: string protectionDomain: - description: protectionDomain is the name of the - ScaleIO Protection Domain for the configured - storage. type: string readOnly: - description: readOnly Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting - in VolumeMounts. type: boolean secretRef: - description: secretRef references to the secret - for ScaleIO user and other sensitive information. - If this is not provided, Login operation will - fail. properties: name: default: "" - description: 'Name of the referent. This field - is effectively required, but due to backwards - compatibility is allowed to be empty. Instances - of this type with an empty value here are - almost certainly wrong. TODO: Add other - useful fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic sslEnabled: - description: sslEnabled Flag enable/disable SSL - communication with Gateway, default false type: boolean storageMode: - description: storageMode indicates whether the - storage for a volume should be ThickProvisioned - or ThinProvisioned. Default is ThinProvisioned. type: string storagePool: - description: storagePool is the ScaleIO Storage - Pool associated with the protection domain. type: string system: - description: system is the name of the storage - system as configured in ScaleIO. type: string volumeName: - description: volumeName is the name of a volume - already created in the ScaleIO system that is - associated with this volume source. type: string required: - gateway @@ -18492,62 +7225,19 @@ spec: - system type: object secret: - description: 'secret represents a secret that should - populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' properties: defaultMode: - description: 'defaultMode is Optional: mode bits - used to set permissions on created files by - default. Must be an octal value between 0000 - and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. - Defaults to 0644. Directories within the path - are not affected by this setting. This might - be in conflict with other options that affect - the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer items: - description: items If unspecified, each key-value - pair in the Data field of the referenced Secret - will be projected into the volume as a file - whose name is the key and content is the value. - If specified, the listed keys will be projected - into the specified paths, and unlisted keys - will not be present. If a key is specified which - is not present in the Secret, the volume setup - will error unless it is marked optional. Paths - must be relative and may not contain the '..' - path or start with '..'. items: - description: Maps a string key to a path within - a volume. properties: key: - description: key is the key to project. type: string mode: - description: 'mode is Optional: mode bits - used to set permissions on this file. - Must be an octal value between 0000 and - 0777 or a decimal value between 0 and - 511. YAML accepts both octal and decimal - values, JSON requires decimal values for - mode bits. If not specified, the volume - defaultMode will be used. This might be - in conflict with other options that affect - the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer path: - description: path is the relative path of - the file to map the key to. May not be - an absolute path. May not contain the - path element '..'. May not start with - the string '..'. type: string required: - key @@ -18556,89 +7246,37 @@ spec: type: array x-kubernetes-list-type: atomic optional: - description: optional field specify whether the - Secret or its keys must be defined type: boolean secretName: - description: 'secretName is the name of the secret - in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' type: string type: object storageos: - description: storageOS represents a StorageOS volume - attached and mounted on Kubernetes nodes. properties: fsType: - description: fsType is the filesystem type to - mount. Must be a filesystem type supported by - the host operating system. Ex. "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if - unspecified. type: string readOnly: - description: readOnly defaults to false (read/write). - ReadOnly here will force the ReadOnly setting - in VolumeMounts. type: boolean secretRef: - description: secretRef specifies the secret to - use for obtaining the StorageOS API credentials. If - not specified, default values will be attempted. properties: name: default: "" - description: 'Name of the referent. This field - is effectively required, but due to backwards - compatibility is allowed to be empty. Instances - of this type with an empty value here are - almost certainly wrong. TODO: Add other - useful fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic volumeName: - description: volumeName is the human-readable - name of the StorageOS volume. Volume names - are only unique within a namespace. type: string volumeNamespace: - description: volumeNamespace specifies the scope - of the volume within StorageOS. If no namespace - is specified then the Pod's namespace will be - used. This allows the Kubernetes name scoping - to be mirrored within StorageOS for tighter - integration. Set VolumeName to any name to override - the default behaviour. Set to "default" if you - are not using namespaces within StorageOS. Namespaces - that do not pre-exist within StorageOS will - be created. type: string type: object vsphereVolume: - description: vsphereVolume represents a vSphere volume - attached and mounted on kubelets host machine properties: fsType: - description: fsType is filesystem type to mount. - Must be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified. type: string storagePolicyID: - description: storagePolicyID is the storage Policy - Based Management (SPBM) profile ID associated - with the StoragePolicyName. type: string storagePolicyName: - description: storagePolicyName is the storage - Policy Based Management (SPBM) profile name. type: string volumePath: - description: volumePath is the path that identifies - vSphere volume vmdk type: string required: - volumePath @@ -18650,197 +7288,93 @@ spec: type: object type: array preRestore: - description: PreRestore specifies a list of hooks that will be - executed before restore items: - description: HookInfo specifies the information about the backup/restore - hooks properties: executionPolicy: default: Always - description: 'ExecutionPolicy specifies when to execute - the hook. Valid values are: - "Always": KubeStash will - execute this hook no matter the backup/restore failed. - This is the default execution policy. - "OnSuccess": KubeStash - will execute this hook only if the backup/restore has - succeeded. - "OnFailure": KubeStash will execute this - hook only if the backup/restore has failed.' enum: - Always - OnSuccess - OnFailure type: string hookTemplate: - description: HookTemplate points to a HookTemplate CR that - will be used to execute the hook. You can refer to a HookTemplate - from other namespaces as long as your current namespace - is allowed by the `usagePolicy` in the respective HookTemplate. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string required: - name type: object maxRetry: - description: MaxRetry specifies how many times KubeStash - should retry the hook execution in case of failure. The - default value of this field is 0 which means no retry. format: int32 minimum: 0 type: integer name: - description: Name specifies a name for the hook type: string params: - description: Params specifies parameters for the hook. You - must provide the parameter in the HookTemplates desired - structure. type: object x-kubernetes-preserve-unknown-fields: true runtimeSettings: - description: RuntimeSettings specifies runtime configurations - for the hook executor Job. Use this field only for `Function` - type hook executor. properties: container: properties: env: - description: List of environment variables to set - in the container. Cannot be updated. items: - description: EnvVar represents an environment - variable present in a Container. properties: name: - description: Name of the environment variable. - Must be a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) - are expanded using the previously defined - environment variables in the container and - any service environment variables. If a - variable cannot be resolved, the reference - in the input string will be unchanged. Double - $$ are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal - "$(VAR_NAME)". Escaped references will never - be expanded, regardless of whether the variable - exists or not. Defaults to "".' type: string valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. properties: configMapKeyRef: - description: Selects a key of a ConfigMap. properties: key: - description: The key to select. type: string name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the ConfigMap - or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of the pod: - supports metadata.name, metadata.namespace, - `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, status.podIPs.' properties: apiVersion: - description: Version of the schema - the FieldPath is written in terms - of, defaults to "v1". type: string fieldPath: - description: Path of the field to - select in the specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource of the - container: only resources limits and - requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' properties: containerName: - description: 'Container name: required - for volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output - format of the exposed resources, - defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to - select' type: string required: - resource type: object x-kubernetes-map-type: atomic secretKeyRef: - description: Selects a key of a secret - in the pod's namespace properties: key: - description: The key of the secret - to select from. Must be a valid - secret key. type: string name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value - here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` - when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the Secret - or its key must be defined type: boolean required: - key @@ -18852,74 +7386,31 @@ spec: type: object type: array envFrom: - description: List of sources to populate environment - variables in the container. The keys defined within - a source must be a C_IDENTIFIER. All invalid keys - will be reported as an event when the container - is starting. When a key exists in multiple sources, - the value associated with the last source will - take precedence. Values defined by an Env with - a duplicate key will take precedence. Cannot be - updated. items: - description: EnvFromSource represents the source - of a set of ConfigMaps properties: configMapRef: - description: The ConfigMap to select from properties: name: default: "" - description: 'Name of the referent. This - field is effectively required, but due - to backwards compatibility is allowed - to be empty. Instances of this type - with an empty value here are almost - certainly wrong. TODO: Add other useful - fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the ConfigMap - must be defined type: boolean type: object x-kubernetes-map-type: atomic prefix: - description: An optional identifier to prepend - to each key in the ConfigMap. Must be a - C_IDENTIFIER. type: string secretRef: - description: The Secret to select from properties: name: default: "" - description: 'Name of the referent. This - field is effectively required, but due - to backwards compatibility is allowed - to be empty. Instances of this type - with an empty value here are almost - certainly wrong. TODO: Add other useful - fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the Secret - must be defined type: boolean type: object x-kubernetes-map-type: atomic type: object type: array ionice: - description: 'Settings to configure `ionice` to - throttle the load on disk. More info: http://kennystechtalk.blogspot.com/2015/04/throttling-cpu-usage-with-linux-cgroups.html - More info: https://oakbytes.wordpress.com/2012/06/06/linux-scheduler-cfs-and-nice/' properties: class: format: int32 @@ -18929,68 +7420,27 @@ spec: type: integer type: object lifecycle: - description: Actions that the management system - should take in response to container lifecycle - events. Cannot be updated. properties: postStart: - description: 'PostStart is called immediately - after a container is created. If the handler - fails, the container is terminated and restarted - according to its restart policy. Other management - of the container blocks until the hook completes. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: Exec specifies the action to - take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it is - not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to - explicitly call out to that shell. - Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the http - request to perform. properties: host: - description: Host name to connect to, - defaults to the pod IP. You probably - want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers to set in - the request. HTTP allows repeated - headers. items: - description: HTTPHeader describes - a custom header to be used in HTTP - probes properties: name: - description: The header field - name. This will be canonicalized - upon output, so case-variant - names will be understood as - the same header. type: string value: - description: The header field - value type: string required: - name @@ -18999,129 +7449,58 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the HTTP - server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. type: string required: - port type: object sleep: - description: Sleep represents the duration - that the container should sleep before - being terminated. properties: seconds: - description: Seconds is the number of - seconds to sleep. format: int64 type: integer required: - seconds type: object tcpSocket: - description: Deprecated. TCPSocket is NOT - supported as a LifecycleHandler and kept - for the backward compatibility. There - are no validation of this field and lifecycle - hooks will fail in runtime when tcp handler - is specified. properties: host: - description: 'Optional: Host name to - connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: - description: 'PreStop is called immediately - before a container is terminated due to an - API request or management event such as liveness/startup - probe failure, preemption, resource contention, - etc. The handler is not called if the container - crashes or exits. The Pod''s termination grace - period countdown begins before the PreStop - hook is executed. Regardless of the outcome - of the handler, the container will eventually - terminate within the Pod''s termination grace - period (unless delayed by finalizers). Other - management of the container blocks until the - hook completes or until the termination grace - period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: Exec specifies the action to - take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it is - not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to - explicitly call out to that shell. - Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the http - request to perform. properties: host: - description: Host name to connect to, - defaults to the pod IP. You probably - want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers to set in - the request. HTTP allows repeated - headers. items: - description: HTTPHeader describes - a custom header to be used in HTTP - probes properties: name: - description: The header field - name. This will be canonicalized - upon output, so case-variant - names will be understood as - the same header. type: string value: - description: The header field - value type: string required: - name @@ -19130,58 +7509,33 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the HTTP - server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. type: string required: - port type: object sleep: - description: Sleep represents the duration - that the container should sleep before - being terminated. properties: seconds: - description: Seconds is the number of - seconds to sleep. format: int64 type: integer required: - seconds type: object tcpSocket: - description: Deprecated. TCPSocket is NOT - supported as a LifecycleHandler and kept - for the backward compatibility. There - are no validation of this field and lifecycle - hooks will fail in runtime when tcp handler - is specified. properties: host: - description: 'Optional: Host name to - connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -19189,79 +7543,38 @@ spec: type: object type: object livenessProbe: - description: 'Periodic probe of container liveness. - Container will be restarted if the probe fails. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line - to execute inside the container, the working - directory for the command is root ('/') - in the container's filesystem. The command - is simply exec'd, it is not run inside - a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, - you need to explicitly call out to that - shell. Exit status of 0 is treated as - live/healthy and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive failures for - the probe to be considered failed after having - succeeded. Defaults to 3. Minimum value is - 1. format: int32 type: integer grpc: - description: GRPC specifies an action involving - a GRPC port. properties: port: - description: Port number of the gRPC service. - Number must be in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name of the - service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default - behavior is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request - to perform. properties: host: - description: Host name to connect to, defaults - to the pod IP. You probably want to set - "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the - request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom - header to be used in HTTP probes properties: name: - description: The header field name. - This will be canonicalized upon - output, so case-variant names will - be understood as the same header. type: string value: - description: The header field value type: string required: - name @@ -19270,175 +7583,84 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the HTTP - server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container - has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform - the probe. Default to 10 seconds. Minimum - value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for - the probe to be considered successful after - having failed. Defaults to 1. Must be 1 for - liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving - a TCP port. properties: host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds the - pod needs to terminate gracefully upon probe - failure. The grace period is the duration - in seconds after the processes running in - the pod are sent a termination signal and - the time when the processes are forcibly halted - with a kill signal. Set this value longer - than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this value overrides - the value provided by the pod spec. Value - must be non-negative integer. The value zero - indicates stop immediately via the kill signal - (no opportunity to shut down). This is a beta - field and requires enabling ProbeTerminationGracePeriod - feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which - the probe times out. Defaults to 1 second. - Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object nice: - description: 'Settings to configure `nice` to throttle - the load on cpu. More info: http://kennystechtalk.blogspot.com/2015/04/throttling-cpu-usage-with-linux-cgroups.html - More info: https://oakbytes.wordpress.com/2012/06/06/linux-scheduler-cfs-and-nice/' properties: adjustment: format: int32 type: integer type: object readinessProbe: - description: 'Periodic probe of container service - readiness. Container will be removed from service - endpoints if the probe fails. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line - to execute inside the container, the working - directory for the command is root ('/') - in the container's filesystem. The command - is simply exec'd, it is not run inside - a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, - you need to explicitly call out to that - shell. Exit status of 0 is treated as - live/healthy and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive failures for - the probe to be considered failed after having - succeeded. Defaults to 3. Minimum value is - 1. format: int32 type: integer grpc: - description: GRPC specifies an action involving - a GRPC port. properties: port: - description: Port number of the gRPC service. - Number must be in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name of the - service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default - behavior is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request - to perform. properties: host: - description: Host name to connect to, defaults - to the pod IP. You probably want to set - "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the - request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom - header to be used in HTTP probes properties: name: - description: The header field name. - This will be canonicalized upon - output, so case-variant names will - be understood as the same header. type: string value: - description: The header field value type: string required: - name @@ -19447,112 +7669,51 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the HTTP - server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container - has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform - the probe. Default to 10 seconds. Minimum - value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for - the probe to be considered successful after - having failed. Defaults to 1. Must be 1 for - liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving - a TCP port. properties: host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds the - pod needs to terminate gracefully upon probe - failure. The grace period is the duration - in seconds after the processes running in - the pod are sent a termination signal and - the time when the processes are forcibly halted - with a kill signal. Set this value longer - than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this value overrides - the value provided by the pod spec. Value - must be non-negative integer. The value zero - indicates stop immediately via the kill signal - (no opportunity to shut down). This is a beta - field and requires enabling ProbeTerminationGracePeriod - feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which - the probe times out. Defaults to 1 second. - Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object resources: - description: 'Compute Resources required by container. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' properties: claims: - description: "Claims lists the names of resources, - defined in spec.resourceClaims, that are used - by this container. \n This is an alpha field - and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. - It can only be set for containers." items: - description: ResourceClaim references one - entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name - of one entry in pod.spec.resourceClaims - of the Pod where this field is used. - It makes that resource available inside - a container. type: string required: - name @@ -19568,8 +7729,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount - of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -19578,231 +7737,77 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum - amount of compute resources required. If Requests - is omitted for a container, it defaults to - Limits if that is explicitly specified, otherwise - to an implementation-defined value. Requests - cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: - description: 'Security options the pod should run - with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls - whether a process can gain more privileges - than its parent process. This bool directly - controls if the no_new_privs flag will be - set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run - as Privileged 2) has CAP_SYS_ADMIN Note that - this field cannot be set when spec.os.name - is windows.' type: boolean appArmorProfile: - description: appArmorProfile is the AppArmor - options to use by this container. If set, - this profile overrides the pod's appArmorProfile. - Note that this field cannot be set when spec.os.name - is windows. properties: localhostProfile: - description: localhostProfile indicates - a profile loaded on the node that should - be used. The profile must be preconfigured - on the node to work. Must match the loaded - name of the profile. Must be set if and - only if type is "Localhost". type: string type: - description: 'type indicates which kind - of AppArmor profile will be applied. Valid - options are: Localhost - a profile pre-loaded - on the node. RuntimeDefault - the container - runtime''s default profile. Unconfined - - no AppArmor enforcement.' type: string required: - type type: object capabilities: - description: The capabilities to add/drop when - running containers. Defaults to the default - set of capabilities granted by the container - runtime. Note that this field cannot be set - when spec.os.name is windows. properties: add: - description: Added capabilities items: - description: Capability represent POSIX - capabilities type type: string type: array x-kubernetes-list-type: atomic drop: - description: Removed capabilities items: - description: Capability represent POSIX - capabilities type type: string type: array x-kubernetes-list-type: atomic type: object privileged: - description: Run container in privileged mode. - Processes in privileged containers are essentially - equivalent to root on the host. Defaults to - false. Note that this field cannot be set - when spec.os.name is windows. type: boolean procMount: - description: procMount denotes the type of proc - mount to use for the containers. The default - is DefaultProcMount which uses the container - runtime defaults for readonly paths and masked - paths. This requires the ProcMountType feature - flag to be enabled. Note that this field cannot - be set when spec.os.name is windows. type: string readOnlyRootFilesystem: - description: Whether this container has a read-only - root filesystem. Default is false. Note that - this field cannot be set when spec.os.name - is windows. type: boolean runAsGroup: - description: The GID to run the entrypoint of - the container process. Uses runtime default - if unset. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes - precedence. Note that this field cannot be - set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: - description: Indicates that the container must - run as a non-root user. If true, the Kubelet - will validate the image at runtime to ensure - that it does not run as UID 0 (root) and fail - to start the container if it does. If unset - or false, no such validation will be performed. - May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes - precedence. type: boolean runAsUser: - description: The UID to run the entrypoint of - the container process. Defaults to user specified - in image metadata if unspecified. May also - be set in PodSecurityContext. If set in both - SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name - is windows. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be applied - to the container. If unspecified, the container - runtime will allocate a random SELinux context - for each container. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes - precedence. Note that this field cannot be - set when spec.os.name is windows. properties: level: - description: Level is SELinux level label - that applies to the container. type: string role: - description: Role is a SELinux role label - that applies to the container. type: string type: - description: Type is a SELinux type label - that applies to the container. type: string user: - description: User is a SELinux user label - that applies to the container. type: string type: object seccompProfile: - description: The seccomp options to use by this - container. If seccomp options are provided - at both the pod & container level, the container - options override the pod options. Note that - this field cannot be set when spec.os.name - is windows. properties: localhostProfile: - description: localhostProfile indicates - a profile defined in a file on the node - should be used. The profile must be preconfigured - on the node to work. Must be a descending - path, relative to the kubelet's configured - seccomp profile location. Must be set - if type is "Localhost". Must NOT be set - for any other type. type: string type: - description: "type indicates which kind - of seccomp profile will be applied. Valid - options are: \n Localhost - a profile - defined in a file on the node should be - used. RuntimeDefault - the container runtime - default profile should be used. Unconfined - - no profile should be applied." type: string required: - type type: object windowsOptions: - description: The Windows specific settings applied - to all containers. If unspecified, the options - from the PodSecurityContext will be used. - If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes - precedence. Note that this field cannot be - set when spec.os.name is linux. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is where - the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential - spec named by the GMSACredentialSpecName - field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName is the - name of the GMSA credential spec to use. type: string hostProcess: - description: HostProcess determines if a - container should be run as a 'Host Process' - container. All of a Pod's containers must - have the same effective HostProcess value - (it is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). - In addition, if HostProcess is true then - HostNetwork must also be set to true. type: boolean runAsUserName: - description: The UserName in Windows to - run the entrypoint of the container process. - Defaults to the user specified in image - metadata if unspecified. May also be set - in PodSecurityContext. If set in both - SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. type: string type: object type: object @@ -19810,80 +7815,22 @@ spec: pod: properties: affinity: - description: If specified, the pod's scheduling - constraints properties: nodeAffinity: - description: Describes node affinity scheduling - rules for the pod. properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to - schedule pods to nodes that satisfy the - affinity expressions specified by this - field, but it may choose a node that violates - one or more of the expressions. The node - that is most preferred is the one with - the greatest sum of weights, i.e. for - each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a - sum by iterating through the elements - of this field and adding "weight" to the - sum if the node matches the corresponding - matchExpressions; the node(s) with the - highest sum are the most preferred. items: - description: An empty preferred scheduling - term matches all objects with implicit - weight 0 (i.e. it's a no-op). A null - preferred scheduling term matches no - objects (i.e. is also a no-op). properties: preference: - description: A node selector term, - associated with the corresponding - weight. properties: matchExpressions: - description: A list of node selector - requirements by node's labels. items: - description: A node selector - requirement is a selector - that contains values, a key, - and an operator that relates - the key and values. properties: key: - description: The label key - that the selector applies - to. type: string operator: - description: Represents - a key's relationship to - a set of values. Valid - operators are In, NotIn, - Exists, DoesNotExist. - Gt, and Lt. type: string values: - description: An array of - string values. If the - operator is In or NotIn, - the values array must - be non-empty. If the operator - is Exists or DoesNotExist, - the values array must - be empty. If the operator - is Gt or Lt, the values - array must have a single - element, which will be - interpreted as an integer. - This array is replaced - during a strategic merge - patch. items: type: string type: array @@ -19895,44 +7842,13 @@ spec: type: array x-kubernetes-list-type: atomic matchFields: - description: A list of node selector - requirements by node's fields. items: - description: A node selector - requirement is a selector - that contains values, a key, - and an operator that relates - the key and values. properties: key: - description: The label key - that the selector applies - to. type: string operator: - description: Represents - a key's relationship to - a set of values. Valid - operators are In, NotIn, - Exists, DoesNotExist. - Gt, and Lt. type: string values: - description: An array of - string values. If the - operator is In or NotIn, - the values array must - be non-empty. If the operator - is Exists or DoesNotExist, - the values array must - be empty. If the operator - is Gt or Lt, the values - array must have a single - element, which will be - interpreted as an integer. - This array is replaced - during a strategic merge - patch. items: type: string type: array @@ -19946,9 +7862,6 @@ spec: type: object x-kubernetes-map-type: atomic weight: - description: Weight associated with - matching the corresponding nodeSelectorTerm, - in the range 1-100. format: int32 type: integer required: @@ -19958,65 +7871,18 @@ spec: type: array x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements - specified by this field are not met at - scheduling time, the pod will not be scheduled - onto the node. If the affinity requirements - specified by this field cease to be met - at some point during pod execution (e.g. - due to an update), the system may or may - not try to eventually evict the pod from - its node. properties: nodeSelectorTerms: - description: Required. A list of node - selector terms. The terms are ORed. items: - description: A null or empty node - selector term matches no objects. - The requirements of them are ANDed. - The TopologySelectorTerm type implements - a subset of the NodeSelectorTerm. properties: matchExpressions: - description: A list of node selector - requirements by node's labels. items: - description: A node selector - requirement is a selector - that contains values, a key, - and an operator that relates - the key and values. properties: key: - description: The label key - that the selector applies - to. type: string operator: - description: Represents - a key's relationship to - a set of values. Valid - operators are In, NotIn, - Exists, DoesNotExist. - Gt, and Lt. type: string values: - description: An array of - string values. If the - operator is In or NotIn, - the values array must - be non-empty. If the operator - is Exists or DoesNotExist, - the values array must - be empty. If the operator - is Gt or Lt, the values - array must have a single - element, which will be - interpreted as an integer. - This array is replaced - during a strategic merge - patch. items: type: string type: array @@ -20028,44 +7894,13 @@ spec: type: array x-kubernetes-list-type: atomic matchFields: - description: A list of node selector - requirements by node's fields. items: - description: A node selector - requirement is a selector - that contains values, a key, - and an operator that relates - the key and values. properties: key: - description: The label key - that the selector applies - to. type: string operator: - description: Represents - a key's relationship to - a set of values. Valid - operators are In, NotIn, - Exists, DoesNotExist. - Gt, and Lt. type: string values: - description: An array of - string values. If the - operator is In or NotIn, - the values array must - be non-empty. If the operator - is Exists or DoesNotExist, - the values array must - be empty. If the operator - is Gt or Lt, the values - array must have a single - element, which will be - interpreted as an integer. - This array is replaced - during a strategic merge - patch. items: type: string type: array @@ -20086,87 +7921,22 @@ spec: x-kubernetes-map-type: atomic type: object podAffinity: - description: Describes pod affinity scheduling - rules (e.g. co-locate this pod in the same - node, zone, etc. as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to - schedule pods to nodes that satisfy the - affinity expressions specified by this - field, but it may choose a node that violates - one or more of the expressions. The node - that is most preferred is the one with - the greatest sum of weights, i.e. for - each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a - sum by iterating through the elements - of this field and adding "weight" to the - sum if the node has pods which matches - the corresponding podAffinityTerm; the - node(s) with the highest sum are the most - preferred. items: - description: The weights of all of the - matched WeightedPodAffinityTerm fields - are added per-node to find the most - preferred node(s) properties: podAffinityTerm: - description: Required. A pod affinity - term, associated with the corresponding - weight. properties: labelSelector: - description: A label query over - a set of resources, in this - case pods. If it's null, this - PodAffinityTerm matches with - no Pods. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key and - values. properties: key: - description: key is - the label key that - the selector applies - to. type: string operator: - description: operator - represents a key's - relationship to a - set of values. Valid - operators are In, - NotIn, Exists and - DoesNotExist. type: string values: - description: values - is an array of string - values. If the operator - is In or NotIn, the - values array must - be non-empty. If the - operator is Exists - or DoesNotExist, the - values array must - be empty. This array - is replaced during - a strategic merge - patch. items: type: string type: array @@ -20180,129 +7950,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in - the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is - a set of pod label keys to select - which pods will be taken into - consideration. The keys are - used to lookup values from the - incoming pod labels, those key-value - labels are merged with `labelSelector` - as `key in (value)` to select - the group of existing pods which - pods will be taken into consideration - for the incoming pod's pod (anti) - affinity. Keys that don't exist - in the incoming pod labels will - be ignored. The default value - is empty. The same key is forbidden - to exist in both matchLabelKeys - and labelSelector. Also, matchLabelKeys - cannot be set when labelSelector - isn't set. This is an alpha - field and requires enabling - MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys - is a set of pod label keys to - select which pods will be taken - into consideration. The keys - are used to lookup values from - the incoming pod labels, those - key-value labels are merged - with `labelSelector` as `key - notin (value)` to select the - group of existing pods which - pods will be taken into consideration - for the incoming pod's pod (anti) - affinity. Keys that don't exist - in the incoming pod labels will - be ignored. The default value - is empty. The same key is forbidden - to exist in both mismatchLabelKeys - and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector - isn't set. This is an alpha - field and requires enabling - MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over - the set of namespaces that the - term applies to. The term is - applied to the union of the - namespaces selected by this - field and the ones listed in - the namespaces field. null selector - and null or empty namespaces - list means "this pod's namespace". - An empty selector ({}) matches - all namespaces. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key and - values. properties: key: - description: key is - the label key that - the selector applies - to. type: string operator: - description: operator - represents a key's - relationship to a - set of values. Valid - operators are In, - NotIn, Exists and - DoesNotExist. type: string values: - description: values - is an array of string - values. If the operator - is In or NotIn, the - values array must - be non-empty. If the - operator is Exists - or DoesNotExist, the - values array must - be empty. This array - is replaced during - a strategic merge - patch. items: type: string type: array @@ -20316,55 +7986,20 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in - the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies - a static list of namespace names - that the term applies to. The - term is applied to the union - of the namespaces listed in - this field and the ones selected - by namespaceSelector. null or - empty namespaces list and null - namespaceSelector means "this - pod's namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: - description: This pod should be - co-located (affinity) or not - co-located (anti-affinity) with - the pods matching the labelSelector - in the specified namespaces, - where co-located is defined - as running on a node whose value - of the label with key topologyKey - matches that of any node on - which any of the selected pods - is running. Empty topologyKey - is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with - matching the corresponding podAffinityTerm, - in the range 1-100. format: int32 type: integer required: @@ -20374,72 +8009,18 @@ spec: type: array x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements - specified by this field are not met at - scheduling time, the pod will not be scheduled - onto the node. If the affinity requirements - specified by this field cease to be met - at some point during pod execution (e.g. - due to a pod label update), the system - may or may not try to eventually evict - the pod from its node. When there are - multiple elements, the lists of nodes - corresponding to each podAffinityTerm - are intersected, i.e. all terms must be - satisfied. items: - description: Defines a set of pods (namely - those matching the labelSelector relative - to the given namespace(s)) that this - pod should be co-located (affinity) - or not co-located (anti-affinity) with, - where co-located is defined as running - on a node whose value of the label with - key matches that of any - node on which a pod of the set of pods - is running properties: labelSelector: - description: A label query over a - set of resources, in this case pods. - If it's null, this PodAffinityTerm - matches with no Pods. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, a key, - and an operator that relates - the key and values. properties: key: - description: key is the - label key that the selector - applies to. type: string operator: - description: operator represents - a key's relationship to - a set of values. Valid - operators are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values is an - array of string values. - If the operator is In - or NotIn, the values array - must be non-empty. If - the operator is Exists - or DoesNotExist, the values - array must be empty. This - array is replaced during - a strategic merge patch. items: type: string type: array @@ -20453,115 +8034,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a - map of {key,value} pairs. A - single {key,value} in the matchLabels - map is equivalent to an element - of matchExpressions, whose key - field is "key", the operator - is "In", and the values array - contains only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set - of pod label keys to select which - pods will be taken into consideration. - The keys are used to lookup values - from the incoming pod labels, those - key-value labels are merged with - `labelSelector` as `key in (value)` - to select the group of existing - pods which pods will be taken into - consideration for the incoming pod's - pod (anti) affinity. Keys that don't - exist in the incoming pod labels - will be ignored. The default value - is empty. The same key is forbidden - to exist in both matchLabelKeys - and labelSelector. Also, matchLabelKeys - cannot be set when labelSelector - isn't set. This is an alpha field - and requires enabling MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys is - a set of pod label keys to select - which pods will be taken into consideration. - The keys are used to lookup values - from the incoming pod labels, those - key-value labels are merged with - `labelSelector` as `key notin (value)` - to select the group of existing - pods which pods will be taken into - consideration for the incoming pod's - pod (anti) affinity. Keys that don't - exist in the incoming pod labels - will be ignored. The default value - is empty. The same key is forbidden - to exist in both mismatchLabelKeys - and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector - isn't set. This is an alpha field - and requires enabling MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the - set of namespaces that the term - applies to. The term is applied - to the union of the namespaces selected - by this field and the ones listed - in the namespaces field. null selector - and null or empty namespaces list - means "this pod's namespace". An - empty selector ({}) matches all - namespaces. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, a key, - and an operator that relates - the key and values. properties: key: - description: key is the - label key that the selector - applies to. type: string operator: - description: operator represents - a key's relationship to - a set of values. Valid - operators are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values is an - array of string values. - If the operator is In - or NotIn, the values array - must be non-empty. If - the operator is Exists - or DoesNotExist, the values - array must be empty. This - array is replaced during - a strategic merge patch. items: type: string type: array @@ -20575,43 +8070,15 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a - map of {key,value} pairs. A - single {key,value} in the matchLabels - map is equivalent to an element - of matchExpressions, whose key - field is "key", the operator - is "In", and the values array - contains only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies - a static list of namespace names - that the term applies to. The term - is applied to the union of the namespaces - listed in this field and the ones - selected by namespaceSelector. null - or empty namespaces list and null - namespaceSelector means "this pod's - namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: - description: This pod should be co-located - (affinity) or not co-located (anti-affinity) - with the pods matching the labelSelector - in the specified namespaces, where - co-located is defined as running - on a node whose value of the label - with key topologyKey matches that - of any node on which any of the - selected pods is running. Empty - topologyKey is not allowed. type: string required: - topologyKey @@ -20620,87 +8087,22 @@ spec: x-kubernetes-list-type: atomic type: object podAntiAffinity: - description: Describes pod anti-affinity scheduling - rules (e.g. avoid putting this pod in the - same node, zone, etc. as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to - schedule pods to nodes that satisfy the - anti-affinity expressions specified by - this field, but it may choose a node that - violates one or more of the expressions. - The node that is most preferred is the - one with the greatest sum of weights, - i.e. for each node that meets all of the - scheduling requirements (resource request, - requiredDuringScheduling anti-affinity - expressions, etc.), compute a sum by iterating - through the elements of this field and - adding "weight" to the sum if the node - has pods which matches the corresponding - podAffinityTerm; the node(s) with the - highest sum are the most preferred. items: - description: The weights of all of the - matched WeightedPodAffinityTerm fields - are added per-node to find the most - preferred node(s) properties: podAffinityTerm: - description: Required. A pod affinity - term, associated with the corresponding - weight. properties: labelSelector: - description: A label query over - a set of resources, in this - case pods. If it's null, this - PodAffinityTerm matches with - no Pods. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key and - values. properties: key: - description: key is - the label key that - the selector applies - to. type: string operator: - description: operator - represents a key's - relationship to a - set of values. Valid - operators are In, - NotIn, Exists and - DoesNotExist. type: string values: - description: values - is an array of string - values. If the operator - is In or NotIn, the - values array must - be non-empty. If the - operator is Exists - or DoesNotExist, the - values array must - be empty. This array - is replaced during - a strategic merge - patch. items: type: string type: array @@ -20714,129 +8116,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in - the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is - a set of pod label keys to select - which pods will be taken into - consideration. The keys are - used to lookup values from the - incoming pod labels, those key-value - labels are merged with `labelSelector` - as `key in (value)` to select - the group of existing pods which - pods will be taken into consideration - for the incoming pod's pod (anti) - affinity. Keys that don't exist - in the incoming pod labels will - be ignored. The default value - is empty. The same key is forbidden - to exist in both matchLabelKeys - and labelSelector. Also, matchLabelKeys - cannot be set when labelSelector - isn't set. This is an alpha - field and requires enabling - MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys - is a set of pod label keys to - select which pods will be taken - into consideration. The keys - are used to lookup values from - the incoming pod labels, those - key-value labels are merged - with `labelSelector` as `key - notin (value)` to select the - group of existing pods which - pods will be taken into consideration - for the incoming pod's pod (anti) - affinity. Keys that don't exist - in the incoming pod labels will - be ignored. The default value - is empty. The same key is forbidden - to exist in both mismatchLabelKeys - and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector - isn't set. This is an alpha - field and requires enabling - MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over - the set of namespaces that the - term applies to. The term is - applied to the union of the - namespaces selected by this - field and the ones listed in - the namespaces field. null selector - and null or empty namespaces - list means "this pod's namespace". - An empty selector ({}) matches - all namespaces. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key and - values. properties: key: - description: key is - the label key that - the selector applies - to. type: string operator: - description: operator - represents a key's - relationship to a - set of values. Valid - operators are In, - NotIn, Exists and - DoesNotExist. type: string values: - description: values - is an array of string - values. If the operator - is In or NotIn, the - values array must - be non-empty. If the - operator is Exists - or DoesNotExist, the - values array must - be empty. This array - is replaced during - a strategic merge - patch. items: type: string type: array @@ -20850,55 +8152,20 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in - the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies - a static list of namespace names - that the term applies to. The - term is applied to the union - of the namespaces listed in - this field and the ones selected - by namespaceSelector. null or - empty namespaces list and null - namespaceSelector means "this - pod's namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: - description: This pod should be - co-located (affinity) or not - co-located (anti-affinity) with - the pods matching the labelSelector - in the specified namespaces, - where co-located is defined - as running on a node whose value - of the label with key topologyKey - matches that of any node on - which any of the selected pods - is running. Empty topologyKey - is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with - matching the corresponding podAffinityTerm, - in the range 1-100. format: int32 type: integer required: @@ -20908,72 +8175,18 @@ spec: type: array x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements - specified by this field are not met at - scheduling time, the pod will not be scheduled - onto the node. If the anti-affinity requirements - specified by this field cease to be met - at some point during pod execution (e.g. - due to a pod label update), the system - may or may not try to eventually evict - the pod from its node. When there are - multiple elements, the lists of nodes - corresponding to each podAffinityTerm - are intersected, i.e. all terms must be - satisfied. items: - description: Defines a set of pods (namely - those matching the labelSelector relative - to the given namespace(s)) that this - pod should be co-located (affinity) - or not co-located (anti-affinity) with, - where co-located is defined as running - on a node whose value of the label with - key matches that of any - node on which a pod of the set of pods - is running properties: labelSelector: - description: A label query over a - set of resources, in this case pods. - If it's null, this PodAffinityTerm - matches with no Pods. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, a key, - and an operator that relates - the key and values. properties: key: - description: key is the - label key that the selector - applies to. type: string operator: - description: operator represents - a key's relationship to - a set of values. Valid - operators are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values is an - array of string values. - If the operator is In - or NotIn, the values array - must be non-empty. If - the operator is Exists - or DoesNotExist, the values - array must be empty. This - array is replaced during - a strategic merge patch. items: type: string type: array @@ -20987,115 +8200,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a - map of {key,value} pairs. A - single {key,value} in the matchLabels - map is equivalent to an element - of matchExpressions, whose key - field is "key", the operator - is "In", and the values array - contains only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set - of pod label keys to select which - pods will be taken into consideration. - The keys are used to lookup values - from the incoming pod labels, those - key-value labels are merged with - `labelSelector` as `key in (value)` - to select the group of existing - pods which pods will be taken into - consideration for the incoming pod's - pod (anti) affinity. Keys that don't - exist in the incoming pod labels - will be ignored. The default value - is empty. The same key is forbidden - to exist in both matchLabelKeys - and labelSelector. Also, matchLabelKeys - cannot be set when labelSelector - isn't set. This is an alpha field - and requires enabling MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys is - a set of pod label keys to select - which pods will be taken into consideration. - The keys are used to lookup values - from the incoming pod labels, those - key-value labels are merged with - `labelSelector` as `key notin (value)` - to select the group of existing - pods which pods will be taken into - consideration for the incoming pod's - pod (anti) affinity. Keys that don't - exist in the incoming pod labels - will be ignored. The default value - is empty. The same key is forbidden - to exist in both mismatchLabelKeys - and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector - isn't set. This is an alpha field - and requires enabling MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the - set of namespaces that the term - applies to. The term is applied - to the union of the namespaces selected - by this field and the ones listed - in the namespaces field. null selector - and null or empty namespaces list - means "this pod's namespace". An - empty selector ({}) matches all - namespaces. properties: matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. items: - description: A label selector - requirement is a selector - that contains values, a key, - and an operator that relates - the key and values. properties: key: - description: key is the - label key that the selector - applies to. type: string operator: - description: operator represents - a key's relationship to - a set of values. Valid - operators are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values is an - array of string values. - If the operator is In - or NotIn, the values array - must be non-empty. If - the operator is Exists - or DoesNotExist, the values - array must be empty. This - array is replaced during - a strategic merge patch. items: type: string type: array @@ -21109,43 +8236,15 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a - map of {key,value} pairs. A - single {key,value} in the matchLabels - map is equivalent to an element - of matchExpressions, whose key - field is "key", the operator - is "In", and the values array - contains only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies - a static list of namespace names - that the term applies to. The term - is applied to the union of the namespaces - listed in this field and the ones - selected by namespaceSelector. null - or empty namespaces list and null - namespaceSelector means "this pod's - namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: - description: This pod should be co-located - (affinity) or not co-located (anti-affinity) - with the pods matching the labelSelector - in the specified namespaces, where - co-located is defined as running - on a node whose value of the label - with key topologyKey matches that - of any node on which any of the - selected pods is running. Empty - topologyKey is not allowed. type: string required: - topologyKey @@ -21155,305 +8254,106 @@ spec: type: object type: object automountServiceAccountToken: - description: AutomountServiceAccountToken indicates - whether a service account token should be automatically - mounted. type: boolean enableServiceLinks: - description: 'EnableServiceLinks indicates whether - information about services should be injected - into pod''s environment variables, matching the - syntax of Docker links. Optional: Defaults to - true.' type: boolean imagePullSecrets: - description: 'ImagePullSecrets is an optional list - of references to secrets in the same namespace - to use for pulling any of the images used by this - PodRuntimeSettings. If specified, these secrets - will be passed to individual puller implementations - for them to use. For example, in the case of docker, - only DockerConfig type secrets are honored. More - info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' items: - description: LocalObjectReference contains enough - information to let you locate the referenced - object inside the same namespace. properties: name: default: "" - description: 'Name of the referent. This field - is effectively required, but due to backwards - compatibility is allowed to be empty. Instances - of this type with an empty value here are - almost certainly wrong. TODO: Add other - useful fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic type: array nodeName: - description: NodeName is a request to schedule this - pod onto a specific node. If it is non-empty, - the scheduler simply schedules this pod onto that - node, assuming that it fits resource requirements. type: string nodeSelector: additionalProperties: type: string - description: 'NodeSelector is a selector which must - be true for the pod to fit on a node. Selector - which must match a node''s labels for the pod - to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' type: object podAnnotations: additionalProperties: type: string - description: PodAnnotations are the annotations - that will be attached with the respective Pod type: object podLabels: additionalProperties: type: string - description: PodLabels are the labels that will - be attached with the respective Pod type: object priority: - description: The priority value. Various system - components use this field to find the priority - of the pod. When Priority Admission Controller - is enabled, it prevents users from setting this - field. The admission controller populates this - field from PriorityClassName. The higher the value, - the higher the priority. format: int32 type: integer priorityClassName: - description: If specified, indicates the pod's priority. - "system-node-critical" and "system-cluster-critical" - are two special keywords which indicate the highest - priorities with the former being the highest priority. - Any other name must be defined by creating a PriorityClass - object with that name. If not specified, the pod - priority will be default or zero if there is no - default. type: string readinessGates: - description: 'If specified, all readiness gates - will be evaluated for pod readiness. A pod is - ready when all its containers are ready AND all - conditions specified in the readiness gates have - status equal to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/0007-pod-ready%2B%2B.md' items: - description: PodReadinessGate contains the reference - to a pod condition properties: conditionType: - description: ConditionType refers to a condition - in the pod's condition list with matching - type. type: string required: - conditionType type: object type: array runtimeClassName: - description: 'RuntimeClassName refers to a RuntimeClass - object in the node.k8s.io group, which should - be used to run this pod. If no RuntimeClass resource - matches the named class, the pod will not be run. - If unset or empty, the "legacy" RuntimeClass will - be used, which is an implicit class with an empty - definition that uses the default runtime handler. - More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md - This is an alpha feature and may change in the - future.' type: string schedulerName: - description: If specified, the pod will be dispatched - by specified scheduler. If not specified, the - pod will be dispatched by default scheduler. type: string securityContext: - description: 'Security options the pod should run - with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: appArmorProfile: - description: appArmorProfile is the AppArmor - options to use by the containers in this pod. - Note that this field cannot be set when spec.os.name - is windows. properties: localhostProfile: - description: localhostProfile indicates - a profile loaded on the node that should - be used. The profile must be preconfigured - on the node to work. Must match the loaded - name of the profile. Must be set if and - only if type is "Localhost". type: string type: - description: 'type indicates which kind - of AppArmor profile will be applied. Valid - options are: Localhost - a profile pre-loaded - on the node. RuntimeDefault - the container - runtime''s default profile. Unconfined - - no AppArmor enforcement.' type: string required: - type type: object fsGroup: - description: "A special supplemental group that - applies to all containers in a pod. Some volume - types allow the Kubelet to change the ownership - of that volume to be owned by the pod: \n - 1. The owning GID will be the FSGroup 2. The - setgid bit is set (new files created in the - volume will be owned by FSGroup) 3. The permission - bits are OR'd with rw-rw---- \n If unset, - the Kubelet will not modify the ownership - and permissions of any volume. Note that this - field cannot be set when spec.os.name is windows." format: int64 type: integer fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines behavior - of changing ownership and permission of the - volume before being exposed inside Pod. This - field will only apply to volume types which - support fsGroup based ownership(and permissions). - It will have no effect on ephemeral volume - types such as: secret, configmaps and emptydir. - Valid values are "OnRootMismatch" and "Always". - If not specified, "Always" is used. Note that - this field cannot be set when spec.os.name - is windows.' type: string runAsGroup: - description: The GID to run the entrypoint of - the container process. Uses runtime default - if unset. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes - precedence for that container. Note that this - field cannot be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: - description: Indicates that the container must - run as a non-root user. If true, the Kubelet - will validate the image at runtime to ensure - that it does not run as UID 0 (root) and fail - to start the container if it does. If unset - or false, no such validation will be performed. - May also be set in SecurityContext. If set - in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes - precedence. type: boolean runAsUser: - description: The UID to run the entrypoint of - the container process. Defaults to user specified - in image metadata if unspecified. May also - be set in SecurityContext. If set in both - SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence - for that container. Note that this field cannot - be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be applied - to all containers. If unspecified, the container - runtime will allocate a random SELinux context - for each container. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes - precedence for that container. Note that this - field cannot be set when spec.os.name is windows. properties: level: - description: Level is SELinux level label - that applies to the container. type: string role: - description: Role is a SELinux role label - that applies to the container. type: string type: - description: Type is a SELinux type label - that applies to the container. type: string user: - description: User is a SELinux user label - that applies to the container. type: string type: object seccompProfile: - description: The seccomp options to use by the - containers in this pod. Note that this field - cannot be set when spec.os.name is windows. properties: localhostProfile: - description: localhostProfile indicates - a profile defined in a file on the node - should be used. The profile must be preconfigured - on the node to work. Must be a descending - path, relative to the kubelet's configured - seccomp profile location. Must be set - if type is "Localhost". Must NOT be set - for any other type. type: string type: - description: "type indicates which kind - of seccomp profile will be applied. Valid - options are: \n Localhost - a profile - defined in a file on the node should be - used. RuntimeDefault - the container runtime - default profile should be used. Unconfined - - no profile should be applied." type: string required: - type type: object supplementalGroups: - description: A list of groups applied to the - first process run in each container, in addition - to the container's primary GID, the fsGroup - (if specified), and group memberships defined - in the container image for the uid of the - container process. If unspecified, no additional - groups are added to any container. Note that - group memberships defined in the container - image for the uid of the container process - are still effective, even if they are not - included in this list. Note that this field - cannot be set when spec.os.name is windows. items: format: int64 type: integer type: array x-kubernetes-list-type: atomic sysctls: - description: Sysctls hold a list of namespaced - sysctls used for the pod. Pods with unsupported - sysctls (by the container runtime) might fail - to launch. Note that this field cannot be - set when spec.os.name is windows. items: - description: Sysctl defines a kernel parameter - to be set properties: name: - description: Name of a property to set type: string value: - description: Value of a property to set type: string required: - name @@ -21462,154 +8362,52 @@ spec: type: array x-kubernetes-list-type: atomic windowsOptions: - description: The Windows specific settings applied - to all containers. If unspecified, the options - within a container's SecurityContext will - be used. If set in both SecurityContext and - PodSecurityContext, the value specified in - SecurityContext takes precedence. Note that - this field cannot be set when spec.os.name - is linux. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is where - the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential - spec named by the GMSACredentialSpecName - field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName is the - name of the GMSA credential spec to use. type: string hostProcess: - description: HostProcess determines if a - container should be run as a 'Host Process' - container. All of a Pod's containers must - have the same effective HostProcess value - (it is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). - In addition, if HostProcess is true then - HostNetwork must also be set to true. type: boolean runAsUserName: - description: The UserName in Windows to - run the entrypoint of the container process. - Defaults to the user specified in image - metadata if unspecified. May also be set - in PodSecurityContext. If set in both - SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. type: string type: object type: object serviceAccountAnnotations: additionalProperties: type: string - description: ServiceAccountAnnotations are the annotations - that will be attached with the respective ServiceAccount type: object serviceAccountName: - description: 'ServiceAccountName is the name of - the ServiceAccount to use to run this pod. More - info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' type: string tolerations: - description: If specified, the pod's tolerations. items: - description: The pod this Toleration is attached - to tolerates any taint that matches the triple - using the matching operator - . properties: effect: - description: Effect indicates the taint effect - to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, - PreferNoSchedule and NoExecute. type: string key: - description: Key is the taint key that the - toleration applies to. Empty means match - all taint keys. If the key is empty, operator - must be Exists; this combination means to - match all values and all keys. type: string operator: - description: Operator represents a key's relationship - to the value. Valid operators are Exists - and Equal. Defaults to Equal. Exists is - equivalent to wildcard for value, so that - a pod can tolerate all taints of a particular - category. type: string tolerationSeconds: - description: TolerationSeconds represents - the period of time the toleration (which - must be of effect NoExecute, otherwise this - field is ignored) tolerates the taint. By - default, it is not set, which means tolerate - the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict - immediately) by the system. format: int64 type: integer value: - description: Value is the taint value the - toleration matches to. If the operator is - Exists, the value should be empty, otherwise - just a regular string. type: string type: object type: array topologySpreadConstraints: - description: TopologySpreadConstraints describes - how a group of pods ought to spread across topology - domains. Scheduler will schedule pods in a way - which abides by the constraints. All topologySpreadConstraints - are ANDed. items: - description: TopologySpreadConstraint specifies - how to spread matching pods among the given - topology. properties: labelSelector: - description: LabelSelector is used to find - matching pods. Pods that match this label - selector are counted to determine the number - of pods in their corresponding topology - domain. properties: matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. properties: key: - description: key is the label key - that the selector applies to. type: string operator: - description: operator represents - a key's relationship to a set - of values. Valid operators are - In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array - of string values. If the operator - is In or NotIn, the values array - must be non-empty. If the operator - is Exists or DoesNotExist, the - values array must be empty. This - array is replaced during a strategic - merge patch. items: type: string type: array @@ -21623,161 +8421,27 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: "MatchLabelKeys is a set of pod - label keys to select the pods over which - spreading will be calculated. The keys are - used to lookup values from the incoming - pod labels, those key-value labels are ANDed - with labelSelector to select the group of - existing pods over which spreading will - be calculated for the incoming pod. The - same key is forbidden to exist in both MatchLabelKeys - and LabelSelector. MatchLabelKeys cannot - be set when LabelSelector isn't set. Keys - that don't exist in the incoming pod labels - will be ignored. A null or empty list means - only match against labelSelector. \n This - is a beta field and requires the MatchLabelKeysInPodTopologySpread - feature gate to be enabled (enabled by default)." items: type: string type: array x-kubernetes-list-type: atomic maxSkew: - description: 'MaxSkew describes the degree - to which pods may be unevenly distributed. - When `whenUnsatisfiable=DoNotSchedule`, - it is the maximum permitted difference between - the number of matching pods in the target - topology and the global minimum. The global - minimum is the minimum number of matching - pods in an eligible domain or zero if the - number of eligible domains is less than - MinDomains. For example, in a 3-zone cluster, - MaxSkew is set to 1, and pods with the same - labelSelector spread as 2/2/1: In this case, - the global minimum is 1. | zone1 | zone2 - | zone3 | | P P | P P | P | - if - MaxSkew is 1, incoming pod can only be scheduled - to zone3 to become 2/2/2; scheduling it - onto zone1(zone2) would make the ActualSkew(3-1) - on zone1(zone2) violate MaxSkew(1). - if - MaxSkew is 2, incoming pod can be scheduled - onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, - it is used to give higher precedence to - topologies that satisfy it. It''s a required - field. Default value is 1 and 0 is not allowed.' format: int32 type: integer minDomains: - description: "MinDomains indicates a minimum - number of eligible domains. When the number - of eligible domains with matching topology - keys is less than minDomains, Pod Topology - Spread treats \"global minimum\" as 0, and - then the calculation of Skew is performed. - And when the number of eligible domains - with matching topology keys equals or greater - than minDomains, this value has no effect - on scheduling. As a result, when the number - of eligible domains is less than minDomains, - scheduler won't schedule more than maxSkew - Pods to those domains. If value is nil, - the constraint behaves as if MinDomains - is equal to 1. Valid values are integers - greater than 0. When value is not nil, WhenUnsatisfiable - must be DoNotSchedule. \n For example, in - a 3-zone cluster, MaxSkew is set to 2, MinDomains - is set to 5 and pods with the same labelSelector - spread as 2/2/2: | zone1 | zone2 | zone3 - | | P P | P P | P P | The number of - domains is less than 5(MinDomains), so \"global - minimum\" is treated as 0. In this situation, - new pod with the same labelSelector cannot - be scheduled, because computed skew will - be 3(3 - 0) if new Pod is scheduled to any - of the three zones, it will violate MaxSkew." format: int32 type: integer nodeAffinityPolicy: - description: "NodeAffinityPolicy indicates - how we will treat Pod's nodeAffinity/nodeSelector - when calculating pod topology spread skew. - Options are: - Honor: only nodes matching - nodeAffinity/nodeSelector are included in - the calculations. - Ignore: nodeAffinity/nodeSelector - are ignored. All nodes are included in the - calculations. \n If this value is nil, the - behavior is equivalent to the Honor policy. - This is a beta-level feature default enabled - by the NodeInclusionPolicyInPodTopologySpread - feature flag." type: string nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates how - we will treat node taints when calculating - pod topology spread skew. Options are: - - Honor: nodes without taints, along with - tainted nodes for which the incoming pod - has a toleration, are included. - Ignore: - node taints are ignored. All nodes are included. - \n If this value is nil, the behavior is - equivalent to the Ignore policy. This is - a beta-level feature default enabled by - the NodeInclusionPolicyInPodTopologySpread - feature flag." type: string topologyKey: - description: TopologyKey is the key of node - labels. Nodes that have a label with this - key and identical values are considered - to be in the same topology. We consider - each as a "bucket", and try - to put balanced number of pods into each - bucket. We define a domain as a particular - instance of a topology. Also, we define - an eligible domain as a domain whose nodes - meet the requirements of nodeAffinityPolicy - and nodeTaintsPolicy. e.g. If TopologyKey - is "kubernetes.io/hostname", each Node is - a domain of that topology. And, if TopologyKey - is "topology.kubernetes.io/zone", each zone - is a domain of that topology. It's a required - field. type: string whenUnsatisfiable: - description: 'WhenUnsatisfiable indicates - how to deal with a pod if it doesn''t satisfy - the spread constraint. - DoNotSchedule (default) - tells the scheduler not to schedule it. - - ScheduleAnyway tells the scheduler to - schedule the pod in any location, but giving - higher precedence to topologies that would - help reduce the skew. A constraint is considered - "Unsatisfiable" for an incoming pod if and - only if every possible node assignment for - that pod would violate "MaxSkew" on some - topology. For example, in a 3-zone cluster, - MaxSkew is set to 1, and pods with the same - labelSelector spread as 3/1/1: | zone1 | - zone2 | zone3 | | P P P | P | P | - If WhenUnsatisfiable is set to DoNotSchedule, - incoming pod can only be scheduled to zone2(zone3) - to become 3/2/1(3/1/2) as ActualSkew(2-1) - on zone2(zone3) satisfies MaxSkew(1). In - other words, the cluster can still be imbalanced, - but scheduler won''t make it *more* imbalanced. - It''s a required field.' type: string required: - maxSkew @@ -21792,135 +8456,63 @@ spec: type: object type: object timeout: - description: Timeout specifies a duration in seconds that - KubeStash should wait for the hook execution to be completed. - If the hook execution does not finish within this time - period, KubeStash will consider this hook execution as - failure. Then, it will be re-tried according to MaxRetry - policy. type: string variables: - description: Variables specifies a list of variables and - their sources that will be used to resolve the HookTemplate. items: - description: EnvVar represents an environment variable - present in a Container. properties: name: - description: Name of the environment variable. Must - be a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) are - expanded using the previously defined environment - variables in the container and any service environment - variables. If a variable cannot be resolved, the - reference in the input string will be unchanged. - Double $$ are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" - will produce the string literal "$(VAR_NAME)". Escaped - references will never be expanded, regardless of - whether the variable exists or not. Defaults to - "".' type: string valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. properties: configMapKeyRef: - description: Selects a key of a ConfigMap. properties: key: - description: The key to select. type: string name: default: "" - description: 'Name of the referent. This field - is effectively required, but due to backwards - compatibility is allowed to be empty. Instances - of this type with an empty value here are - almost certainly wrong. TODO: Add other - useful fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the ConfigMap - or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of the pod: supports - metadata.name, metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs.' properties: apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". type: string fieldPath: - description: Path of the field to select in - the specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' properties: containerName: - description: 'Container name: required for - volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output format of - the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to select' type: string required: - resource type: object x-kubernetes-map-type: atomic secretKeyRef: - description: Selects a key of a secret in the - pod's namespace properties: key: - description: The key of the secret to select - from. Must be a valid secret key. type: string name: default: "" - description: 'Name of the referent. This field - is effectively required, but due to backwards - compatibility is allowed to be empty. Instances - of this type with an empty value here are - almost certainly wrong. TODO: Add other - useful fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the Secret or - its key must be defined type: boolean required: - key @@ -21932,63 +8524,21 @@ spec: type: object type: array volumeMounts: - description: VolumeMounts specifies the mount for the volumes - specified in `Volumes` section Use this field only for - `Function` type hook executor. items: - description: VolumeMount describes a mounting of a Volume - within a container. properties: mountPath: - description: Path within the container at which the - volume should be mounted. Must not contain ':'. type: string mountPropagation: - description: mountPropagation determines how mounts - are propagated from the host to container and the - other way around. When not set, MountPropagationNone - is used. This field is beta in 1.10. When RecursiveReadOnly - is set to IfPossible or to Enabled, MountPropagation - must be None or unspecified (which defaults to None). type: string name: - description: This must match the Name of a Volume. type: string readOnly: - description: Mounted read-only if true, read-write - otherwise (false or unspecified). Defaults to false. type: boolean recursiveReadOnly: - description: "RecursiveReadOnly specifies whether - read-only mounts should be handled recursively. - \n If ReadOnly is false, this field has no meaning - and must be unspecified. \n If ReadOnly is true, - and this field is set to Disabled, the mount is - not made recursively read-only. If this field is - set to IfPossible, the mount is made recursively - read-only, if it is supported by the container runtime. - \ If this field is set to Enabled, the mount is - made recursively read-only if it is supported by - the container runtime, otherwise the pod will not - be started and an error will be generated to indicate - the reason. \n If this field is set to IfPossible - or Enabled, MountPropagation must be set to None - (or be unspecified, which defaults to None). \n - If this field is not specified, it is treated as - an equivalent of Disabled." type: string subPath: - description: Path within the volume from which the - container's volume should be mounted. Defaults to - "" (volume's root). type: string subPathExpr: - description: Expanded path within the volume from - which the container's volume should be mounted. - Behaves similarly to SubPath but environment variable - references $(VAR_NAME) are expanded using the container's - environment. Defaults to "" (volume's root). SubPathExpr - and SubPath are mutually exclusive. type: string required: - mountPath @@ -21996,264 +8546,109 @@ spec: type: object type: array volumes: - description: Volumes indicates the list of volumes of targeted - application that should be mounted on the hook executor. - Use this field only for `Function` type hook executor. items: - description: Volume represents a named volume in a pod - that may be accessed by any container in the pod. properties: awsElasticBlockStore: - description: 'awsElasticBlockStore represents an AWS - Disk resource that is attached to a kubelet''s host - machine and then exposed to the pod. More info: - https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' properties: fsType: - description: 'fsType is the filesystem type of - the volume that you want to mount. Tip: Ensure - that the filesystem type is supported by the - host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if - unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem - from compromising the machine' type: string partition: - description: 'partition is the partition in the - volume that you want to mount. If omitted, the - default is to mount by volume name. Examples: - For volume /dev/sda1, you specify the partition - as "1". Similarly, the volume partition for - /dev/sda is "0" (or you can leave the property - empty).' format: int32 type: integer readOnly: - description: 'readOnly value true will force the - readOnly setting in VolumeMounts. More info: - https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: boolean volumeID: - description: 'volumeID is unique ID of the persistent - disk resource in AWS (Amazon EBS volume). More - info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: string required: - volumeID type: object azureDisk: - description: azureDisk represents an Azure Data Disk - mount on the host and bind mount to the pod. properties: cachingMode: - description: 'cachingMode is the Host Caching - mode: None, Read Only, Read Write.' type: string diskName: - description: diskName is the Name of the data - disk in the blob storage type: string diskURI: - description: diskURI is the URI of data disk in - the blob storage type: string fsType: - description: fsType is Filesystem type to mount. - Must be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified. type: string kind: - description: 'kind expected values are Shared: - multiple blob disks per storage account Dedicated: - single blob disk per storage account Managed: - azure managed data disk (only in managed availability - set). defaults to shared' type: string readOnly: - description: readOnly Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting - in VolumeMounts. type: boolean required: - diskName - diskURI type: object azureFile: - description: azureFile represents an Azure File Service - mount on the host and bind mount to the pod. properties: readOnly: - description: readOnly defaults to false (read/write). - ReadOnly here will force the ReadOnly setting - in VolumeMounts. type: boolean secretName: - description: secretName is the name of secret - that contains Azure Storage Account Name and - Key type: string shareName: - description: shareName is the azure share Name type: string required: - secretName - shareName type: object cephfs: - description: cephFS represents a Ceph FS mount on - the host that shares a pod's lifetime properties: monitors: - description: 'monitors is Required: Monitors is - a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' items: type: string type: array x-kubernetes-list-type: atomic path: - description: 'path is Optional: Used as the mounted - root, rather than the full Ceph tree, default - is /' type: string readOnly: - description: 'readOnly is Optional: Defaults to - false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. More info: - https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: boolean secretFile: - description: 'secretFile is Optional: SecretFile - is the path to key ring for User, default is - /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string secretRef: - description: 'secretRef is Optional: SecretRef - is reference to the authentication secret for - User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' properties: name: default: "" - description: 'Name of the referent. This field - is effectively required, but due to backwards - compatibility is allowed to be empty. Instances - of this type with an empty value here are - almost certainly wrong. TODO: Add other - useful fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is optional: User is the rados - user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string required: - monitors type: object cinder: - description: 'cinder represents a cinder volume attached - and mounted on kubelets host machine. More info: - https://examples.k8s.io/mysql-cinder-pd/README.md' properties: fsType: - description: 'fsType is the filesystem type to - mount. Must be a filesystem type supported by - the host operating system. Examples: "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string readOnly: - description: 'readOnly defaults to false (read/write). - ReadOnly here will force the ReadOnly setting - in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: boolean secretRef: - description: 'secretRef is optional: points to - a secret object containing parameters used to - connect to OpenStack.' properties: name: default: "" - description: 'Name of the referent. This field - is effectively required, but due to backwards - compatibility is allowed to be empty. Instances - of this type with an empty value here are - almost certainly wrong. TODO: Add other - useful fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic volumeID: - description: 'volumeID used to identify the volume - in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string required: - volumeID type: object configMap: - description: configMap represents a configMap that - should populate this volume properties: defaultMode: - description: 'defaultMode is optional: mode bits - used to set permissions on created files by - default. Must be an octal value between 0000 - and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. - Defaults to 0644. Directories within the path - are not affected by this setting. This might - be in conflict with other options that affect - the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer items: - description: items if unspecified, each key-value - pair in the Data field of the referenced ConfigMap - will be projected into the volume as a file - whose name is the key and content is the value. - If specified, the listed keys will be projected - into the specified paths, and unlisted keys - will not be present. If a key is specified which - is not present in the ConfigMap, the volume - setup will error unless it is marked optional. - Paths must be relative and may not contain the - '..' path or start with '..'. items: - description: Maps a string key to a path within - a volume. properties: key: - description: key is the key to project. type: string mode: - description: 'mode is Optional: mode bits - used to set permissions on this file. - Must be an octal value between 0000 and - 0777 or a decimal value between 0 and - 511. YAML accepts both octal and decimal - values, JSON requires decimal values for - mode bits. If not specified, the volume - defaultMode will be used. This might be - in conflict with other options that affect - the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer path: - description: path is the relative path of - the file to map the key to. May not be - an absolute path. May not contain the - path element '..'. May not start with - the string '..'. type: string required: - key @@ -22263,166 +8658,67 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of the referent. This field - is effectively required, but due to backwards - compatibility is allowed to be empty. Instances - of this type with an empty value here are almost - certainly wrong. TODO: Add other useful fields. - apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional specify whether the ConfigMap - or its keys must be defined type: boolean type: object x-kubernetes-map-type: atomic csi: - description: csi (Container Storage Interface) represents - ephemeral storage that is handled by certain external - CSI drivers (Beta feature). properties: driver: - description: driver is the name of the CSI driver - that handles this volume. Consult with your - admin for the correct name as registered in - the cluster. type: string fsType: - description: fsType to mount. Ex. "ext4", "xfs", - "ntfs". If not provided, the empty value is - passed to the associated CSI driver which will - determine the default filesystem to apply. type: string nodePublishSecretRef: - description: nodePublishSecretRef is a reference - to the secret object containing sensitive information - to pass to the CSI driver to complete the CSI - NodePublishVolume and NodeUnpublishVolume calls. - This field is optional, and may be empty if - no secret is required. If the secret object - contains more than one secret, all secret references - are passed. properties: name: default: "" - description: 'Name of the referent. This field - is effectively required, but due to backwards - compatibility is allowed to be empty. Instances - of this type with an empty value here are - almost certainly wrong. TODO: Add other - useful fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic readOnly: - description: readOnly specifies a read-only configuration - for the volume. Defaults to false (read/write). type: boolean volumeAttributes: additionalProperties: type: string - description: volumeAttributes stores driver-specific - properties that are passed to the CSI driver. - Consult your driver's documentation for supported - values. type: object required: - driver type: object downwardAPI: - description: downwardAPI represents downward API about - the pod that should populate this volume properties: defaultMode: - description: 'Optional: mode bits to use on created - files by default. Must be a Optional: mode bits - used to set permissions on created files by - default. Must be an octal value between 0000 - and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. - Defaults to 0644. Directories within the path - are not affected by this setting. This might - be in conflict with other options that affect - the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer items: - description: Items is a list of downward API volume - file items: - description: DownwardAPIVolumeFile represents - information to create the file containing - the pod field properties: fieldRef: - description: 'Required: Selects a field - of the pod: only annotations, labels, - name, namespace and uid are supported.' properties: apiVersion: - description: Version of the schema the - FieldPath is written in terms of, - defaults to "v1". type: string fieldPath: - description: Path of the field to select - in the specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: mode bits used to - set permissions on this file, must be - an octal value between 0000 and 0777 or - a decimal value between 0 and 511. YAML - accepts both octal and decimal values, - JSON requires decimal values for mode - bits. If not specified, the volume defaultMode - will be used. This might be in conflict - with other options that affect the file - mode, like fsGroup, and the result can - be other mode bits set.' format: int32 type: integer path: - description: 'Required: Path is the relative - path name of the file to be created. Must - not be absolute or contain the ''..'' - path. Must be utf-8 encoded. The first - item of the relative path must not start - with ''..''' type: string resourceFieldRef: - description: 'Selects a resource of the - container: only resources limits and requests - (limits.cpu, limits.memory, requests.cpu - and requests.memory) are currently supported.' properties: containerName: - description: 'Container name: required - for volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output format - of the exposed resources, defaults - to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to - select' type: string required: - resource @@ -22435,204 +8731,50 @@ spec: x-kubernetes-list-type: atomic type: object emptyDir: - description: 'emptyDir represents a temporary directory - that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' properties: medium: - description: 'medium represents what type of storage - medium should back this directory. The default - is "" which means to use the node''s default - medium. Must be an empty string (default) or - Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: anyOf: - type: integer - type: string - description: 'sizeLimit is the total amount of - local storage required for this EmptyDir volume. - The size limit is also applicable for memory - medium. The maximum usage on memory medium EmptyDir - would be the minimum value between the SizeLimit - specified here and the sum of memory limits - of all containers in a pod. The default is nil - which means that the limit is undefined. More - info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object ephemeral: - description: "ephemeral represents a volume that is - handled by a cluster storage driver. The volume's - lifecycle is tied to the pod that defines it - it - will be created before the pod starts, and deleted - when the pod is removed. \n Use this if: a) the - volume is only needed while the pod runs, b) features - of normal volumes like restoring from snapshot or - capacity tracking are needed, c) the storage driver - is specified through a storage class, and d) the - storage driver supports dynamic volume provisioning - through a PersistentVolumeClaim (see EphemeralVolumeSource - for more information on the connection between this - volume type and PersistentVolumeClaim). \n Use PersistentVolumeClaim - or one of the vendor-specific APIs for volumes that - persist for longer than the lifecycle of an individual - pod. \n Use CSI for light-weight local ephemeral - volumes if the CSI driver is meant to be used that - way - see the documentation of the driver for more - information. \n A pod can use both types of ephemeral - volumes and persistent volumes at the same time." properties: volumeClaimTemplate: - description: "Will be used to create a stand-alone - PVC to provision the volume. The pod in which - this EphemeralVolumeSource is embedded will - be the owner of the PVC, i.e. the PVC will be - deleted together with the pod. The name of - the PVC will be `-` where - `` is the name from the `PodSpec.Volumes` - array entry. Pod validation will reject the - pod if the concatenated name is not valid for - a PVC (for example, too long). \n An existing - PVC with that name that is not owned by the - pod will *not* be used for the pod to avoid - using an unrelated volume by mistake. Starting - the pod is then blocked until the unrelated - PVC is removed. If such a pre-created PVC is - meant to be used by the pod, the PVC has to - updated with an owner reference to the pod once - the pod exists. Normally this should not be - necessary, but it may be useful when manually - reconstructing a broken cluster. \n This field - is read-only and no changes will be made by - Kubernetes to the PVC after it has been created. - \n Required, must not be nil." properties: metadata: - description: May contain labels and annotations - that will be copied into the PVC when creating - it. No other fields are allowed and will - be rejected during validation. properties: annotations: additionalProperties: type: string - description: 'Annotations is an unstructured - key value map stored with a resource - that may be set by external tools to - store and retrieve arbitrary metadata. - They are not queryable and should be - preserved when modifying objects. More - info: http://kubernetes.io/docs/user-guide/annotations' type: object generateName: - description: "GenerateName is an optional - prefix, used by the server, to generate - a unique name ONLY IF the Name field - has not been provided. If this field - is used, the name returned to the client - will be different than the name passed. - This value will also be combined with - a unique suffix. The provided value - has the same validation rules as the - Name field, and may be truncated by - the length of the suffix required to - make the value unique on the server. - \n If this field is specified and the - generated name exists, the server will - NOT return a 409 - instead, it will - either return 201 Created or 500 with - Reason ServerTimeout indicating a unique - name could not be found in the time - allotted, and the client should retry - (optionally after the time indicated - in the Retry-After header). \n Applied - only if Name is not specified. More - info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" type: string labels: additionalProperties: type: string - description: 'Map of string keys and values - that can be used to organize and categorize - (scope and select) objects. May match - selectors of replication controllers - and services. More info: http://kubernetes.io/docs/user-guide/labels' type: object name: - description: 'Name must be unique within - a namespace. Is required when creating - resources, although some resources may - allow a client to request the generation - of an appropriate name automatically. - Name is primarily intended for creation - idempotence and configuration definition. - Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' type: string namespace: - description: "Namespace defines the space - within each name must be unique. An - empty namespace is equivalent to the - \"default\" namespace, but \"default\" - is the canonical representation. Not - all objects are required to be scoped - to a namespace - the value of this field - for those objects will be empty. \n - Must be a DNS_LABEL. Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/namespaces" type: string ownerReferences: - description: List of objects depended - by this object. If ALL objects in the - list have been deleted, this object - will be garbage collected. If this object - is managed by a controller, then an - entry in this list will point to this - controller, with the controller field - set to true. There cannot be more than - one managing controller. items: - description: OwnerReference contains - enough information to let you identify - an owning object. An owning object - must be in the same namespace as the - dependent, or be cluster-scoped, so - there is no namespace field. properties: apiVersion: - description: API version of the - referent. type: string blockOwnerDeletion: - description: If true, AND if the - owner has the "foregroundDeletion" - finalizer, then the owner cannot - be deleted from the key-value - store until this reference is - removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion - for how the garbage collector - interacts with this field and - enforces the foreground deletion. - Defaults to false. To set this - field, a user needs "delete" permission - of the owner, otherwise 422 (Unprocessable - Entity) will be returned. type: boolean controller: - description: If true, this reference - points to the managing controller. type: boolean kind: - description: 'Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: - description: 'UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -22644,53 +8786,19 @@ spec: type: array type: object spec: - description: The specification for the PersistentVolumeClaim. - The entire content is copied unchanged into - the PVC that gets created from this template. - The same fields as in a PersistentVolumeClaim - are also valid here. properties: accessModes: - description: 'accessModes contains the - desired access modes the volume should - have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array x-kubernetes-list-type: atomic dataSource: - description: 'dataSource field can be - used to specify either: * An existing - VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an external controller - can support the specified data source, - it will create a new volume based on - the contents of the specified data source. - When the AnyVolumeDataSource feature - gate is enabled, dataSource contents - will be copied to dataSourceRef, and - dataSourceRef contents will be copied - to dataSource when dataSourceRef.namespace - is not specified. If the namespace is - specified, then dataSourceRef will not - be copied to dataSource.' properties: apiGroup: - description: APIGroup is the group - for the resource being referenced. - If APIGroup is not specified, the - specified Kind must be in the core - API group. For any other third-party - types, APIGroup is required. type: string kind: - description: Kind is the type of resource - being referenced type: string name: - description: Name is the name of resource - being referenced type: string required: - kind @@ -22698,88 +8806,20 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef specifies - the object from which to populate the - volume with data, if a non-empty volume - is desired. This may be any object from - a non-empty API group (non core object) - or a PersistentVolumeClaim object. When - this field is specified, volume binding - will only succeed if the type of the - specified object matches some installed - volume populator or dynamic provisioner. - This field will replace the functionality - of the dataSource field and as such - if both fields are non-empty, they must - have the same value. For backwards compatibility, - when namespace isn''t specified in dataSourceRef, - both fields (dataSource and dataSourceRef) - will be set to the same value automatically - if one of them is empty and the other - is non-empty. When namespace is specified - in dataSourceRef, dataSource isn''t - set to the same value and must be empty. - There are three important differences - between dataSource and dataSourceRef: - * While dataSource only allows two specific - types of objects, dataSourceRef allows - any non-core object, as well as PersistentVolumeClaim - objects. * While dataSource ignores - disallowed values (dropping them), dataSourceRef - preserves all values, and generates - an error if a disallowed value is specified. - * While dataSource only allows local - objects, dataSourceRef allows objects - in any namespaces. (Beta) Using this - field requires the AnyVolumeDataSource - feature gate to be enabled. (Alpha) - Using the namespace field of dataSourceRef - requires the CrossNamespaceVolumeDataSource - feature gate to be enabled.' properties: apiGroup: - description: APIGroup is the group - for the resource being referenced. - If APIGroup is not specified, the - specified Kind must be in the core - API group. For any other third-party - types, APIGroup is required. type: string kind: - description: Kind is the type of resource - being referenced type: string name: - description: Name is the name of resource - being referenced type: string namespace: - description: Namespace is the namespace - of resource being referenced Note - that when a namespace is specified, - a gateway.networking.k8s.io/ReferenceGrant - object is required in the referent - namespace to allow that namespace's - owner to accept the reference. See - the ReferenceGrant documentation - for details. (Alpha) This field - requires the CrossNamespaceVolumeDataSource - feature gate to be enabled. type: string required: - kind - name type: object resources: - description: 'resources represents the - minimum resources the volume should - have. If RecoverVolumeExpansionFailure - feature is enabled users are allowed - to specify resource requirements that - are lower than previous value but must - still be higher than capacity recorded - in the status field of the claim. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: @@ -22788,9 +8828,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the - maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -22799,52 +8836,18 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the - minimum amount of compute resources - required. If Requests is omitted - for a container, it defaults to - Limits if that is explicitly specified, - otherwise to an implementation-defined - value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: - description: selector is a label query - over volumes to consider for binding. properties: matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. properties: key: - description: key is the label - key that the selector applies - to. type: string operator: - description: operator represents - a key's relationship to a - set of values. Valid operators - are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an array - of string values. If the operator - is In or NotIn, the values - array must be non-empty. If - the operator is Exists or - DoesNotExist, the values array - must be empty. This array - is replaced during a strategic - merge patch. items: type: string type: array @@ -22858,60 +8861,16 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map - of {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are - ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName is the - name of the StorageClass required by - the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeAttributesClassName: - description: 'volumeAttributesClassName - may be used to set the VolumeAttributesClass - used by this claim. If specified, the - CSI driver will create or update the - volume with the attributes defined in - the corresponding VolumeAttributesClass. - This has a different purpose than storageClassName, - it can be changed after the claim is - created. An empty string value means - that no VolumeAttributesClass will be - applied to the claim but it''s not allowed - to reset this field to empty string - once it is set. If unspecified and the - PersistentVolumeClaim is unbound, the - default VolumeAttributesClass will be - set by the persistentvolume controller - if it exists. If the resource referred - to by volumeAttributesClass does not - exist, this PersistentVolumeClaim will - be set to a Pending state, as reflected - by the modifyVolumeStatus field, until - such as a resource exists. More info: - https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires the - VolumeAttributesClass feature gate to - be enabled.' type: string volumeMode: - description: volumeMode defines what type - of volume is required by the claim. - Value of Filesystem is implied when - not included in claim spec. type: string volumeName: - description: volumeName is the binding - reference to the PersistentVolume backing - this claim. type: string type: object required: @@ -22919,91 +8878,41 @@ spec: type: object type: object fc: - description: fc represents a Fibre Channel resource - that is attached to a kubelet's host machine and - then exposed to the pod. properties: fsType: - description: 'fsType is the filesystem type to - mount. Must be a filesystem type supported by - the host operating system. Ex. "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if - unspecified. TODO: how do we prevent errors - in the filesystem from compromising the machine' type: string lun: - description: 'lun is Optional: FC target lun number' format: int32 type: integer readOnly: - description: 'readOnly is Optional: Defaults to - false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts.' type: boolean targetWWNs: - description: 'targetWWNs is Optional: FC target - worldwide names (WWNs)' items: type: string type: array x-kubernetes-list-type: atomic wwids: - description: 'wwids Optional: FC volume world - wide identifiers (wwids) Either wwids or combination - of targetWWNs and lun must be set, but not both - simultaneously.' items: type: string type: array x-kubernetes-list-type: atomic type: object flexVolume: - description: flexVolume represents a generic volume - resource that is provisioned/attached using an exec - based plugin. properties: driver: - description: driver is the name of the driver - to use for this volume. type: string fsType: - description: fsType is the filesystem type to - mount. Must be a filesystem type supported by - the host operating system. Ex. "ext4", "xfs", - "ntfs". The default filesystem depends on FlexVolume - script. type: string options: additionalProperties: type: string - description: 'options is Optional: this field - holds extra command options if any.' type: object readOnly: - description: 'readOnly is Optional: defaults to - false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts.' type: boolean secretRef: - description: 'secretRef is Optional: secretRef - is reference to the secret object containing - sensitive information to pass to the plugin - scripts. This may be empty if no secret object - is specified. If the secret object contains - more than one secret, all secrets are passed - to the plugin scripts.' properties: name: default: "" - description: 'Name of the referent. This field - is effectively required, but due to backwards - compatibility is allowed to be empty. Instances - of this type with an empty value here are - almost certainly wrong. TODO: Add other - useful fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic @@ -23011,182 +8920,79 @@ spec: - driver type: object flocker: - description: flocker represents a Flocker volume attached - to a kubelet's host machine. This depends on the - Flocker control service being running properties: datasetName: - description: datasetName is Name of the dataset - stored as metadata -> name on the dataset for - Flocker should be considered as deprecated type: string datasetUUID: - description: datasetUUID is the UUID of the dataset. - This is unique identifier of a Flocker dataset type: string type: object gcePersistentDisk: - description: 'gcePersistentDisk represents a GCE Disk - resource that is attached to a kubelet''s host machine - and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' properties: fsType: - description: 'fsType is filesystem type of the - volume that you want to mount. Tip: Ensure that - the filesystem type is supported by the host - operating system. Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem - from compromising the machine' type: string partition: - description: 'partition is the partition in the - volume that you want to mount. If omitted, the - default is to mount by volume name. Examples: - For volume /dev/sda1, you specify the partition - as "1". Similarly, the volume partition for - /dev/sda is "0" (or you can leave the property - empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' format: int32 type: integer pdName: - description: 'pdName is unique name of the PD - resource in GCE. Used to identify the disk in - GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: string readOnly: - description: 'readOnly here will force the ReadOnly - setting in VolumeMounts. Defaults to false. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: boolean required: - pdName type: object glusterfs: - description: 'glusterfs represents a Glusterfs mount - on the host that shares a pod''s lifetime. More - info: https://examples.k8s.io/volumes/glusterfs/README.md' properties: endpoints: - description: 'endpoints is the endpoint name that - details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string path: - description: 'path is the Glusterfs volume path. - More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string readOnly: - description: 'readOnly here will force the Glusterfs - volume to be mounted with read-only permissions. - Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: boolean required: - endpoints - path type: object hostPath: - description: 'hostPath represents a pre-existing file - or directory on the host machine that is directly - exposed to the container. This is generally used - for system agents or other privileged things that - are allowed to see the host machine. Most containers - will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict who can use - host directory mounts and who can/can not mount - host directories as read/write.' properties: path: - description: 'path of the directory on the host. - If the path is a symlink, it will follow the - link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string type: - description: 'type for HostPath Volume Defaults - to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string required: - path type: object iscsi: - description: 'iscsi represents an ISCSI Disk resource - that is attached to a kubelet''s host machine and - then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' properties: chapAuthDiscovery: - description: chapAuthDiscovery defines whether - support iSCSI Discovery CHAP authentication type: boolean chapAuthSession: - description: chapAuthSession defines whether support - iSCSI Session CHAP authentication type: boolean fsType: - description: 'fsType is the filesystem type of - the volume that you want to mount. Tip: Ensure - that the filesystem type is supported by the - host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if - unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem - from compromising the machine' type: string initiatorName: - description: initiatorName is the custom iSCSI - Initiator Name. If initiatorName is specified - with iscsiInterface simultaneously, new iSCSI - interface : will - be created for the connection. type: string iqn: - description: iqn is the target iSCSI Qualified - Name. type: string iscsiInterface: - description: iscsiInterface is the interface Name - that uses an iSCSI transport. Defaults to 'default' - (tcp). type: string lun: - description: lun represents iSCSI Target Lun number. format: int32 type: integer portals: - description: portals is the iSCSI Target Portal - List. The portal is either an IP or ip_addr:port - if the port is other than default (typically - TCP ports 860 and 3260). items: type: string type: array x-kubernetes-list-type: atomic readOnly: - description: readOnly here will force the ReadOnly - setting in VolumeMounts. Defaults to false. type: boolean secretRef: - description: secretRef is the CHAP Secret for - iSCSI target and initiator authentication properties: name: default: "" - description: 'Name of the referent. This field - is effectively required, but due to backwards - compatibility is allowed to be empty. Instances - of this type with an empty value here are - almost certainly wrong. TODO: Add other - useful fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic targetPortal: - description: targetPortal is iSCSI Target Portal. - The Portal is either an IP or ip_addr:port if - the port is other than default (typically TCP - ports 860 and 3260). type: string required: - iqn @@ -23194,171 +9000,68 @@ spec: - targetPortal type: object name: - description: 'name of the volume. Must be a DNS_LABEL - and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string nfs: - description: 'nfs represents an NFS mount on the host - that shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' properties: path: - description: 'path that is exported by the NFS - server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string readOnly: - description: 'readOnly here will force the NFS - export to be mounted with read-only permissions. - Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: boolean server: - description: 'server is the hostname or IP address - of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string required: - path - server type: object persistentVolumeClaim: - description: 'persistentVolumeClaimVolumeSource represents - a reference to a PersistentVolumeClaim in the same - namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: claimName: - description: 'claimName is the name of a PersistentVolumeClaim - in the same namespace as the pod using this - volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' type: string readOnly: - description: readOnly Will force the ReadOnly - setting in VolumeMounts. Default false. type: boolean required: - claimName type: object photonPersistentDisk: - description: photonPersistentDisk represents a PhotonController - persistent disk attached and mounted on kubelets - host machine properties: fsType: - description: fsType is the filesystem type to - mount. Must be a filesystem type supported by - the host operating system. Ex. "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if - unspecified. type: string pdID: - description: pdID is the ID that identifies Photon - Controller persistent disk type: string required: - pdID type: object portworxVolume: - description: portworxVolume represents a portworx - volume attached and mounted on kubelets host machine properties: fsType: - description: fSType represents the filesystem - type to mount Must be a filesystem type supported - by the host operating system. Ex. "ext4", "xfs". - Implicitly inferred to be "ext4" if unspecified. type: string readOnly: - description: readOnly defaults to false (read/write). - ReadOnly here will force the ReadOnly setting - in VolumeMounts. type: boolean volumeID: - description: volumeID uniquely identifies a Portworx - volume type: string required: - volumeID type: object projected: - description: projected items for all in one resources - secrets, configmaps, and downward API properties: defaultMode: - description: defaultMode are the mode bits used - to set permissions on created files by default. - Must be an octal value between 0000 and 0777 - or a decimal value between 0 and 511. YAML accepts - both octal and decimal values, JSON requires - decimal values for mode bits. Directories within - the path are not affected by this setting. This - might be in conflict with other options that - affect the file mode, like fsGroup, and the - result can be other mode bits set. format: int32 type: integer sources: - description: sources is the list of volume projections items: - description: Projection that may be projected - along with other supported volume types properties: clusterTrustBundle: - description: "ClusterTrustBundle allows - a pod to access the `.spec.trustBundle` - field of ClusterTrustBundle objects in - an auto-updating file. \n Alpha, gated - by the ClusterTrustBundleProjection feature - gate. \n ClusterTrustBundle objects can - either be selected by name, or by the - combination of signer name and a label - selector. \n Kubelet performs aggressive - normalization of the PEM contents written - into the pod filesystem. Esoteric PEM - features such as inter-block comments - and block headers are stripped. Certificates - are deduplicated. The ordering of certificates - within the file is arbitrary, and Kubelet - may change the order over time." properties: labelSelector: - description: Select all ClusterTrustBundles - that match this label selector. Only - has effect if signerName is set. Mutually-exclusive - with name. If unset, interpreted - as "match nothing". If set but empty, - interpreted as "match everything". properties: matchExpressions: - description: matchExpressions is - a list of label selector requirements. - The requirements are ANDed. items: - description: A label selector - requirement is a selector that - contains values, a key, and - an operator that relates the - key and values. properties: key: - description: key is the label - key that the selector applies - to. type: string operator: - description: operator represents - a key's relationship to - a set of values. Valid operators - are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an - array of string values. - If the operator is In or - NotIn, the values array - must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be - empty. This array is replaced - during a strategic merge - patch. items: type: string type: array @@ -23372,99 +9075,31 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map - of {key,value} pairs. A single - {key,value} in the matchLabels - map is equivalent to an element - of matchExpressions, whose key - field is "key", the operator is - "In", and the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic name: - description: Select a single ClusterTrustBundle - by object name. Mutually-exclusive - with signerName and labelSelector. type: string optional: - description: If true, don't block pod - startup if the referenced ClusterTrustBundle(s) - aren't available. If using name, - then the named ClusterTrustBundle - is allowed not to exist. If using - signerName, then the combination of - signerName and labelSelector is allowed - to match zero ClusterTrustBundles. type: boolean path: - description: Relative path from the - volume root to write the bundle. type: string signerName: - description: Select all ClusterTrustBundles - that match this signer name. Mutually-exclusive - with name. The contents of all selected - ClusterTrustBundles will be unified - and deduplicated. type: string required: - path type: object configMap: - description: configMap information about - the configMap data to project properties: items: - description: items if unspecified, each - key-value pair in the Data field of - the referenced ConfigMap will be projected - into the volume as a file whose name - is the key and content is the value. - If specified, the listed keys will - be projected into the specified paths, - and unlisted keys will not be present. - If a key is specified which is not - present in the ConfigMap, the volume - setup will error unless it is marked - optional. Paths must be relative and - may not contain the '..' path or start - with '..'. items: - description: Maps a string key to - a path within a volume. properties: key: - description: key is the key to - project. type: string mode: - description: 'mode is Optional: - mode bits used to set permissions - on this file. Must be an octal - value between 0000 and 0777 - or a decimal value between 0 - and 511. YAML accepts both octal - and decimal values, JSON requires - decimal values for mode bits. - If not specified, the volume - defaultMode will be used. This - might be in conflict with other - options that affect the file - mode, like fsGroup, and the - result can be other mode bits - set.' format: int32 type: integer path: - description: path is the relative - path of the file to map the - key to. May not be an absolute - path. May not contain the path - element '..'. May not start - with the string '..'. type: string required: - key @@ -23474,108 +9109,42 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value here - are almost certainly wrong. TODO: - Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional specify whether - the ConfigMap or its keys must be - defined type: boolean type: object x-kubernetes-map-type: atomic downwardAPI: - description: downwardAPI information about - the downwardAPI data to project properties: items: - description: Items is a list of DownwardAPIVolume - file items: - description: DownwardAPIVolumeFile - represents information to create - the file containing the pod field properties: fieldRef: - description: 'Required: Selects - a field of the pod: only annotations, - labels, name, namespace and - uid are supported.' properties: apiVersion: - description: Version of the - schema the FieldPath is - written in terms of, defaults - to "v1". type: string fieldPath: - description: Path of the field - to select in the specified - API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: mode bits - used to set permissions on this - file, must be an octal value - between 0000 and 0777 or a decimal - value between 0 and 511. YAML - accepts both octal and decimal - values, JSON requires decimal - values for mode bits. If not - specified, the volume defaultMode - will be used. This might be - in conflict with other options - that affect the file mode, like - fsGroup, and the result can - be other mode bits set.' format: int32 type: integer path: - description: 'Required: Path is the - relative path name of the file - to be created. Must not be absolute - or contain the ''..'' path. - Must be utf-8 encoded. The first - item of the relative path must - not start with ''..''' type: string resourceFieldRef: - description: 'Selects a resource - of the container: only resources - limits and requests (limits.cpu, - limits.memory, requests.cpu - and requests.memory) are currently - supported.' properties: containerName: - description: 'Container name: - required for volumes, optional - for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the - output format of the exposed - resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource - to select' type: string required: - resource @@ -23588,57 +9157,16 @@ spec: x-kubernetes-list-type: atomic type: object secret: - description: secret information about the - secret data to project properties: items: - description: items if unspecified, each - key-value pair in the Data field of - the referenced Secret will be projected - into the volume as a file whose name - is the key and content is the value. - If specified, the listed keys will - be projected into the specified paths, - and unlisted keys will not be present. - If a key is specified which is not - present in the Secret, the volume - setup will error unless it is marked - optional. Paths must be relative and - may not contain the '..' path or start - with '..'. items: - description: Maps a string key to - a path within a volume. properties: key: - description: key is the key to - project. type: string mode: - description: 'mode is Optional: - mode bits used to set permissions - on this file. Must be an octal - value between 0000 and 0777 - or a decimal value between 0 - and 511. YAML accepts both octal - and decimal values, JSON requires - decimal values for mode bits. - If not specified, the volume - defaultMode will be used. This - might be in conflict with other - options that affect the file - mode, like fsGroup, and the - result can be other mode bits - set.' format: int32 type: integer path: - description: path is the relative - path of the file to map the - key to. May not be an absolute - path. May not contain the path - element '..'. May not start - with the string '..'. type: string required: - key @@ -23648,56 +9176,19 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of the referent. - This field is effectively required, - but due to backwards compatibility - is allowed to be empty. Instances - of this type with an empty value here - are almost certainly wrong. TODO: - Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when - controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional field specify - whether the Secret or its key must - be defined type: boolean type: object x-kubernetes-map-type: atomic serviceAccountToken: - description: serviceAccountToken is information - about the serviceAccountToken data to - project properties: audience: - description: audience is the intended - audience of the token. A recipient - of a token must identify itself with - an identifier specified in the audience - of the token, and otherwise should - reject the token. The audience defaults - to the identifier of the apiserver. type: string expirationSeconds: - description: expirationSeconds is the - requested duration of validity of - the service account token. As the - token approaches expiration, the kubelet - volume plugin will proactively rotate - the service account token. The kubelet - will start trying to rotate the token - if the token is older than 80 percent - of its time to live or if the token - is older than 24 hours.Defaults to - 1 hour and must be at least 10 minutes. format: int64 type: integer path: - description: path is the path relative - to the mount point of the file to - project the token into. type: string required: - path @@ -23707,174 +9198,79 @@ spec: x-kubernetes-list-type: atomic type: object quobyte: - description: quobyte represents a Quobyte mount on - the host that shares a pod's lifetime properties: group: - description: group to map volume access to Default - is no group type: string readOnly: - description: readOnly here will force the Quobyte - volume to be mounted with read-only permissions. - Defaults to false. type: boolean registry: - description: registry represents a single or multiple - Quobyte Registry services specified as a string - as host:port pair (multiple entries are separated - with commas) which acts as the central registry - for volumes type: string tenant: - description: tenant owning the given Quobyte volume - in the Backend Used with dynamically provisioned - Quobyte volumes, value is set by the plugin type: string user: - description: user to map volume access to Defaults - to serivceaccount user type: string volume: - description: volume is a string that references - an already created Quobyte volume by name. type: string required: - registry - volume type: object rbd: - description: 'rbd represents a Rados Block Device - mount on the host that shares a pod''s lifetime. - More info: https://examples.k8s.io/volumes/rbd/README.md' properties: fsType: - description: 'fsType is the filesystem type of - the volume that you want to mount. Tip: Ensure - that the filesystem type is supported by the - host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if - unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem - from compromising the machine' type: string image: - description: 'image is the rados image name. More - info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string keyring: - description: 'keyring is the path to key ring - for RBDUser. Default is /etc/ceph/keyring. More - info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string monitors: - description: 'monitors is a collection of Ceph - monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' items: type: string type: array x-kubernetes-list-type: atomic pool: - description: 'pool is the rados pool name. Default - is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string readOnly: - description: 'readOnly here will force the ReadOnly - setting in VolumeMounts. Defaults to false. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: boolean secretRef: - description: 'secretRef is name of the authentication - secret for RBDUser. If provided overrides keyring. - Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' properties: name: default: "" - description: 'Name of the referent. This field - is effectively required, but due to backwards - compatibility is allowed to be empty. Instances - of this type with an empty value here are - almost certainly wrong. TODO: Add other - useful fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is the rados user name. Default - is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string required: - image - monitors type: object scaleIO: - description: scaleIO represents a ScaleIO persistent - volume attached and mounted on Kubernetes nodes. properties: fsType: - description: fsType is the filesystem type to - mount. Must be a filesystem type supported by - the host operating system. Ex. "ext4", "xfs", - "ntfs". Default is "xfs". type: string gateway: - description: gateway is the host address of the - ScaleIO API Gateway. type: string protectionDomain: - description: protectionDomain is the name of the - ScaleIO Protection Domain for the configured - storage. type: string readOnly: - description: readOnly Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting - in VolumeMounts. type: boolean secretRef: - description: secretRef references to the secret - for ScaleIO user and other sensitive information. - If this is not provided, Login operation will - fail. properties: name: default: "" - description: 'Name of the referent. This field - is effectively required, but due to backwards - compatibility is allowed to be empty. Instances - of this type with an empty value here are - almost certainly wrong. TODO: Add other - useful fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic sslEnabled: - description: sslEnabled Flag enable/disable SSL - communication with Gateway, default false type: boolean storageMode: - description: storageMode indicates whether the - storage for a volume should be ThickProvisioned - or ThinProvisioned. Default is ThinProvisioned. type: string storagePool: - description: storagePool is the ScaleIO Storage - Pool associated with the protection domain. type: string system: - description: system is the name of the storage - system as configured in ScaleIO. type: string volumeName: - description: volumeName is the name of a volume - already created in the ScaleIO system that is - associated with this volume source. type: string required: - gateway @@ -23882,62 +9278,19 @@ spec: - system type: object secret: - description: 'secret represents a secret that should - populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' properties: defaultMode: - description: 'defaultMode is Optional: mode bits - used to set permissions on created files by - default. Must be an octal value between 0000 - and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. - Defaults to 0644. Directories within the path - are not affected by this setting. This might - be in conflict with other options that affect - the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer items: - description: items If unspecified, each key-value - pair in the Data field of the referenced Secret - will be projected into the volume as a file - whose name is the key and content is the value. - If specified, the listed keys will be projected - into the specified paths, and unlisted keys - will not be present. If a key is specified which - is not present in the Secret, the volume setup - will error unless it is marked optional. Paths - must be relative and may not contain the '..' - path or start with '..'. items: - description: Maps a string key to a path within - a volume. properties: key: - description: key is the key to project. type: string mode: - description: 'mode is Optional: mode bits - used to set permissions on this file. - Must be an octal value between 0000 and - 0777 or a decimal value between 0 and - 511. YAML accepts both octal and decimal - values, JSON requires decimal values for - mode bits. If not specified, the volume - defaultMode will be used. This might be - in conflict with other options that affect - the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer path: - description: path is the relative path of - the file to map the key to. May not be - an absolute path. May not contain the - path element '..'. May not start with - the string '..'. type: string required: - key @@ -23946,89 +9299,37 @@ spec: type: array x-kubernetes-list-type: atomic optional: - description: optional field specify whether the - Secret or its keys must be defined type: boolean secretName: - description: 'secretName is the name of the secret - in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' type: string type: object storageos: - description: storageOS represents a StorageOS volume - attached and mounted on Kubernetes nodes. properties: fsType: - description: fsType is the filesystem type to - mount. Must be a filesystem type supported by - the host operating system. Ex. "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if - unspecified. type: string readOnly: - description: readOnly defaults to false (read/write). - ReadOnly here will force the ReadOnly setting - in VolumeMounts. type: boolean secretRef: - description: secretRef specifies the secret to - use for obtaining the StorageOS API credentials. If - not specified, default values will be attempted. properties: name: default: "" - description: 'Name of the referent. This field - is effectively required, but due to backwards - compatibility is allowed to be empty. Instances - of this type with an empty value here are - almost certainly wrong. TODO: Add other - useful fields. apiVersion, kind, uid? More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic volumeName: - description: volumeName is the human-readable - name of the StorageOS volume. Volume names - are only unique within a namespace. type: string volumeNamespace: - description: volumeNamespace specifies the scope - of the volume within StorageOS. If no namespace - is specified then the Pod's namespace will be - used. This allows the Kubernetes name scoping - to be mirrored within StorageOS for tighter - integration. Set VolumeName to any name to override - the default behaviour. Set to "default" if you - are not using namespaces within StorageOS. Namespaces - that do not pre-exist within StorageOS will - be created. type: string type: object vsphereVolume: - description: vsphereVolume represents a vSphere volume - attached and mounted on kubelets host machine properties: fsType: - description: fsType is filesystem type to mount. - Must be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified. type: string storagePolicyID: - description: storagePolicyID is the storage Policy - Based Management (SPBM) profile ID associated - with the StoragePolicyName. type: string storagePolicyName: - description: storagePolicyName is the storage - Policy Based Management (SPBM) profile name. type: string volumePath: - description: volumePath is the path that identifies - vSphere volume vmdk type: string required: - volumePath @@ -24041,105 +9342,59 @@ spec: type: array type: object manifestOptions: - description: ManifestOptions provide options to select particular - manifest object to restore properties: druid: - description: Druid specifies the options for selecting particular - Druid components to restore in manifest restore properties: authSecret: default: true - description: AuthSecret specifies whether to restore the AuthSecret - manifest or not type: boolean authSecretName: - description: AuthSecretName specifies new name of the AuthSecret - yaml after restore type: string configSecret: default: true - description: ConfigSecret specifies whether to restore the - ConfigSecret manifest or not type: boolean configSecretName: - description: ConfigSecretName specifies new name of the ConfigSecret - yaml after restore type: string db: default: true - description: DB specifies whether to restore the DB manifest - or not type: boolean dbName: - description: DBName specifies the new name of the DB yaml - after restore type: string deepStorageSecret: default: true - description: DeepStorageSecret specifies whether to restore - the DeepStorageSecret manifest or not type: boolean restoreNamespace: - description: RestoreNamespace specifies the Namespace where - the restored files will be applied type: string type: object mariaDB: - description: MariaDB specifies the options for selecting particular - MariaDB components to restore in manifest restore properties: authSecret: default: true - description: AuthSecret specifies whether to restore the AuthSecret - manifest or not type: boolean authSecretName: - description: AuthSecretName specifies new name of the AuthSecret - yaml after restore type: string configSecret: default: true - description: ConfigSecret specifies whether to restore the - ConfigSecret manifest or not type: boolean configSecretName: - description: ConfigSecretName specifies new name of the ConfigSecret - yaml after restore type: string db: default: true - description: DB specifies whether to restore the DB manifest - or not type: boolean dbName: - description: DBName specifies the new name of the DB yaml - after restore type: string initScript: default: true - description: InitScript specifies whether to restore the InitScript - manifest or not type: boolean restoreNamespace: - description: RestoreNamespace specifies the Namespace where - the restored files will be applied type: string tlsIssuerRef: - description: TLSIssuerRef specifies the name of the IssuerRef - used for TLS configurations for both client and server properties: apiGroup: - description: APIGroup is the group for the resource being - referenced. If APIGroup is not specified, the specified - Kind must be in the core API group. For any other third-party - types, APIGroup is required. type: string kind: - description: Kind is the type of resource being referenced type: string name: - description: Name is the name of resource being referenced type: string required: - kind @@ -24148,60 +9403,34 @@ spec: x-kubernetes-map-type: atomic type: object mongoDB: - description: MongoDB specifies the options for selecting particular - MongoDB components to restore in manifest restore properties: authSecret: default: true - description: AuthSecret specifies whether to restore the AuthSecret - manifest or not type: boolean authSecretName: - description: AuthSecretName specifies new name of the AuthSecret - yaml after restore type: string configSecret: default: true - description: ConfigSecret specifies whether to restore the - ConfigSecret manifest or not type: boolean configSecretName: - description: ConfigSecretName specifies new name of the ConfigSecret - yaml after restore type: string db: default: true - description: DB specifies whether to restore the DB manifest - or not type: boolean dbName: - description: DBName specifies the new name of the DB yaml - after restore type: string initScript: default: true - description: InitScript specifies whether to restore the InitScript - manifest or not type: boolean restoreNamespace: - description: RestoreNamespace specifies the Namespace where - the restored files will be applied type: string tlsIssuerRef: - description: TLSIssuerRef specifies the name of the IssuerRef - used for TLS configurations for both client and server properties: apiGroup: - description: APIGroup is the group for the resource being - referenced. If APIGroup is not specified, the specified - Kind must be in the core API group. For any other third-party - types, APIGroup is required. type: string kind: - description: Kind is the type of resource being referenced type: string name: - description: Name is the name of resource being referenced type: string required: - kind @@ -24210,67 +9439,26 @@ spec: x-kubernetes-map-type: atomic type: object msSQLServer: - description: MSSQLServer specifies the options for selecting particular - MSSQLServer components to restore in manifest restore properties: authSecret: default: true - description: AuthSecret specifies whether to restore the AuthSecret - manifest or not type: boolean authSecretName: - description: AuthSecretName specifies new name of the AuthSecret - yaml after restore type: string db: default: true - description: DB specifies whether to restore the DB manifest - or not type: boolean dbName: - description: DBName specifies the new name of the DB yaml - after restore type: string - internalAuthIssuerRef: - description: InternalAuthIssuerRef specifies the name of the - IssuerRef used for endpoint authentication. - properties: - apiGroup: - description: APIGroup is the group for the resource being - referenced. If APIGroup is not specified, the specified - Kind must be in the core API group. For any other third-party - types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being referenced - type: string - name: - description: Name is the name of resource being referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic restoreNamespace: - description: RestoreNamespace specifies the Namespace where - the restored files will be applied type: string tlsIssuerRef: - description: TLSIssuerRef specifies the name of the IssuerRef - used for TLS configurations for both client and server. properties: apiGroup: - description: APIGroup is the group for the resource being - referenced. If APIGroup is not specified, the specified - Kind must be in the core API group. For any other third-party - types, APIGroup is required. type: string kind: - description: Kind is the type of resource being referenced type: string name: - description: Name is the name of resource being referenced type: string required: - kind @@ -24279,60 +9467,34 @@ spec: x-kubernetes-map-type: atomic type: object mySQL: - description: MySQL specifies the options for selecting particular - MySQL components to restore in manifest restore properties: authSecret: default: true - description: AuthSecret specifies whether to restore the AuthSecret - manifest or not type: boolean authSecretName: - description: AuthSecretName specifies new name of the AuthSecret - yaml after restore type: string configSecret: default: true - description: ConfigSecret specifies whether to restore the - ConfigSecret manifest or not type: boolean configSecretName: - description: ConfigSecretName specifies new name of the ConfigSecret - yaml after restore type: string db: default: true - description: DB specifies whether to restore the DB manifest - or not type: boolean dbName: - description: DBName specifies the new name of the DB yaml - after restore type: string initScript: default: true - description: InitScript specifies whether to restore the InitScript - manifest or not type: boolean restoreNamespace: - description: RestoreNamespace specifies the Namespace where - the restored files will be applied type: string tlsIssuerRef: - description: TLSIssuerRef specifies the name of the IssuerRef - used for TLS configurations for both client and server properties: apiGroup: - description: APIGroup is the group for the resource being - referenced. If APIGroup is not specified, the specified - Kind must be in the core API group. For any other third-party - types, APIGroup is required. type: string kind: - description: Kind is the type of resource being referenced type: string name: - description: Name is the name of resource being referenced type: string required: - kind @@ -24341,60 +9503,34 @@ spec: x-kubernetes-map-type: atomic type: object postgres: - description: Postgres specifies the options for selecting particular - Postgres components to restore in manifest restore properties: authSecret: default: true - description: AuthSecret specifies whether to restore the AuthSecret - manifest or not type: boolean authSecretName: - description: AuthSecretName specifies new name of the AuthSecret - yaml after restore type: string configSecret: default: true - description: ConfigSecret specifies whether to restore the - ConfigSecret manifest or not type: boolean configSecretName: - description: ConfigSecretName specifies new name of the ConfigSecret - yaml after restore type: string db: default: true - description: DB specifies whether to restore the DB manifest - or not type: boolean dbName: - description: DBName specifies the new name of the DB yaml - after restore type: string initScript: default: true - description: InitScript specifies whether to restore the InitScript - manifest or not type: boolean restoreNamespace: - description: RestoreNamespace specifies the Namespace where - the restored files will be applied type: string tlsIssuerRef: - description: TLSIssuerRef specifies the name of the IssuerRef - used for TLS configurations for both client and server properties: apiGroup: - description: APIGroup is the group for the resource being - referenced. If APIGroup is not specified, the specified - Kind must be in the core API group. For any other third-party - types, APIGroup is required. type: string kind: - description: Kind is the type of resource being referenced type: string name: - description: Name is the name of resource being referenced type: string required: - kind @@ -24403,60 +9539,62 @@ spec: x-kubernetes-map-type: atomic type: object redis: - description: Redis specifies the options for selecting particular - Redis components to restore in manifest restore properties: authSecret: default: true - description: AuthSecret specifies whether to restore the AuthSecret - manifest or not type: boolean authSecretName: - description: AuthSecretName specifies new name of the AuthSecret - yaml after restore type: string configSecret: default: true - description: ConfigSecret specifies whether to restore the - ConfigSecret manifest or not type: boolean configSecretName: - description: ConfigSecretName specifies new name of the ConfigSecret - yaml after restore type: string db: default: true - description: DB specifies whether to restore the DB manifest - or not type: boolean dbName: - description: DBName specifies the new name of the DB yaml - after restore type: string initScript: default: true - description: InitScript specifies whether to restore the InitScript - manifest or not type: boolean restoreNamespace: - description: RestoreNamespace specifies the Namespace where - the restored files will be applied type: string tlsIssuerRef: - description: TLSIssuerRef specifies the name of the IssuerRef - used for TLS configurations for both client and server properties: apiGroup: - description: APIGroup is the group for the resource being - referenced. If APIGroup is not specified, the specified - Kind must be in the core API group. For any other third-party - types, APIGroup is required. type: string kind: - description: Kind is the type of resource being referenced type: string name: - description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + type: object + redisSentinel: + properties: + SentinelName: + type: string + authSecret: + default: true + type: boolean + authSecretName: + type: string + restoreNamespace: + type: string + sentinel: + default: true + type: boolean + tlsIssuerRef: + properties: + apiGroup: + type: string + kind: + type: string + name: type: string required: - kind @@ -24465,60 +9603,34 @@ spec: x-kubernetes-map-type: atomic type: object singlestore: - description: Singlestore specifies the options for selecting particular - Singlestore components to restore in manifest restore properties: authSecret: default: true - description: AuthSecret specifies whether to restore the AuthSecret - manifest or not type: boolean authSecretName: - description: AuthSecretName specifies new name of the AuthSecret - yaml after restore type: string configSecret: default: true - description: ConfigSecret specifies whether to restore the - ConfigSecret manifest or not type: boolean configSecretName: - description: ConfigSecretName specifies new name of the ConfigSecret - yaml after restore type: string db: default: true - description: DB specifies whether to restore the DB manifest - or not type: boolean dbName: - description: DBName specifies the new name of the DB yaml - after restore type: string initScript: default: true - description: InitScript specifies whether to restore the InitScript - manifest or not type: boolean restoreNamespace: - description: RestoreNamespace specifies the Namespace where - the restored files will be applied type: string tlsIssuerRef: - description: TLSIssuerRef specifies the name of the IssuerRef - used for TLS configurations for both client and server properties: apiGroup: - description: APIGroup is the group for the resource being - referenced. If APIGroup is not specified, the specified - Kind must be in the core API group. For any other third-party - types, APIGroup is required. type: string kind: - description: Kind is the type of resource being referenced type: string name: - description: Name is the name of resource being referenced type: string required: - kind @@ -24527,69 +9639,39 @@ spec: x-kubernetes-map-type: atomic type: object workload: - description: Workload specifies the options for Workload components - to restore in manifest restore properties: restoreNamespace: - description: RestoreNamespace specifies the Namespace where - the restored files will be applied type: string type: object zooKeeper: - description: ZooKeeper specifies the options for selecting particular - ZooKeeper components to restore in manifest restore properties: authSecret: default: true - description: AuthSecret specifies whether to restore the AuthSecret - manifest or not type: boolean authSecretName: - description: AuthSecretName specifies new name of the AuthSecret - yaml after restore type: string configSecret: default: true - description: ConfigSecret specifies whether to restore the - ConfigSecret manifest or not type: boolean configSecretName: - description: ConfigSecretName specifies new name of the ConfigSecret - yaml after restore type: string db: default: true - description: DB specifies whether to restore the DB manifest - or not type: boolean dbName: - description: DBName specifies the new name of the DB yaml - after restore type: string initScript: default: true - description: InitScript specifies whether to restore the InitScript - manifest or not type: boolean restoreNamespace: - description: RestoreNamespace specifies the Namespace where - the restored files will be applied type: string tlsIssuerRef: - description: TLSIssuerRef specifies the name of the IssuerRef - used for TLS configurations for both client and server properties: apiGroup: - description: APIGroup is the group for the resource being - referenced. If APIGroup is not specified, the specified - Kind must be in the core API group. For any other third-party - types, APIGroup is required. type: string kind: - description: Kind is the type of resource being referenced type: string name: - description: Name is the name of resource being referenced type: string required: - kind @@ -24599,48 +9681,31 @@ spec: type: object type: object restoreTimeout: - description: RestoreTimeout specifies a duration that KubeStash should - wait for the restore to be completed. If the restore tasks do not - finish within this time period, KubeStash will consider this restore - as a failure. type: string target: - description: Target indicates the target application where the data - will be restored. The target must be in the same namespace as the - RestoreSession CR. properties: apiGroup: type: string kind: type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string required: - name type: object type: object status: - description: RestoreSessionStatus defines the observed state of RestoreSession properties: components: additionalProperties: - description: ComponentRestoreStatus represents the restore status - of individual components properties: duration: - description: Duration specifies the total time taken to complete - the restore process for this component type: string error: - description: Error specifies the reason in case of restore failure - for the component type: string phase: - description: Phase represents the restore phase of the component enum: - Pending - Running @@ -24650,55 +9715,26 @@ spec: - Unknown type: string type: object - description: Components represents the individual component restore - status type: object x-kubernetes-map-type: granular conditions: - description: Conditions specifies a list of conditions related to - this restore session items: - description: Condition defines an observation of a object operational - state. properties: lastTransitionTime: - description: Last time the condition transitioned from one status - to another. This should be when the underlying condition changed. - If that is not known, then using the time when the API field - changed is acceptable. format: date-time type: string message: - description: A human-readable message indicating details about - the transition. This field may be empty. type: string observedGeneration: - description: If set, this represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.condition[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. format: int64 type: integer reason: - description: The reason for the condition's last transition - in CamelCase. The specific API may choose whether this field - is considered a guaranteed API. This field may not be empty. type: string severity: - description: Severity provides an explicit classification of - Reason code, so the users or machines can immediately understand - the current situation and act accordingly. The Severity field - MUST be set only when Status=False. type: string status: - description: Status of the condition, one of True, False, Unknown. type: string type: - description: Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources - like Available, but because arbitrary util can be useful (see - .node.status.util), the ability to deconflict is important. type: string required: - lastTransitionTime @@ -24707,50 +9743,32 @@ spec: type: object type: array dependencies: - description: Dependencies specifies whether the objects required by - this RestoreSession exist or not items: - description: ResourceFoundStatus specifies whether a resource was - found or not properties: apiGroup: type: string found: - description: Found indicates whether the resource was found - or not type: boolean kind: type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string required: - name type: object type: array duration: - description: Duration specifies the total time taken to complete the - restore process type: string hooks: - description: Hooks represents the hook execution status properties: postHooks: - description: PostHooks represents the post-restore hook execution - status items: - description: HookExecutionStatus represents the state of the - hook execution properties: name: - description: Name indicates the name of the hook whose status - is being shown here. type: string phase: - description: Phase represents the hook execution phase enum: - Succeeded - Failed @@ -24759,18 +9777,11 @@ spec: type: object type: array preHooks: - description: PreHooks represents the pre-restore hook execution - status items: - description: HookExecutionStatus represents the state of the - hook execution properties: name: - description: Name indicates the name of the hook whose status - is being shown here. type: string phase: - description: Phase represents the hook execution phase enum: - Succeeded - Failed @@ -24780,28 +9791,21 @@ spec: type: array type: object pausedBackups: - description: PausedBackups represents the list of backups that have - been paused before restore. items: - description: TypedObjectReference represents an typed namespaced - object. properties: apiGroup: type: string kind: type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string required: - name type: object type: array phase: - description: Phase represents the current state of the restore process enum: - Pending - Running @@ -24811,17 +9815,11 @@ spec: - Unknown type: string restoreDeadline: - description: RestoreDeadline specifies the deadline of restore. Restore - will be considered Failed if it does not complete within this deadline format: date-time type: string targetFound: - description: TargetFound specifies whether the restore target exist - or not type: boolean totalComponents: - description: TotalComponents represents the number of total components - for this RestoreSession format: int32 type: integer type: object diff --git a/vendor/kubestash.dev/apimachinery/crds/storage.kubestash.com_backupstorages.yaml b/vendor/kubestash.dev/apimachinery/crds/storage.kubestash.com_backupstorages.yaml index 932adba2..577b14d8 100644 --- a/vendor/kubestash.dev/apimachinery/crds/storage.kubestash.com_backupstorages.yaml +++ b/vendor/kubestash.dev/apimachinery/crds/storage.kubestash.com_backupstorages.yaml @@ -40,174 +40,83 @@ spec: name: v1alpha1 schema: openAPIV3Schema: - description: BackupStorage specifies the backend information where the backed - up data of different applications will be stored. You can consider BackupStorage - as a representation of a bucket in Kubernetes native way. This is a namespaced - object. However, you can use the BackupStorage from any namespace as long - as it is permitted by the `.spec.usagePolicy` field. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: BackupStorageSpec defines information regarding remote backend, - its access credentials, usage policy etc. properties: default: - description: Default specifies whether to use this BackupStorage as - default storage for the current namespace as well as the allowed - namespaces. One namespace can have at most one default BackupStorage - configured. type: boolean deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what to do when you delete - a BackupStorage CR. The valid values are: "Delete": This will delete - the respective Repository and Snapshot CRs from the cluster but - keep the backed up data in the remote backend. This is the default - behavior. "WipeOut": This will delete the respective Repository - and Snapshot CRs as well as the backed up data from the backend.' enum: - Delete - WipeOut type: string runtimeSettings: - description: RuntimeSettings allow to specify Resources, NodeSelector, - Affinity, Toleration, ReadinessProbe etc. for the storage initializer/cleaner - job. properties: container: properties: env: - description: List of environment variables to set in the container. - Cannot be updated. items: - description: EnvVar represents an environment variable present - in a Container. properties: name: - description: Name of the environment variable. Must - be a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) are expanded - using the previously defined environment variables - in the container and any service environment variables. - If a variable cannot be resolved, the reference in - the input string will be unchanged. Double $$ are - reduced to a single $, which allows for escaping the - $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce - the string literal "$(VAR_NAME)". Escaped references - will never be expanded, regardless of whether the - variable exists or not. Defaults to "".' type: string valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. properties: configMapKeyRef: - description: Selects a key of a ConfigMap. properties: key: - description: The key to select. type: string name: default: "" - description: 'Name of the referent. This field - is effectively required, but due to backwards - compatibility is allowed to be empty. Instances - of this type with an empty value here are - almost certainly wrong. TODO: Add other useful - fields. apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the ConfigMap or - its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of the pod: supports - metadata.name, metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs.' properties: apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". type: string fieldPath: - description: Path of the field to select in - the specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' properties: containerName: - description: 'Container name: required for volumes, - optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output format of - the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to select' type: string required: - resource type: object x-kubernetes-map-type: atomic secretKeyRef: - description: Selects a key of a secret in the pod's - namespace properties: key: - description: The key of the secret to select - from. Must be a valid secret key. type: string name: default: "" - description: 'Name of the referent. This field - is effectively required, but due to backwards - compatibility is allowed to be empty. Instances - of this type with an empty value here are - almost certainly wrong. TODO: Add other useful - fields. apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the Secret or its - key must be defined type: boolean required: - key @@ -219,67 +128,31 @@ spec: type: object type: array envFrom: - description: List of sources to populate environment variables - in the container. The keys defined within a source must - be a C_IDENTIFIER. All invalid keys will be reported as - an event when the container is starting. When a key exists - in multiple sources, the value associated with the last - source will take precedence. Values defined by an Env with - a duplicate key will take precedence. Cannot be updated. items: - description: EnvFromSource represents the source of a set - of ConfigMaps properties: configMapRef: - description: The ConfigMap to select from properties: name: default: "" - description: 'Name of the referent. This field is - effectively required, but due to backwards compatibility - is allowed to be empty. Instances of this type - with an empty value here are almost certainly - wrong. TODO: Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the ConfigMap must - be defined type: boolean type: object x-kubernetes-map-type: atomic prefix: - description: An optional identifier to prepend to each - key in the ConfigMap. Must be a C_IDENTIFIER. type: string secretRef: - description: The Secret to select from properties: name: default: "" - description: 'Name of the referent. This field is - effectively required, but due to backwards compatibility - is allowed to be empty. Instances of this type - with an empty value here are almost certainly - wrong. TODO: Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: Specify whether the Secret must be - defined type: boolean type: object x-kubernetes-map-type: atomic type: object type: array ionice: - description: 'Settings to configure `ionice` to throttle the - load on disk. More info: http://kennystechtalk.blogspot.com/2015/04/throttling-cpu-usage-with-linux-cgroups.html - More info: https://oakbytes.wordpress.com/2012/06/06/linux-scheduler-cfs-and-nice/' properties: class: format: int32 @@ -289,58 +162,27 @@ spec: type: integer type: object lifecycle: - description: Actions that the management system should take - in response to container lifecycle events. Cannot be updated. properties: postStart: - description: 'PostStart is called immediately after a - container is created. If the handler fails, the container - is terminated and restarted according to its restart - policy. Other management of the container blocks until - the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory - for the command is root ('/') in the container's - filesystem. The command is simply exec'd, it - is not run inside a shell, so traditional shell - instructions ('|', etc) won't work. To use a - shell, you need to explicitly call out to that - shell. Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the http request to - perform. properties: host: - description: Host name to connect to, defaults - to the pod IP. You probably want to set "Host" - in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes properties: name: - description: The header field name. This - will be canonicalized upon output, so - case-variant names will be understood - as the same header. type: string value: - description: The header field value type: string required: - name @@ -349,114 +191,58 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the - host. Defaults to HTTP. type: string required: - port type: object sleep: - description: Sleep represents the duration that the - container should sleep before being terminated. properties: seconds: - description: Seconds is the number of seconds - to sleep. format: int64 type: integer required: - seconds type: object tcpSocket: - description: Deprecated. TCPSocket is NOT supported - as a LifecycleHandler and kept for the backward - compatibility. There are no validation of this field - and lifecycle hooks will fail in runtime when tcp - handler is specified. properties: host: - description: 'Optional: Host name to connect to, - defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: - description: 'PreStop is called immediately before a container - is terminated due to an API request or management event - such as liveness/startup probe failure, preemption, - resource contention, etc. The handler is not called - if the container crashes or exits. The Pod''s termination - grace period countdown begins before the PreStop hook - is executed. Regardless of the outcome of the handler, - the container will eventually terminate within the Pod''s - termination grace period (unless delayed by finalizers). - Other management of the container blocks until the hook - completes or until the termination grace period is reached. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory - for the command is root ('/') in the container's - filesystem. The command is simply exec'd, it - is not run inside a shell, so traditional shell - instructions ('|', etc) won't work. To use a - shell, you need to explicitly call out to that - shell. Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the http request to - perform. properties: host: - description: Host name to connect to, defaults - to the pod IP. You probably want to set "Host" - in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes properties: name: - description: The header field name. This - will be canonicalized upon output, so - case-variant names will be understood - as the same header. type: string value: - description: The header field value type: string required: - name @@ -465,53 +251,33 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the - host. Defaults to HTTP. type: string required: - port type: object sleep: - description: Sleep represents the duration that the - container should sleep before being terminated. properties: seconds: - description: Seconds is the number of seconds - to sleep. format: int64 type: integer required: - seconds type: object tcpSocket: - description: Deprecated. TCPSocket is NOT supported - as a LifecycleHandler and kept for the backward - compatibility. There are no validation of this field - and lifecycle hooks will fail in runtime when tcp - handler is specified. properties: host: - description: 'Optional: Host name to connect to, - defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -519,73 +285,38 @@ spec: type: object type: object livenessProbe: - description: 'Periodic probe of container liveness. Container - will be restarted if the probe fails. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', - etc) won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC - port. properties: port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name of the service to - place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes properties: name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. type: string value: - description: The header field value type: string required: - name @@ -594,162 +325,84 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port to access - on the container. Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving a - TCP port. properties: host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access - on the container. Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and - the time when the processes are forcibly halted with - a kill signal. Set this value longer than the expected - cleanup time for your process. If this value is nil, - the pod's terminationGracePeriodSeconds will be used. - Otherwise, this value overrides the value provided by - the pod spec. Value must be non-negative integer. The - value zero indicates stop immediately via the kill signal - (no opportunity to shut down). This is a beta field - and requires enabling ProbeTerminationGracePeriod feature - gate. Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which the probe - times out. Defaults to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object nice: - description: 'Settings to configure `nice` to throttle the - load on cpu. More info: http://kennystechtalk.blogspot.com/2015/04/throttling-cpu-usage-with-linux-cgroups.html - More info: https://oakbytes.wordpress.com/2012/06/06/linux-scheduler-cfs-and-nice/' properties: adjustment: format: int32 type: integer type: object readinessProbe: - description: 'Periodic probe of container service readiness. - Container will be removed from service endpoints if the - probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', - etc) won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC - port. properties: port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name of the service to - place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes properties: name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. type: string value: - description: The header field value type: string required: - name @@ -758,103 +411,51 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port to access - on the container. Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving a - TCP port. properties: host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access - on the container. Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and - the time when the processes are forcibly halted with - a kill signal. Set this value longer than the expected - cleanup time for your process. If this value is nil, - the pod's terminationGracePeriodSeconds will be used. - Otherwise, this value overrides the value provided by - the pod spec. Value must be non-negative integer. The - value zero indicates stop immediately via the kill signal - (no opportunity to shut down). This is a beta field - and requires enabling ProbeTerminationGracePeriod feature - gate. Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which the probe - times out. Defaults to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object resources: - description: 'Compute Resources required by container. Cannot - be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' properties: claims: - description: "Claims lists the names of resources, defined - in spec.resourceClaims, that are used by this container. - \n This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. \n This field - is immutable. It can only be set for containers." items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of one entry - in pod.spec.resourceClaims of the Pod where this - field is used. It makes that resource available - inside a container. type: string required: - name @@ -870,8 +471,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -880,208 +479,77 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of - compute resources required. If Requests is omitted for - a container, it defaults to Limits if that is explicitly - specified, otherwise to an implementation-defined value. - Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: - description: 'Security options the pod should run with. More - info: https://kubernetes.io/docs/concepts/policy/security-context/ - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether - a process can gain more privileges than its parent process. - This bool directly controls if the no_new_privs flag - will be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged - 2) has CAP_SYS_ADMIN Note that this field cannot be - set when spec.os.name is windows.' type: boolean appArmorProfile: - description: appArmorProfile is the AppArmor options to - use by this container. If set, this profile overrides - the pod's appArmorProfile. Note that this field cannot - be set when spec.os.name is windows. properties: localhostProfile: - description: localhostProfile indicates a profile - loaded on the node that should be used. The profile - must be preconfigured on the node to work. Must - match the loaded name of the profile. Must be set - if and only if type is "Localhost". type: string type: - description: 'type indicates which kind of AppArmor - profile will be applied. Valid options are: Localhost - - a profile pre-loaded on the node. RuntimeDefault - - the container runtime''s default profile. Unconfined - - no AppArmor enforcement.' type: string required: - type type: object capabilities: - description: The capabilities to add/drop when running - containers. Defaults to the default set of capabilities - granted by the container runtime. Note that this field - cannot be set when spec.os.name is windows. properties: add: - description: Added capabilities items: - description: Capability represent POSIX capabilities - type type: string type: array x-kubernetes-list-type: atomic drop: - description: Removed capabilities items: - description: Capability represent POSIX capabilities - type type: string type: array x-kubernetes-list-type: atomic type: object privileged: - description: Run container in privileged mode. Processes - in privileged containers are essentially equivalent - to root on the host. Defaults to false. Note that this - field cannot be set when spec.os.name is windows. type: boolean procMount: - description: procMount denotes the type of proc mount - to use for the containers. The default is DefaultProcMount - which uses the container runtime defaults for readonly - paths and masked paths. This requires the ProcMountType - feature flag to be enabled. Note that this field cannot - be set when spec.os.name is windows. type: string readOnlyRootFilesystem: - description: Whether this container has a read-only root - filesystem. Default is false. Note that this field cannot - be set when spec.os.name is windows. type: boolean runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be - set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set - when spec.os.name is windows. format: int64 type: integer runAsNonRoot: - description: Indicates that the container must run as - a non-root user. If true, the Kubelet will validate - the image at runtime to ensure that it does not run - as UID 0 (root) and fail to start the container if it - does. If unset or false, no such validation will be - performed. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata - if unspecified. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name - is windows. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be applied to the - container. If unspecified, the container runtime will - allocate a random SELinux context for each container. May - also be set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set - when spec.os.name is windows. properties: level: - description: Level is SELinux level label that applies - to the container. type: string role: - description: Role is a SELinux role label that applies - to the container. type: string type: - description: Type is a SELinux type label that applies - to the container. type: string user: - description: User is a SELinux user label that applies - to the container. type: string type: object seccompProfile: - description: The seccomp options to use by this container. - If seccomp options are provided at both the pod & container - level, the container options override the pod options. - Note that this field cannot be set when spec.os.name - is windows. properties: localhostProfile: - description: localhostProfile indicates a profile - defined in a file on the node should be used. The - profile must be preconfigured on the node to work. - Must be a descending path, relative to the kubelet's - configured seccomp profile location. Must be set - if type is "Localhost". Must NOT be set for any - other type. type: string type: - description: "type indicates which kind of seccomp - profile will be applied. Valid options are: \n Localhost - - a profile defined in a file on the node should - be used. RuntimeDefault - the container runtime - default profile should be used. Unconfined - no - profile should be applied." type: string required: - type type: object windowsOptions: - description: The Windows specific settings applied to - all containers. If unspecified, the options from the - PodSecurityContext will be used. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set - when spec.os.name is linux. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA - admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec - named by the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of - the GMSA credential spec to use. type: string hostProcess: - description: HostProcess determines if a container - should be run as a 'Host Process' container. All - of a Pod's containers must have the same effective - HostProcess value (it is not allowed to have a mix - of HostProcess containers and non-HostProcess containers). - In addition, if HostProcess is true then HostNetwork - must also be set to true. type: boolean runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set - in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. type: string type: object type: object @@ -1089,65 +557,22 @@ spec: pod: properties: affinity: - description: If specified, the pod's scheduling constraints properties: nodeAffinity: - description: Describes node affinity scheduling rules - for the pod. properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule - pods to nodes that satisfy the affinity expressions - specified by this field, but it may choose a node - that violates one or more of the expressions. The - node that is most preferred is the one with the - greatest sum of weights, i.e. for each node that - meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if - the node matches the corresponding matchExpressions; - the node(s) with the highest sum are the most preferred. items: - description: An empty preferred scheduling term - matches all objects with implicit weight 0 (i.e. - it's a no-op). A null preferred scheduling term - matches no objects (i.e. is also a no-op). properties: preference: - description: A node selector term, associated - with the corresponding weight. properties: matchExpressions: - description: A list of node selector requirements - by node's labels. items: - description: A node selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. properties: key: - description: The label key that the - selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. - If the operator is Gt or Lt, the - values array must have a single - element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. items: type: string type: array @@ -1159,35 +584,13 @@ spec: type: array x-kubernetes-list-type: atomic matchFields: - description: A list of node selector requirements - by node's fields. items: - description: A node selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. properties: key: - description: The label key that the - selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. - If the operator is Gt or Lt, the - values array must have a single - element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. items: type: string type: array @@ -1201,9 +604,6 @@ spec: type: object x-kubernetes-map-type: atomic weight: - description: Weight associated with matching - the corresponding nodeSelectorTerm, in the - range 1-100. format: int32 type: integer required: @@ -1213,53 +613,18 @@ spec: type: array x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified - by this field are not met at scheduling time, the - pod will not be scheduled onto the node. If the - affinity requirements specified by this field cease - to be met at some point during pod execution (e.g. - due to an update), the system may or may not try - to eventually evict the pod from its node. properties: nodeSelectorTerms: - description: Required. A list of node selector - terms. The terms are ORed. items: - description: A null or empty node selector term - matches no objects. The requirements of them - are ANDed. The TopologySelectorTerm type implements - a subset of the NodeSelectorTerm. properties: matchExpressions: - description: A list of node selector requirements - by node's labels. items: - description: A node selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. properties: key: - description: The label key that the - selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. - If the operator is Gt or Lt, the - values array must have a single - element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. items: type: string type: array @@ -1271,35 +636,13 @@ spec: type: array x-kubernetes-list-type: atomic matchFields: - description: A list of node selector requirements - by node's fields. items: - description: A node selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. properties: key: - description: The label key that the - selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. - If the operator is Gt or Lt, the - values array must have a single - element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. items: type: string type: array @@ -1320,69 +663,22 @@ spec: x-kubernetes-map-type: atomic type: object podAffinity: - description: Describes pod affinity scheduling rules (e.g. - co-locate this pod in the same node, zone, etc. as some - other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule - pods to nodes that satisfy the affinity expressions - specified by this field, but it may choose a node - that violates one or more of the expressions. The - node that is most preferred is the one with the - greatest sum of weights, i.e. for each node that - meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if - the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum - are the most preferred. items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) properties: podAffinityTerm: - description: Required. A pod affinity term, - associated with the corresponding weight. properties: labelSelector: - description: A label query over a set of - resources, in this case pods. If it's - null, this PodAffinityTerm matches with - no Pods. properties: matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. properties: key: - description: key is the label - key that the selector applies - to. type: string operator: - description: operator represents - a key's relationship to a set - of values. Valid operators are - In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array - of string values. If the operator - is In or NotIn, the values array - must be non-empty. If the operator - is Exists or DoesNotExist, the - values array must be empty. - This array is replaced during - a strategic merge patch. items: type: string type: array @@ -1396,102 +692,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of - {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are - ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of - pod label keys to select which pods will - be taken into consideration. The keys - are used to lookup values from the incoming - pod labels, those key-value labels are - merged with `labelSelector` as `key in - (value)` to select the group of existing - pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. - Keys that don't exist in the incoming - pod labels will be ignored. The default - value is empty. The same key is forbidden - to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when - labelSelector isn't set. This is an alpha - field and requires enabling MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys is a set - of pod label keys to select which pods - will be taken into consideration. The - keys are used to lookup values from the - incoming pod labels, those key-value labels - are merged with `labelSelector` as `key - notin (value)` to select the group of - existing pods which pods will be taken - into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist - in the incoming pod labels will be ignored. - The default value is empty. The same key - is forbidden to exist in both mismatchLabelKeys - and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector isn't - set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature - gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set - of namespaces that the term applies to. - The term is applied to the union of the - namespaces selected by this field and - the ones listed in the namespaces field. - null selector and null or empty namespaces - list means "this pod's namespace". An - empty selector ({}) matches all namespaces. properties: matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. properties: key: - description: key is the label - key that the selector applies - to. type: string operator: - description: operator represents - a key's relationship to a set - of values. Valid operators are - In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array - of string values. If the operator - is In or NotIn, the values array - must be non-empty. If the operator - is Exists or DoesNotExist, the - values array must be empty. - This array is replaced during - a strategic merge patch. items: type: string type: array @@ -1505,47 +728,20 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of - {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are - ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static - list of namespace names that the term - applies to. The term is applied to the - union of the namespaces listed in this - field and the ones selected by namespaceSelector. - null or empty namespaces list and null - namespaceSelector means "this pod's namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: - description: This pod should be co-located - (affinity) or not co-located (anti-affinity) - with the pods matching the labelSelector - in the specified namespaces, where co-located - is defined as running on a node whose - value of the label with key topologyKey - matches that of any node on which any - of the selected pods is running. Empty - topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching - the corresponding podAffinityTerm, in the - range 1-100. format: int32 type: integer required: @@ -1555,60 +751,18 @@ spec: type: array x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified - by this field are not met at scheduling time, the - pod will not be scheduled onto the node. If the - affinity requirements specified by this field cease - to be met at some point during pod execution (e.g. - due to a pod label update), the system may or may - not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes - corresponding to each podAffinityTerm are intersected, - i.e. all terms must be satisfied. items: - description: Defines a set of pods (namely those - matching the labelSelector relative to the given - namespace(s)) that this pod should be co-located - (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node - whose value of the label with key - matches that of any node on which a pod of the - set of pods is running properties: labelSelector: - description: A label query over a set of resources, - in this case pods. If it's null, this PodAffinityTerm - matches with no Pods. properties: matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. properties: key: - description: key is the label key - that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. items: type: string type: array @@ -1622,95 +776,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod - label keys to select which pods will be taken - into consideration. The keys are used to lookup - values from the incoming pod labels, those - key-value labels are merged with `labelSelector` - as `key in (value)` to select the group of - existing pods which pods will be taken into - consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value - is empty. The same key is forbidden to exist - in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature - gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod - label keys to select which pods will be taken - into consideration. The keys are used to lookup - values from the incoming pod labels, those - key-value labels are merged with `labelSelector` - as `key notin (value)` to select the group - of existing pods which pods will be taken - into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist - in the incoming pod labels will be ignored. - The default value is empty. The same key is - forbidden to exist in both mismatchLabelKeys - and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling - MatchLabelKeysInPodAffinity feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by - this field and the ones listed in the namespaces - field. null selector and null or empty namespaces - list means "this pod's namespace". An empty - selector ({}) matches all namespaces. properties: matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. properties: key: - description: key is the label key - that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. items: type: string type: array @@ -1724,36 +812,15 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. - The term is applied to the union of the namespaces - listed in this field and the ones selected - by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this - pod's namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the - pods matching the labelSelector in the specified - namespaces, where co-located is defined as - running on a node whose value of the label - with key topologyKey matches that of any node - on which any of the selected pods is running. - Empty topologyKey is not allowed. type: string required: - topologyKey @@ -1762,69 +829,22 @@ spec: x-kubernetes-list-type: atomic type: object podAntiAffinity: - description: Describes pod anti-affinity scheduling rules - (e.g. avoid putting this pod in the same node, zone, - etc. as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule - pods to nodes that satisfy the anti-affinity expressions - specified by this field, but it may choose a node - that violates one or more of the expressions. The - node that is most preferred is the one with the - greatest sum of weights, i.e. for each node that - meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity - expressions, etc.), compute a sum by iterating through - the elements of this field and adding "weight" to - the sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum - are the most preferred. items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) properties: podAffinityTerm: - description: Required. A pod affinity term, - associated with the corresponding weight. properties: labelSelector: - description: A label query over a set of - resources, in this case pods. If it's - null, this PodAffinityTerm matches with - no Pods. properties: matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. properties: key: - description: key is the label - key that the selector applies - to. type: string operator: - description: operator represents - a key's relationship to a set - of values. Valid operators are - In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array - of string values. If the operator - is In or NotIn, the values array - must be non-empty. If the operator - is Exists or DoesNotExist, the - values array must be empty. - This array is replaced during - a strategic merge patch. items: type: string type: array @@ -1838,102 +858,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of - {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are - ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of - pod label keys to select which pods will - be taken into consideration. The keys - are used to lookup values from the incoming - pod labels, those key-value labels are - merged with `labelSelector` as `key in - (value)` to select the group of existing - pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. - Keys that don't exist in the incoming - pod labels will be ignored. The default - value is empty. The same key is forbidden - to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when - labelSelector isn't set. This is an alpha - field and requires enabling MatchLabelKeysInPodAffinity - feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys is a set - of pod label keys to select which pods - will be taken into consideration. The - keys are used to lookup values from the - incoming pod labels, those key-value labels - are merged with `labelSelector` as `key - notin (value)` to select the group of - existing pods which pods will be taken - into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist - in the incoming pod labels will be ignored. - The default value is empty. The same key - is forbidden to exist in both mismatchLabelKeys - and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector isn't - set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature - gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set - of namespaces that the term applies to. - The term is applied to the union of the - namespaces selected by this field and - the ones listed in the namespaces field. - null selector and null or empty namespaces - list means "this pod's namespace". An - empty selector ({}) matches all namespaces. properties: matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. properties: key: - description: key is the label - key that the selector applies - to. type: string operator: - description: operator represents - a key's relationship to a set - of values. Valid operators are - In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array - of string values. If the operator - is In or NotIn, the values array - must be non-empty. If the operator - is Exists or DoesNotExist, the - values array must be empty. - This array is replaced during - a strategic merge patch. items: type: string type: array @@ -1947,47 +894,20 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of - {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are - ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static - list of namespace names that the term - applies to. The term is applied to the - union of the namespaces listed in this - field and the ones selected by namespaceSelector. - null or empty namespaces list and null - namespaceSelector means "this pod's namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: - description: This pod should be co-located - (affinity) or not co-located (anti-affinity) - with the pods matching the labelSelector - in the specified namespaces, where co-located - is defined as running on a node whose - value of the label with key topologyKey - matches that of any node on which any - of the selected pods is running. Empty - topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching - the corresponding podAffinityTerm, in the - range 1-100. format: int32 type: integer required: @@ -1997,60 +917,18 @@ spec: type: array x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified - by this field are not met at scheduling time, the - pod will not be scheduled onto the node. If the - anti-affinity requirements specified by this field - cease to be met at some point during pod execution - (e.g. due to a pod label update), the system may - or may not try to eventually evict the pod from - its node. When there are multiple elements, the - lists of nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. items: - description: Defines a set of pods (namely those - matching the labelSelector relative to the given - namespace(s)) that this pod should be co-located - (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node - whose value of the label with key - matches that of any node on which a pod of the - set of pods is running properties: labelSelector: - description: A label query over a set of resources, - in this case pods. If it's null, this PodAffinityTerm - matches with no Pods. properties: matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. properties: key: - description: key is the label key - that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. items: type: string type: array @@ -2064,95 +942,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod - label keys to select which pods will be taken - into consideration. The keys are used to lookup - values from the incoming pod labels, those - key-value labels are merged with `labelSelector` - as `key in (value)` to select the group of - existing pods which pods will be taken into - consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value - is empty. The same key is forbidden to exist - in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature - gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod - label keys to select which pods will be taken - into consideration. The keys are used to lookup - values from the incoming pod labels, those - key-value labels are merged with `labelSelector` - as `key notin (value)` to select the group - of existing pods which pods will be taken - into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist - in the incoming pod labels will be ignored. - The default value is empty. The same key is - forbidden to exist in both mismatchLabelKeys - and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling - MatchLabelKeysInPodAffinity feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by - this field and the ones listed in the namespaces - field. null selector and null or empty namespaces - list means "this pod's namespace". An empty - selector ({}) matches all namespaces. properties: matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. properties: key: - description: key is the label key - that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. items: type: string type: array @@ -2166,36 +978,15 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. - The term is applied to the union of the namespaces - listed in this field and the ones selected - by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this - pod's namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the - pods matching the labelSelector in the specified - namespaces, where co-located is defined as - running on a node whose value of the label - with key topologyKey matches that of any node - on which any of the selected pods is running. - Empty topologyKey is not allowed. type: string required: - topologyKey @@ -2205,277 +996,106 @@ spec: type: object type: object automountServiceAccountToken: - description: AutomountServiceAccountToken indicates whether - a service account token should be automatically mounted. type: boolean enableServiceLinks: - description: 'EnableServiceLinks indicates whether information - about services should be injected into pod''s environment - variables, matching the syntax of Docker links. Optional: - Defaults to true.' type: boolean imagePullSecrets: - description: 'ImagePullSecrets is an optional list of references - to secrets in the same namespace to use for pulling any - of the images used by this PodRuntimeSettings. If specified, - these secrets will be passed to individual puller implementations - for them to use. For example, in the case of docker, only - DockerConfig type secrets are honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' items: - description: LocalObjectReference contains enough information - to let you locate the referenced object inside the same - namespace. properties: name: default: "" - description: 'Name of the referent. This field is effectively - required, but due to backwards compatibility is allowed - to be empty. Instances of this type with an empty - value here are almost certainly wrong. TODO: Add other - useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic type: array nodeName: - description: NodeName is a request to schedule this pod onto - a specific node. If it is non-empty, the scheduler simply - schedules this pod onto that node, assuming that it fits - resource requirements. type: string nodeSelector: additionalProperties: type: string - description: 'NodeSelector is a selector which must be true - for the pod to fit on a node. Selector which must match - a node''s labels for the pod to be scheduled on that node. - More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' type: object podAnnotations: additionalProperties: type: string - description: PodAnnotations are the annotations that will - be attached with the respective Pod type: object podLabels: additionalProperties: type: string - description: PodLabels are the labels that will be attached - with the respective Pod type: object priority: - description: The priority value. Various system components - use this field to find the priority of the pod. When Priority - Admission Controller is enabled, it prevents users from - setting this field. The admission controller populates this - field from PriorityClassName. The higher the value, the - higher the priority. format: int32 type: integer priorityClassName: - description: If specified, indicates the pod's priority. "system-node-critical" - and "system-cluster-critical" are two special keywords which - indicate the highest priorities with the former being the - highest priority. Any other name must be defined by creating - a PriorityClass object with that name. If not specified, - the pod priority will be default or zero if there is no - default. type: string readinessGates: - description: 'If specified, all readiness gates will be evaluated - for pod readiness. A pod is ready when all its containers - are ready AND all conditions specified in the readiness - gates have status equal to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/0007-pod-ready%2B%2B.md' items: - description: PodReadinessGate contains the reference to - a pod condition properties: conditionType: - description: ConditionType refers to a condition in - the pod's condition list with matching type. type: string required: - conditionType type: object type: array runtimeClassName: - description: 'RuntimeClassName refers to a RuntimeClass object - in the node.k8s.io group, which should be used to run this - pod. If no RuntimeClass resource matches the named class, - the pod will not be run. If unset or empty, the "legacy" - RuntimeClass will be used, which is an implicit class with - an empty definition that uses the default runtime handler. - More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md - This is an alpha feature and may change in the future.' type: string schedulerName: - description: If specified, the pod will be dispatched by specified - scheduler. If not specified, the pod will be dispatched - by default scheduler. type: string securityContext: - description: 'Security options the pod should run with. More - info: https://kubernetes.io/docs/concepts/policy/security-context/ - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: appArmorProfile: - description: appArmorProfile is the AppArmor options to - use by the containers in this pod. Note that this field - cannot be set when spec.os.name is windows. properties: localhostProfile: - description: localhostProfile indicates a profile - loaded on the node that should be used. The profile - must be preconfigured on the node to work. Must - match the loaded name of the profile. Must be set - if and only if type is "Localhost". type: string type: - description: 'type indicates which kind of AppArmor - profile will be applied. Valid options are: Localhost - - a profile pre-loaded on the node. RuntimeDefault - - the container runtime''s default profile. Unconfined - - no AppArmor enforcement.' type: string required: - type type: object fsGroup: - description: "A special supplemental group that applies - to all containers in a pod. Some volume types allow - the Kubelet to change the ownership of that volume to - be owned by the pod: \n 1. The owning GID will be the - FSGroup 2. The setgid bit is set (new files created - in the volume will be owned by FSGroup) 3. The permission - bits are OR'd with rw-rw---- \n If unset, the Kubelet - will not modify the ownership and permissions of any - volume. Note that this field cannot be set when spec.os.name - is windows." format: int64 type: integer fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines behavior of - changing ownership and permission of the volume before - being exposed inside Pod. This field will only apply - to volume types which support fsGroup based ownership(and - permissions). It will have no effect on ephemeral volume - types such as: secret, configmaps and emptydir. Valid - values are "OnRootMismatch" and "Always". If not specified, - "Always" is used. Note that this field cannot be set - when spec.os.name is windows.' type: string runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be - set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. Note that this - field cannot be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: - description: Indicates that the container must run as - a non-root user. If true, the Kubelet will validate - the image at runtime to ensure that it does not run - as UID 0 (root) and fail to start the container if it - does. If unset or false, no such validation will be - performed. May also be set in SecurityContext. If set - in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata - if unspecified. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence - for that container. Note that this field cannot be set - when spec.os.name is windows. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be applied to all - containers. If unspecified, the container runtime will - allocate a random SELinux context for each container. May - also be set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. Note that this - field cannot be set when spec.os.name is windows. properties: level: - description: Level is SELinux level label that applies - to the container. type: string role: - description: Role is a SELinux role label that applies - to the container. type: string type: - description: Type is a SELinux type label that applies - to the container. type: string user: - description: User is a SELinux user label that applies - to the container. type: string type: object seccompProfile: - description: The seccomp options to use by the containers - in this pod. Note that this field cannot be set when - spec.os.name is windows. properties: localhostProfile: - description: localhostProfile indicates a profile - defined in a file on the node should be used. The - profile must be preconfigured on the node to work. - Must be a descending path, relative to the kubelet's - configured seccomp profile location. Must be set - if type is "Localhost". Must NOT be set for any - other type. type: string type: - description: "type indicates which kind of seccomp - profile will be applied. Valid options are: \n Localhost - - a profile defined in a file on the node should - be used. RuntimeDefault - the container runtime - default profile should be used. Unconfined - no - profile should be applied." type: string required: - type type: object supplementalGroups: - description: A list of groups applied to the first process - run in each container, in addition to the container's - primary GID, the fsGroup (if specified), and group memberships - defined in the container image for the uid of the container - process. If unspecified, no additional groups are added - to any container. Note that group memberships defined - in the container image for the uid of the container - process are still effective, even if they are not included - in this list. Note that this field cannot be set when - spec.os.name is windows. items: format: int64 type: integer type: array x-kubernetes-list-type: atomic sysctls: - description: Sysctls hold a list of namespaced sysctls - used for the pod. Pods with unsupported sysctls (by - the container runtime) might fail to launch. Note that - this field cannot be set when spec.os.name is windows. items: - description: Sysctl defines a kernel parameter to be - set properties: name: - description: Name of a property to set type: string value: - description: Value of a property to set type: string required: - name @@ -2484,133 +1104,52 @@ spec: type: array x-kubernetes-list-type: atomic windowsOptions: - description: The Windows specific settings applied to - all containers. If unspecified, the options within a - container's SecurityContext will be used. If set in - both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence. Note - that this field cannot be set when spec.os.name is linux. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA - admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec - named by the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of - the GMSA credential spec to use. type: string hostProcess: - description: HostProcess determines if a container - should be run as a 'Host Process' container. All - of a Pod's containers must have the same effective - HostProcess value (it is not allowed to have a mix - of HostProcess containers and non-HostProcess containers). - In addition, if HostProcess is true then HostNetwork - must also be set to true. type: boolean runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set - in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. type: string type: object type: object serviceAccountAnnotations: additionalProperties: type: string - description: ServiceAccountAnnotations are the annotations - that will be attached with the respective ServiceAccount type: object serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount - to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' type: string tolerations: - description: If specified, the pod's tolerations. items: - description: The pod this Toleration is attached to tolerates - any taint that matches the triple using - the matching operator . properties: effect: - description: Effect indicates the taint effect to match. - Empty means match all taint effects. When specified, - allowed values are NoSchedule, PreferNoSchedule and - NoExecute. type: string key: - description: Key is the taint key that the toleration - applies to. Empty means match all taint keys. If the - key is empty, operator must be Exists; this combination - means to match all values and all keys. type: string operator: - description: Operator represents a key's relationship - to the value. Valid operators are Exists and Equal. - Defaults to Equal. Exists is equivalent to wildcard - for value, so that a pod can tolerate all taints of - a particular category. type: string tolerationSeconds: - description: TolerationSeconds represents the period - of time the toleration (which must be of effect NoExecute, - otherwise this field is ignored) tolerates the taint. - By default, it is not set, which means tolerate the - taint forever (do not evict). Zero and negative values - will be treated as 0 (evict immediately) by the system. format: int64 type: integer value: - description: Value is the taint value the toleration - matches to. If the operator is Exists, the value should - be empty, otherwise just a regular string. type: string type: object type: array topologySpreadConstraints: - description: TopologySpreadConstraints describes how a group - of pods ought to spread across topology domains. Scheduler - will schedule pods in a way which abides by the constraints. - All topologySpreadConstraints are ANDed. items: - description: TopologySpreadConstraint specifies how to spread - matching pods among the given topology. properties: labelSelector: - description: LabelSelector is used to find matching - pods. Pods that match this label selector are counted - to determine the number of pods in their corresponding - topology domain. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. properties: key: - description: key is the label key that the - selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. items: type: string type: array @@ -2624,137 +1163,27 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys - to select the pods over which spreading will be calculated. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are ANDed with - labelSelector to select the group of existing pods - over which spreading will be calculated for the incoming - pod. The same key is forbidden to exist in both MatchLabelKeys - and LabelSelector. MatchLabelKeys cannot be set when - LabelSelector isn't set. Keys that don't exist in - the incoming pod labels will be ignored. A null or - empty list means only match against labelSelector. - \n This is a beta field and requires the MatchLabelKeysInPodTopologySpread - feature gate to be enabled (enabled by default)." items: type: string type: array x-kubernetes-list-type: atomic maxSkew: - description: 'MaxSkew describes the degree to which - pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, - it is the maximum permitted difference between the - number of matching pods in the target topology and - the global minimum. The global minimum is the minimum - number of matching pods in an eligible domain or zero - if the number of eligible domains is less than MinDomains. - For example, in a 3-zone cluster, MaxSkew is set to - 1, and pods with the same labelSelector spread as - 2/2/1: In this case, the global minimum is 1. | zone1 - | zone2 | zone3 | | P P | P P | P | - if MaxSkew - is 1, incoming pod can only be scheduled to zone3 - to become 2/2/2; scheduling it onto zone1(zone2) would - make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - - if MaxSkew is 2, incoming pod can be scheduled onto - any zone. When `whenUnsatisfiable=ScheduleAnyway`, - it is used to give higher precedence to topologies - that satisfy it. It''s a required field. Default value - is 1 and 0 is not allowed.' format: int32 type: integer minDomains: - description: "MinDomains indicates a minimum number - of eligible domains. When the number of eligible domains - with matching topology keys is less than minDomains, - Pod Topology Spread treats \"global minimum\" as 0, - and then the calculation of Skew is performed. And - when the number of eligible domains with matching - topology keys equals or greater than minDomains, this - value has no effect on scheduling. As a result, when - the number of eligible domains is less than minDomains, - scheduler won't schedule more than maxSkew Pods to - those domains. If value is nil, the constraint behaves - as if MinDomains is equal to 1. Valid values are integers - greater than 0. When value is not nil, WhenUnsatisfiable - must be DoNotSchedule. \n For example, in a 3-zone - cluster, MaxSkew is set to 2, MinDomains is set to - 5 and pods with the same labelSelector spread as 2/2/2: - | zone1 | zone2 | zone3 | | P P | P P | P P | - The number of domains is less than 5(MinDomains), - so \"global minimum\" is treated as 0. In this situation, - new pod with the same labelSelector cannot be scheduled, - because computed skew will be 3(3 - 0) if new Pod - is scheduled to any of the three zones, it will violate - MaxSkew." format: int32 type: integer nodeAffinityPolicy: - description: "NodeAffinityPolicy indicates how we will - treat Pod's nodeAffinity/nodeSelector when calculating - pod topology spread skew. Options are: - Honor: only - nodes matching nodeAffinity/nodeSelector are included - in the calculations. - Ignore: nodeAffinity/nodeSelector - are ignored. All nodes are included in the calculations. - \n If this value is nil, the behavior is equivalent - to the Honor policy. This is a beta-level feature - default enabled by the NodeInclusionPolicyInPodTopologySpread - feature flag." type: string nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates how we will - treat node taints when calculating pod topology spread - skew. Options are: - Honor: nodes without taints, - along with tainted nodes for which the incoming pod - has a toleration, are included. - Ignore: node taints - are ignored. All nodes are included. \n If this value - is nil, the behavior is equivalent to the Ignore policy. - This is a beta-level feature default enabled by the - NodeInclusionPolicyInPodTopologySpread feature flag." type: string topologyKey: - description: TopologyKey is the key of node labels. - Nodes that have a label with this key and identical - values are considered to be in the same topology. - We consider each as a "bucket", and try - to put balanced number of pods into each bucket. We - define a domain as a particular instance of a topology. - Also, we define an eligible domain as a domain whose - nodes meet the requirements of nodeAffinityPolicy - and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", - each Node is a domain of that topology. And, if TopologyKey - is "topology.kubernetes.io/zone", each zone is a domain - of that topology. It's a required field. type: string whenUnsatisfiable: - description: 'WhenUnsatisfiable indicates how to deal - with a pod if it doesn''t satisfy the spread constraint. - - DoNotSchedule (default) tells the scheduler not - to schedule it. - ScheduleAnyway tells the scheduler - to schedule the pod in any location, but giving higher - precedence to topologies that would help reduce the - skew. A constraint is considered "Unsatisfiable" for - an incoming pod if and only if every possible node - assignment for that pod would violate "MaxSkew" on - some topology. For example, in a 3-zone cluster, MaxSkew - is set to 1, and pods with the same labelSelector - spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P - | P | P | If WhenUnsatisfiable is set to DoNotSchedule, - incoming pod can only be scheduled to zone2(zone3) - to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) - satisfies MaxSkew(1). In other words, the cluster - can still be imbalanced, but scheduler won''t make - it *more* imbalanced. It''s a required field.' type: string required: - maxSkew @@ -2769,291 +1198,136 @@ spec: type: object type: object storage: - description: Storage specifies the remote storage information properties: azure: - description: Azure specifies the storage information for Azure - Blob container properties: container: - description: Container specifies the name of the Azure Blob - container that will be used as storage backend. type: string maxConnections: - description: MaxConnections specifies the maximum number of - concurrent connections to use to upload/download data to - this backend. format: int64 type: integer prefix: - description: Prefix specifies a directory inside the bucket/container - where the data for this backend will be stored. type: string secretName: - description: SecretName specifies the name of the Secret that - contains the access credential for this storage. type: string storageAccount: - description: StorageAccount specifies the name of the Azure - Storage Account type: string type: object gcs: - description: GCS specifies the storage information for GCS bucket properties: bucket: - description: Bucket specifies the name of the bucket that - will be used as storage backend. type: string maxConnections: - description: MaxConnections specifies the maximum number of - concurrent connections to use to upload/download data to - this backend. format: int64 type: integer prefix: - description: Prefix specifies a directory inside the bucket/container - where the data for this backend will be stored. type: string secretName: - description: SecretName specifies the name of the Secret that - contains the access credential for this storage. type: string type: object local: - description: Local specifies the storage information for local - provider properties: awsElasticBlockStore: - description: 'awsElasticBlockStore represents an AWS Disk - resource that is attached to a kubelet''s host machine and - then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' properties: fsType: - description: 'fsType is the filesystem type of the volume - that you want to mount. Tip: Ensure that the filesystem - type is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem from - compromising the machine' type: string partition: - description: 'partition is the partition in the volume - that you want to mount. If omitted, the default is to - mount by volume name. Examples: For volume /dev/sda1, - you specify the partition as "1". Similarly, the volume - partition for /dev/sda is "0" (or you can leave the - property empty).' format: int32 type: integer readOnly: - description: 'readOnly value true will force the readOnly - setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: boolean volumeID: - description: 'volumeID is unique ID of the persistent - disk resource in AWS (Amazon EBS volume). More info: - https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: string required: - volumeID type: object azureDisk: - description: azureDisk represents an Azure Data Disk mount - on the host and bind mount to the pod. properties: cachingMode: - description: 'cachingMode is the Host Caching mode: None, - Read Only, Read Write.' type: string diskName: - description: diskName is the Name of the data disk in - the blob storage type: string diskURI: - description: diskURI is the URI of data disk in the blob - storage type: string fsType: - description: fsType is Filesystem type to mount. Must - be a filesystem type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred - to be "ext4" if unspecified. type: string kind: - description: 'kind expected values are Shared: multiple - blob disks per storage account Dedicated: single blob - disk per storage account Managed: azure managed data - disk (only in managed availability set). defaults to - shared' type: string readOnly: - description: readOnly Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean required: - diskName - diskURI type: object azureFile: - description: azureFile represents an Azure File Service mount - on the host and bind mount to the pod. properties: readOnly: - description: readOnly defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean secretName: - description: secretName is the name of secret that contains - Azure Storage Account Name and Key type: string shareName: - description: shareName is the azure share Name type: string required: - secretName - shareName type: object cephfs: - description: cephFS represents a Ceph FS mount on the host - that shares a pod's lifetime properties: monitors: - description: 'monitors is Required: Monitors is a collection - of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' items: type: string type: array x-kubernetes-list-type: atomic path: - description: 'path is Optional: Used as the mounted root, - rather than the full Ceph tree, default is /' type: string readOnly: - description: 'readOnly is Optional: Defaults to false - (read/write). ReadOnly here will force the ReadOnly - setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: boolean secretFile: - description: 'secretFile is Optional: SecretFile is the - path to key ring for User, default is /etc/ceph/user.secret - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string secretRef: - description: 'secretRef is Optional: SecretRef is reference - to the authentication secret for User, default is empty. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' properties: name: default: "" - description: 'Name of the referent. This field is - effectively required, but due to backwards compatibility - is allowed to be empty. Instances of this type with - an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, - uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is optional: User is the rados user - name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string required: - monitors type: object cinder: - description: 'cinder represents a cinder volume attached and - mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' properties: fsType: - description: 'fsType is the filesystem type to mount. - Must be a filesystem type supported by the host operating - system. Examples: "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string readOnly: - description: 'readOnly defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: boolean secretRef: - description: 'secretRef is optional: points to a secret - object containing parameters used to connect to OpenStack.' properties: name: default: "" - description: 'Name of the referent. This field is - effectively required, but due to backwards compatibility - is allowed to be empty. Instances of this type with - an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, - uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic volumeID: - description: 'volumeID used to identify the volume in - cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string required: - volumeID type: object configMap: - description: configMap represents a configMap that should - populate this volume properties: defaultMode: - description: 'defaultMode is optional: mode bits used - to set permissions on created files by default. Must - be an octal value between 0000 and 0777 or a decimal - value between 0 and 511. YAML accepts both octal and - decimal values, JSON requires decimal values for mode - bits. Defaults to 0644. Directories within the path - are not affected by this setting. This might be in conflict - with other options that affect the file mode, like fsGroup, - and the result can be other mode bits set.' format: int32 type: integer items: - description: items if unspecified, each key-value pair - in the Data field of the referenced ConfigMap will be - projected into the volume as a file whose name is the - key and content is the value. If specified, the listed - keys will be projected into the specified paths, and - unlisted keys will not be present. If a key is specified - which is not present in the ConfigMap, the volume setup - will error unless it is marked optional. Paths must - be relative and may not contain the '..' path or start - with '..'. items: - description: Maps a string key to a path within a volume. properties: key: - description: key is the key to project. type: string mode: - description: 'mode is Optional: mode bits used to - set permissions on this file. Must be an octal - value between 0000 and 0777 or a decimal value - between 0 and 511. YAML accepts both octal and - decimal values, JSON requires decimal values for - mode bits. If not specified, the volume defaultMode - will be used. This might be in conflict with other - options that affect the file mode, like fsGroup, - and the result can be other mode bits set.' format: int32 type: integer path: - description: path is the relative path of the file - to map the key to. May not be an absolute path. - May not contain the path element '..'. May not - start with the string '..'. type: string required: - key @@ -3063,151 +1337,67 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of the referent. This field is effectively - required, but due to backwards compatibility is allowed - to be empty. Instances of this type with an empty value - here are almost certainly wrong. TODO: Add other useful - fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional specify whether the ConfigMap or - its keys must be defined type: boolean type: object x-kubernetes-map-type: atomic csi: - description: csi (Container Storage Interface) represents - ephemeral storage that is handled by certain external CSI - drivers (Beta feature). properties: driver: - description: driver is the name of the CSI driver that - handles this volume. Consult with your admin for the - correct name as registered in the cluster. type: string fsType: - description: fsType to mount. Ex. "ext4", "xfs", "ntfs". - If not provided, the empty value is passed to the associated - CSI driver which will determine the default filesystem - to apply. type: string nodePublishSecretRef: - description: nodePublishSecretRef is a reference to the - secret object containing sensitive information to pass - to the CSI driver to complete the CSI NodePublishVolume - and NodeUnpublishVolume calls. This field is optional, - and may be empty if no secret is required. If the secret - object contains more than one secret, all secret references - are passed. properties: name: default: "" - description: 'Name of the referent. This field is - effectively required, but due to backwards compatibility - is allowed to be empty. Instances of this type with - an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, - uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic readOnly: - description: readOnly specifies a read-only configuration - for the volume. Defaults to false (read/write). type: boolean volumeAttributes: additionalProperties: type: string - description: volumeAttributes stores driver-specific properties - that are passed to the CSI driver. Consult your driver's - documentation for supported values. type: object required: - driver type: object downwardAPI: - description: downwardAPI represents downward API about the - pod that should populate this volume properties: defaultMode: - description: 'Optional: mode bits to use on created files - by default. Must be a Optional: mode bits used to set - permissions on created files by default. Must be an - octal value between 0000 and 0777 or a decimal value - between 0 and 511. YAML accepts both octal and decimal - values, JSON requires decimal values for mode bits. - Defaults to 0644. Directories within the path are not - affected by this setting. This might be in conflict - with other options that affect the file mode, like fsGroup, - and the result can be other mode bits set.' format: int32 type: integer items: - description: Items is a list of downward API volume file items: - description: DownwardAPIVolumeFile represents information - to create the file containing the pod field properties: fieldRef: - description: 'Required: Selects a field of the pod: - only annotations, labels, name, namespace and - uid are supported.' properties: apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". type: string fieldPath: - description: Path of the field to select in - the specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: mode bits used to set permissions - on this file, must be an octal value between 0000 - and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON - requires decimal values for mode bits. If not - specified, the volume defaultMode will be used. - This might be in conflict with other options that - affect the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer path: - description: 'Required: Path is the relative path - name of the file to be created. Must not be absolute - or contain the ''..'' path. Must be utf-8 encoded. - The first item of the relative path must not start - with ''..''' type: string resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, requests.cpu and requests.memory) - are currently supported.' properties: containerName: - description: 'Container name: required for volumes, - optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output format of - the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to select' type: string required: - resource @@ -3220,182 +1410,50 @@ spec: x-kubernetes-list-type: atomic type: object emptyDir: - description: 'emptyDir represents a temporary directory that - shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' properties: medium: - description: 'medium represents what type of storage medium - should back this directory. The default is "" which - means to use the node''s default medium. Must be an - empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: anyOf: - type: integer - type: string - description: 'sizeLimit is the total amount of local storage - required for this EmptyDir volume. The size limit is - also applicable for memory medium. The maximum usage - on memory medium EmptyDir would be the minimum value - between the SizeLimit specified here and the sum of - memory limits of all containers in a pod. The default - is nil which means that the limit is undefined. More - info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object ephemeral: - description: "ephemeral represents a volume that is handled - by a cluster storage driver. The volume's lifecycle is tied - to the pod that defines it - it will be created before the - pod starts, and deleted when the pod is removed. \n Use - this if: a) the volume is only needed while the pod runs, - b) features of normal volumes like restoring from snapshot - or capacity tracking are needed, c) the storage driver is - specified through a storage class, and d) the storage driver - supports dynamic volume provisioning through a PersistentVolumeClaim - (see EphemeralVolumeSource for more information on the connection - between this volume type and PersistentVolumeClaim). \n - Use PersistentVolumeClaim or one of the vendor-specific - APIs for volumes that persist for longer than the lifecycle - of an individual pod. \n Use CSI for light-weight local - ephemeral volumes if the CSI driver is meant to be used - that way - see the documentation of the driver for more - information. \n A pod can use both types of ephemeral volumes - and persistent volumes at the same time." properties: volumeClaimTemplate: - description: "Will be used to create a stand-alone PVC - to provision the volume. The pod in which this EphemeralVolumeSource - is embedded will be the owner of the PVC, i.e. the PVC - will be deleted together with the pod. The name of - the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array - entry. Pod validation will reject the pod if the concatenated - name is not valid for a PVC (for example, too long). - \n An existing PVC with that name that is not owned - by the pod will *not* be used for the pod to avoid using - an unrelated volume by mistake. Starting the pod is - then blocked until the unrelated PVC is removed. If - such a pre-created PVC is meant to be used by the pod, - the PVC has to updated with an owner reference to the - pod once the pod exists. Normally this should not be - necessary, but it may be useful when manually reconstructing - a broken cluster. \n This field is read-only and no - changes will be made by Kubernetes to the PVC after - it has been created. \n Required, must not be nil." properties: metadata: - description: May contain labels and annotations that - will be copied into the PVC when creating it. No - other fields are allowed and will be rejected during - validation. properties: annotations: additionalProperties: type: string - description: 'Annotations is an unstructured key - value map stored with a resource that may be - set by external tools to store and retrieve - arbitrary metadata. They are not queryable and - should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations' type: object generateName: - description: "GenerateName is an optional prefix, - used by the server, to generate a unique name - ONLY IF the Name field has not been provided. - If this field is used, the name returned to - the client will be different than the name passed. - This value will also be combined with a unique - suffix. The provided value has the same validation - rules as the Name field, and may be truncated - by the length of the suffix required to make - the value unique on the server. \n If this field - is specified and the generated name exists, - the server will NOT return a 409 - instead, - it will either return 201 Created or 500 with - Reason ServerTimeout indicating a unique name - could not be found in the time allotted, and - the client should retry (optionally after the - time indicated in the Retry-After header). \n - Applied only if Name is not specified. More - info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" type: string labels: additionalProperties: type: string - description: 'Map of string keys and values that - can be used to organize and categorize (scope - and select) objects. May match selectors of - replication controllers and services. More info: - http://kubernetes.io/docs/user-guide/labels' type: object name: - description: 'Name must be unique within a namespace. - Is required when creating resources, although - some resources may allow a client to request - the generation of an appropriate name automatically. - Name is primarily intended for creation idempotence - and configuration definition. Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' type: string namespace: - description: "Namespace defines the space within - each name must be unique. An empty namespace - is equivalent to the \"default\" namespace, - but \"default\" is the canonical representation. - Not all objects are required to be scoped to - a namespace - the value of this field for those - objects will be empty. \n Must be a DNS_LABEL. - Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" type: string ownerReferences: - description: List of objects depended by this - object. If ALL objects in the list have been - deleted, this object will be garbage collected. - If this object is managed by a controller, then - an entry in this list will point to this controller, - with the controller field set to true. There - cannot be more than one managing controller. items: - description: OwnerReference contains enough - information to let you identify an owning - object. An owning object must be in the same - namespace as the dependent, or be cluster-scoped, - so there is no namespace field. properties: apiVersion: - description: API version of the referent. type: string blockOwnerDeletion: - description: If true, AND if the owner has - the "foregroundDeletion" finalizer, then - the owner cannot be deleted from the key-value - store until this reference is removed. - See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion - for how the garbage collector interacts - with this field and enforces the foreground - deletion. Defaults to false. To set this - field, a user needs "delete" permission - of the owner, otherwise 422 (Unprocessable - Entity) will be returned. type: boolean controller: - description: If true, this reference points - to the managing controller. type: boolean kind: - description: 'Kind of the referent. More - info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: - description: 'UID of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -3407,49 +1465,19 @@ spec: type: array type: object spec: - description: The specification for the PersistentVolumeClaim. - The entire content is copied unchanged into the - PVC that gets created from this template. The same - fields as in a PersistentVolumeClaim are also valid - here. properties: accessModes: - description: 'accessModes contains the desired - access modes the volume should have. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array x-kubernetes-list-type: atomic dataSource: - description: 'dataSource field can be used to - specify either: * An existing VolumeSnapshot - object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) If - the provisioner or an external controller can - support the specified data source, it will create - a new volume based on the contents of the specified - data source. When the AnyVolumeDataSource feature - gate is enabled, dataSource contents will be - copied to dataSourceRef, and dataSourceRef contents - will be copied to dataSource when dataSourceRef.namespace - is not specified. If the namespace is specified, - then dataSourceRef will not be copied to dataSource.' properties: apiGroup: - description: APIGroup is the group for the - resource being referenced. If APIGroup is - not specified, the specified Kind must be - in the core API group. For any other third-party - types, APIGroup is required. type: string kind: - description: Kind is the type of resource - being referenced type: string name: - description: Name is the name of resource - being referenced type: string required: - kind @@ -3457,77 +1485,20 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef specifies the object - from which to populate the volume with data, - if a non-empty volume is desired. This may be - any object from a non-empty API group (non core - object) or a PersistentVolumeClaim object. When - this field is specified, volume binding will - only succeed if the type of the specified object - matches some installed volume populator or dynamic - provisioner. This field will replace the functionality - of the dataSource field and as such if both - fields are non-empty, they must have the same - value. For backwards compatibility, when namespace - isn''t specified in dataSourceRef, both fields - (dataSource and dataSourceRef) will be set to - the same value automatically if one of them - is empty and the other is non-empty. When namespace - is specified in dataSourceRef, dataSource isn''t - set to the same value and must be empty. There - are three important differences between dataSource - and dataSourceRef: * While dataSource only allows - two specific types of objects, dataSourceRef - allows any non-core object, as well as PersistentVolumeClaim - objects. * While dataSource ignores disallowed - values (dropping them), dataSourceRef preserves - all values, and generates an error if a disallowed - value is specified. * While dataSource only - allows local objects, dataSourceRef allows objects - in any namespaces. (Beta) Using this field requires - the AnyVolumeDataSource feature gate to be enabled. - (Alpha) Using the namespace field of dataSourceRef - requires the CrossNamespaceVolumeDataSource - feature gate to be enabled.' properties: apiGroup: - description: APIGroup is the group for the - resource being referenced. If APIGroup is - not specified, the specified Kind must be - in the core API group. For any other third-party - types, APIGroup is required. type: string kind: - description: Kind is the type of resource - being referenced type: string name: - description: Name is the name of resource - being referenced type: string namespace: - description: Namespace is the namespace of - resource being referenced Note that when - a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant - object is required in the referent namespace - to allow that namespace's owner to accept - the reference. See the ReferenceGrant documentation - for details. (Alpha) This field requires - the CrossNamespaceVolumeDataSource feature - gate to be enabled. type: string required: - kind - name type: object resources: - description: 'resources represents the minimum - resources the volume should have. If RecoverVolumeExpansionFailure - feature is enabled users are allowed to specify - resource requirements that are lower than previous - value but must still be higher than capacity - recorded in the status field of the claim. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: @@ -3536,9 +1507,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum - amount of compute resources allowed. More - info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -3547,47 +1515,18 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum - amount of compute resources required. If - Requests is omitted for a container, it - defaults to Limits if that is explicitly - specified, otherwise to an implementation-defined - value. Requests cannot exceed Limits. More - info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: - description: selector is a label query over volumes - to consider for binding. properties: matchExpressions: - description: matchExpressions is a list of - label selector requirements. The requirements - are ANDed. items: - description: A label selector requirement - is a selector that contains values, a - key, and an operator that relates the - key and values. properties: key: - description: key is the label key that - the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. items: type: string type: array @@ -3601,50 +1540,16 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only - "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName is the name of - the StorageClass required by the claim. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeAttributesClassName: - description: 'volumeAttributesClassName may be - used to set the VolumeAttributesClass used by - this claim. If specified, the CSI driver will - create or update the volume with the attributes - defined in the corresponding VolumeAttributesClass. - This has a different purpose than storageClassName, - it can be changed after the claim is created. - An empty string value means that no VolumeAttributesClass - will be applied to the claim but it''s not allowed - to reset this field to empty string once it - is set. If unspecified and the PersistentVolumeClaim - is unbound, the default VolumeAttributesClass - will be set by the persistentvolume controller - if it exists. If the resource referred to by - volumeAttributesClass does not exist, this PersistentVolumeClaim - will be set to a Pending state, as reflected - by the modifyVolumeStatus field, until such - as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires the VolumeAttributesClass - feature gate to be enabled.' type: string volumeMode: - description: volumeMode defines what type of volume - is required by the claim. Value of Filesystem - is implied when not included in claim spec. type: string volumeName: - description: volumeName is the binding reference - to the PersistentVolume backing this claim. type: string type: object required: @@ -3652,85 +1557,41 @@ spec: type: object type: object fc: - description: fc represents a Fibre Channel resource that is - attached to a kubelet's host machine and then exposed to - the pod. properties: fsType: - description: 'fsType is the filesystem type to mount. - Must be a filesystem type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred - to be "ext4" if unspecified. TODO: how do we prevent - errors in the filesystem from compromising the machine' type: string lun: - description: 'lun is Optional: FC target lun number' format: int32 type: integer readOnly: - description: 'readOnly is Optional: Defaults to false - (read/write). ReadOnly here will force the ReadOnly - setting in VolumeMounts.' type: boolean targetWWNs: - description: 'targetWWNs is Optional: FC target worldwide - names (WWNs)' items: type: string type: array x-kubernetes-list-type: atomic wwids: - description: 'wwids Optional: FC volume world wide identifiers - (wwids) Either wwids or combination of targetWWNs and - lun must be set, but not both simultaneously.' items: type: string type: array x-kubernetes-list-type: atomic type: object flexVolume: - description: flexVolume represents a generic volume resource - that is provisioned/attached using an exec based plugin. properties: driver: - description: driver is the name of the driver to use for - this volume. type: string fsType: - description: fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". The default filesystem - depends on FlexVolume script. type: string options: additionalProperties: type: string - description: 'options is Optional: this field holds extra - command options if any.' type: object readOnly: - description: 'readOnly is Optional: defaults to false - (read/write). ReadOnly here will force the ReadOnly - setting in VolumeMounts.' type: boolean secretRef: - description: 'secretRef is Optional: secretRef is reference - to the secret object containing sensitive information - to pass to the plugin scripts. This may be empty if - no secret object is specified. If the secret object - contains more than one secret, all secrets are passed - to the plugin scripts.' properties: name: default: "" - description: 'Name of the referent. This field is - effectively required, but due to backwards compatibility - is allowed to be empty. Instances of this type with - an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, - uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic @@ -3738,169 +1599,79 @@ spec: - driver type: object flocker: - description: flocker represents a Flocker volume attached - to a kubelet's host machine. This depends on the Flocker - control service being running properties: datasetName: - description: datasetName is Name of the dataset stored - as metadata -> name on the dataset for Flocker should - be considered as deprecated type: string datasetUUID: - description: datasetUUID is the UUID of the dataset. This - is unique identifier of a Flocker dataset type: string type: object gcePersistentDisk: - description: 'gcePersistentDisk represents a GCE Disk resource - that is attached to a kubelet''s host machine and then exposed - to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' properties: fsType: - description: 'fsType is filesystem type of the volume - that you want to mount. Tip: Ensure that the filesystem - type is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem from - compromising the machine' type: string partition: - description: 'partition is the partition in the volume - that you want to mount. If omitted, the default is to - mount by volume name. Examples: For volume /dev/sda1, - you specify the partition as "1". Similarly, the volume - partition for /dev/sda is "0" (or you can leave the - property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' format: int32 type: integer pdName: - description: 'pdName is unique name of the PD resource - in GCE. Used to identify the disk in GCE. More info: - https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: string readOnly: - description: 'readOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: boolean required: - pdName type: object glusterfs: - description: 'glusterfs represents a Glusterfs mount on the - host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' properties: endpoints: - description: 'endpoints is the endpoint name that details - Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string path: - description: 'path is the Glusterfs volume path. More - info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string readOnly: - description: 'readOnly here will force the Glusterfs volume - to be mounted with read-only permissions. Defaults to - false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: boolean required: - endpoints - path type: object hostPath: - description: 'hostPath represents a pre-existing file or directory - on the host machine that is directly exposed to the container. - This is generally used for system agents or other privileged - things that are allowed to see the host machine. Most containers - will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict who can use host directory - mounts and who can/can not mount host directories as read/write.' properties: path: - description: 'path of the directory on the host. If the - path is a symlink, it will follow the link to the real - path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string type: - description: 'type for HostPath Volume Defaults to "" - More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string required: - path type: object iscsi: - description: 'iscsi represents an ISCSI Disk resource that - is attached to a kubelet''s host machine and then exposed - to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' properties: chapAuthDiscovery: - description: chapAuthDiscovery defines whether support - iSCSI Discovery CHAP authentication type: boolean chapAuthSession: - description: chapAuthSession defines whether support iSCSI - Session CHAP authentication type: boolean fsType: - description: 'fsType is the filesystem type of the volume - that you want to mount. Tip: Ensure that the filesystem - type is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem from - compromising the machine' type: string initiatorName: - description: initiatorName is the custom iSCSI Initiator - Name. If initiatorName is specified with iscsiInterface - simultaneously, new iSCSI interface : will be created for the connection. type: string iqn: - description: iqn is the target iSCSI Qualified Name. type: string iscsiInterface: - description: iscsiInterface is the interface Name that - uses an iSCSI transport. Defaults to 'default' (tcp). type: string lun: - description: lun represents iSCSI Target Lun number. format: int32 type: integer portals: - description: portals is the iSCSI Target Portal List. - The portal is either an IP or ip_addr:port if the port - is other than default (typically TCP ports 860 and 3260). items: type: string type: array x-kubernetes-list-type: atomic readOnly: - description: readOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. type: boolean secretRef: - description: secretRef is the CHAP Secret for iSCSI target - and initiator authentication properties: name: default: "" - description: 'Name of the referent. This field is - effectively required, but due to backwards compatibility - is allowed to be empty. Instances of this type with - an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, - uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic targetPortal: - description: targetPortal is iSCSI Target Portal. The - Portal is either an IP or ip_addr:port if the port is - other than default (typically TCP ports 860 and 3260). type: string required: - iqn @@ -3908,158 +1679,68 @@ spec: - targetPortal type: object mountPath: - description: MountPath specifies the directory where this - volume will be mounted type: string nfs: - description: 'nfs represents an NFS mount on the host that - shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' properties: path: - description: 'path that is exported by the NFS server. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string readOnly: - description: 'readOnly here will force the NFS export - to be mounted with read-only permissions. Defaults to - false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: boolean server: - description: 'server is the hostname or IP address of - the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string required: - path - server type: object persistentVolumeClaim: - description: 'persistentVolumeClaimVolumeSource represents - a reference to a PersistentVolumeClaim in the same namespace. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: claimName: - description: 'claimName is the name of a PersistentVolumeClaim - in the same namespace as the pod using this volume. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' type: string readOnly: - description: readOnly Will force the ReadOnly setting - in VolumeMounts. Default false. type: boolean required: - claimName type: object photonPersistentDisk: - description: photonPersistentDisk represents a PhotonController - persistent disk attached and mounted on kubelets host machine properties: fsType: - description: fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred - to be "ext4" if unspecified. type: string pdID: - description: pdID is the ID that identifies Photon Controller - persistent disk type: string required: - pdID type: object portworxVolume: - description: portworxVolume represents a portworx volume attached - and mounted on kubelets host machine properties: fsType: - description: fSType represents the filesystem type to - mount Must be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs". Implicitly inferred - to be "ext4" if unspecified. type: string readOnly: - description: readOnly defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean volumeID: - description: volumeID uniquely identifies a Portworx volume type: string required: - volumeID type: object projected: - description: projected items for all in one resources secrets, - configmaps, and downward API properties: defaultMode: - description: defaultMode are the mode bits used to set - permissions on created files by default. Must be an - octal value between 0000 and 0777 or a decimal value - between 0 and 511. YAML accepts both octal and decimal - values, JSON requires decimal values for mode bits. - Directories within the path are not affected by this - setting. This might be in conflict with other options - that affect the file mode, like fsGroup, and the result - can be other mode bits set. format: int32 type: integer sources: - description: sources is the list of volume projections items: - description: Projection that may be projected along - with other supported volume types properties: clusterTrustBundle: - description: "ClusterTrustBundle allows a pod to - access the `.spec.trustBundle` field of ClusterTrustBundle - objects in an auto-updating file. \n Alpha, gated - by the ClusterTrustBundleProjection feature gate. - \n ClusterTrustBundle objects can either be selected - by name, or by the combination of signer name - and a label selector. \n Kubelet performs aggressive - normalization of the PEM contents written into - the pod filesystem. Esoteric PEM features such - as inter-block comments and block headers are - stripped. Certificates are deduplicated. The - ordering of certificates within the file is arbitrary, - and Kubelet may change the order over time." properties: labelSelector: - description: Select all ClusterTrustBundles - that match this label selector. Only has - effect if signerName is set. Mutually-exclusive - with name. If unset, interpreted as "match - nothing". If set but empty, interpreted as - "match everything". properties: matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. properties: key: - description: key is the label key - that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. items: type: string type: array @@ -4073,86 +1754,31 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic name: - description: Select a single ClusterTrustBundle - by object name. Mutually-exclusive with signerName - and labelSelector. type: string optional: - description: If true, don't block pod startup - if the referenced ClusterTrustBundle(s) aren't - available. If using name, then the named - ClusterTrustBundle is allowed not to exist. If - using signerName, then the combination of - signerName and labelSelector is allowed to - match zero ClusterTrustBundles. type: boolean path: - description: Relative path from the volume root - to write the bundle. type: string signerName: - description: Select all ClusterTrustBundles - that match this signer name. Mutually-exclusive - with name. The contents of all selected ClusterTrustBundles - will be unified and deduplicated. type: string required: - path type: object configMap: - description: configMap information about the configMap - data to project properties: items: - description: items if unspecified, each key-value - pair in the Data field of the referenced ConfigMap - will be projected into the volume as a file - whose name is the key and content is the value. - If specified, the listed keys will be projected - into the specified paths, and unlisted keys - will not be present. If a key is specified - which is not present in the ConfigMap, the - volume setup will error unless it is marked - optional. Paths must be relative and may not - contain the '..' path or start with '..'. items: - description: Maps a string key to a path within - a volume. properties: key: - description: key is the key to project. type: string mode: - description: 'mode is Optional: mode bits - used to set permissions on this file. - Must be an octal value between 0000 - and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and - decimal values, JSON requires decimal - values for mode bits. If not specified, - the volume defaultMode will be used. - This might be in conflict with other - options that affect the file mode, like - fsGroup, and the result can be other - mode bits set.' format: int32 type: integer path: - description: path is the relative path - of the file to map the key to. May not - be an absolute path. May not contain - the path element '..'. May not start - with the string '..'. type: string required: - key @@ -4162,98 +1788,42 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of the referent. This field - is effectively required, but due to backwards - compatibility is allowed to be empty. Instances - of this type with an empty value here are - almost certainly wrong. TODO: Add other useful - fields. apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional specify whether the ConfigMap - or its keys must be defined type: boolean type: object x-kubernetes-map-type: atomic downwardAPI: - description: downwardAPI information about the downwardAPI - data to project properties: items: - description: Items is a list of DownwardAPIVolume - file items: - description: DownwardAPIVolumeFile represents - information to create the file containing - the pod field properties: fieldRef: - description: 'Required: Selects a field - of the pod: only annotations, labels, - name, namespace and uid are supported.' properties: apiVersion: - description: Version of the schema - the FieldPath is written in terms - of, defaults to "v1". type: string fieldPath: - description: Path of the field to - select in the specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: mode bits used - to set permissions on this file, must - be an octal value between 0000 and 0777 - or a decimal value between 0 and 511. - YAML accepts both octal and decimal - values, JSON requires decimal values - for mode bits. If not specified, the - volume defaultMode will be used. This - might be in conflict with other options - that affect the file mode, like fsGroup, - and the result can be other mode bits - set.' format: int32 type: integer path: - description: 'Required: Path is the relative - path name of the file to be created. - Must not be absolute or contain the - ''..'' path. Must be utf-8 encoded. - The first item of the relative path - must not start with ''..''' type: string resourceFieldRef: - description: 'Selects a resource of the - container: only resources limits and - requests (limits.cpu, limits.memory, - requests.cpu and requests.memory) are - currently supported.' properties: containerName: - description: 'Container name: required - for volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output - format of the exposed resources, - defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to - select' type: string required: - resource @@ -4266,49 +1836,16 @@ spec: x-kubernetes-list-type: atomic type: object secret: - description: secret information about the secret - data to project properties: items: - description: items if unspecified, each key-value - pair in the Data field of the referenced Secret - will be projected into the volume as a file - whose name is the key and content is the value. - If specified, the listed keys will be projected - into the specified paths, and unlisted keys - will not be present. If a key is specified - which is not present in the Secret, the volume - setup will error unless it is marked optional. - Paths must be relative and may not contain - the '..' path or start with '..'. items: - description: Maps a string key to a path within - a volume. properties: key: - description: key is the key to project. type: string mode: - description: 'mode is Optional: mode bits - used to set permissions on this file. - Must be an octal value between 0000 - and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and - decimal values, JSON requires decimal - values for mode bits. If not specified, - the volume defaultMode will be used. - This might be in conflict with other - options that affect the file mode, like - fsGroup, and the result can be other - mode bits set.' format: int32 type: integer path: - description: path is the relative path - of the file to map the key to. May not - be an absolute path. May not contain - the path element '..'. May not start - with the string '..'. type: string required: - key @@ -4318,50 +1855,19 @@ spec: x-kubernetes-list-type: atomic name: default: "" - description: 'Name of the referent. This field - is effectively required, but due to backwards - compatibility is allowed to be empty. Instances - of this type with an empty value here are - almost certainly wrong. TODO: Add other useful - fields. apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: - description: optional field specify whether - the Secret or its key must be defined type: boolean type: object x-kubernetes-map-type: atomic serviceAccountToken: - description: serviceAccountToken is information - about the serviceAccountToken data to project properties: audience: - description: audience is the intended audience - of the token. A recipient of a token must - identify itself with an identifier specified - in the audience of the token, and otherwise - should reject the token. The audience defaults - to the identifier of the apiserver. type: string expirationSeconds: - description: expirationSeconds is the requested - duration of validity of the service account - token. As the token approaches expiration, - the kubelet volume plugin will proactively - rotate the service account token. The kubelet - will start trying to rotate the token if the - token is older than 80 percent of its time - to live or if the token is older than 24 hours.Defaults - to 1 hour and must be at least 10 minutes. format: int64 type: integer path: - description: path is the path relative to the - mount point of the file to project the token - into. type: string required: - path @@ -4371,163 +1877,79 @@ spec: x-kubernetes-list-type: atomic type: object quobyte: - description: quobyte represents a Quobyte mount on the host - that shares a pod's lifetime properties: group: - description: group to map volume access to Default is - no group type: string readOnly: - description: readOnly here will force the Quobyte volume - to be mounted with read-only permissions. Defaults to - false. type: boolean registry: - description: registry represents a single or multiple - Quobyte Registry services specified as a string as host:port - pair (multiple entries are separated with commas) which - acts as the central registry for volumes type: string tenant: - description: tenant owning the given Quobyte volume in - the Backend Used with dynamically provisioned Quobyte - volumes, value is set by the plugin type: string user: - description: user to map volume access to Defaults to - serivceaccount user type: string volume: - description: volume is a string that references an already - created Quobyte volume by name. type: string required: - registry - volume type: object rbd: - description: 'rbd represents a Rados Block Device mount on - the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' properties: fsType: - description: 'fsType is the filesystem type of the volume - that you want to mount. Tip: Ensure that the filesystem - type is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem from - compromising the machine' type: string image: - description: 'image is the rados image name. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string keyring: - description: 'keyring is the path to key ring for RBDUser. - Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string monitors: - description: 'monitors is a collection of Ceph monitors. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' items: type: string type: array x-kubernetes-list-type: atomic pool: - description: 'pool is the rados pool name. Default is - rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string readOnly: - description: 'readOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: boolean secretRef: - description: 'secretRef is name of the authentication - secret for RBDUser. If provided overrides keyring. Default - is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' properties: name: default: "" - description: 'Name of the referent. This field is - effectively required, but due to backwards compatibility - is allowed to be empty. Instances of this type with - an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, - uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is the rados user name. Default is - admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string required: - image - monitors type: object scaleIO: - description: scaleIO represents a ScaleIO persistent volume - attached and mounted on Kubernetes nodes. properties: fsType: - description: fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". type: string gateway: - description: gateway is the host address of the ScaleIO - API Gateway. type: string protectionDomain: - description: protectionDomain is the name of the ScaleIO - Protection Domain for the configured storage. type: string readOnly: - description: readOnly Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: secretRef references to the secret for ScaleIO - user and other sensitive information. If this is not - provided, Login operation will fail. properties: name: default: "" - description: 'Name of the referent. This field is - effectively required, but due to backwards compatibility - is allowed to be empty. Instances of this type with - an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, - uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic sslEnabled: - description: sslEnabled Flag enable/disable SSL communication - with Gateway, default false type: boolean storageMode: - description: storageMode indicates whether the storage - for a volume should be ThickProvisioned or ThinProvisioned. - Default is ThinProvisioned. type: string storagePool: - description: storagePool is the ScaleIO Storage Pool associated - with the protection domain. type: string system: - description: system is the name of the storage system - as configured in ScaleIO. type: string volumeName: - description: volumeName is the name of a volume already - created in the ScaleIO system that is associated with - this volume source. type: string required: - gateway @@ -4535,54 +1957,19 @@ spec: - system type: object secret: - description: 'secret represents a secret that should populate - this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' properties: defaultMode: - description: 'defaultMode is Optional: mode bits used - to set permissions on created files by default. Must - be an octal value between 0000 and 0777 or a decimal - value between 0 and 511. YAML accepts both octal and - decimal values, JSON requires decimal values for mode - bits. Defaults to 0644. Directories within the path - are not affected by this setting. This might be in conflict - with other options that affect the file mode, like fsGroup, - and the result can be other mode bits set.' format: int32 type: integer items: - description: items If unspecified, each key-value pair - in the Data field of the referenced Secret will be projected - into the volume as a file whose name is the key and - content is the value. If specified, the listed keys - will be projected into the specified paths, and unlisted - keys will not be present. If a key is specified which - is not present in the Secret, the volume setup will - error unless it is marked optional. Paths must be relative - and may not contain the '..' path or start with '..'. items: - description: Maps a string key to a path within a volume. properties: key: - description: key is the key to project. type: string mode: - description: 'mode is Optional: mode bits used to - set permissions on this file. Must be an octal - value between 0000 and 0777 or a decimal value - between 0 and 511. YAML accepts both octal and - decimal values, JSON requires decimal values for - mode bits. If not specified, the volume defaultMode - will be used. This might be in conflict with other - options that affect the file mode, like fsGroup, - and the result can be other mode bits set.' format: int32 type: integer path: - description: path is the relative path of the file - to map the key to. May not be an absolute path. - May not contain the path element '..'. May not - start with the string '..'. type: string required: - key @@ -4591,184 +1978,83 @@ spec: type: array x-kubernetes-list-type: atomic optional: - description: optional field specify whether the Secret - or its keys must be defined type: boolean secretName: - description: 'secretName is the name of the secret in - the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' type: string type: object storageos: - description: storageOS represents a StorageOS volume attached - and mounted on Kubernetes nodes. properties: fsType: - description: fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred - to be "ext4" if unspecified. type: string readOnly: - description: readOnly defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: secretRef specifies the secret to use for - obtaining the StorageOS API credentials. If not specified, - default values will be attempted. properties: name: default: "" - description: 'Name of the referent. This field is - effectively required, but due to backwards compatibility - is allowed to be empty. Instances of this type with - an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, - uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen - doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string type: object x-kubernetes-map-type: atomic volumeName: - description: volumeName is the human-readable name of - the StorageOS volume. Volume names are only unique - within a namespace. type: string volumeNamespace: - description: volumeNamespace specifies the scope of the - volume within StorageOS. If no namespace is specified - then the Pod's namespace will be used. This allows - the Kubernetes name scoping to be mirrored within StorageOS - for tighter integration. Set VolumeName to any name - to override the default behaviour. Set to "default" - if you are not using namespaces within StorageOS. Namespaces - that do not pre-exist within StorageOS will be created. type: string type: object subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). type: string vsphereVolume: - description: vsphereVolume represents a vSphere volume attached - and mounted on kubelets host machine properties: fsType: - description: fsType is filesystem type to mount. Must - be a filesystem type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred - to be "ext4" if unspecified. type: string storagePolicyID: - description: storagePolicyID is the storage Policy Based - Management (SPBM) profile ID associated with the StoragePolicyName. type: string storagePolicyName: - description: storagePolicyName is the storage Policy Based - Management (SPBM) profile name. type: string volumePath: - description: volumePath is the path that identifies vSphere - volume vmdk type: string required: - volumePath type: object type: object provider: - description: Provider specifies the provider of the storage type: string s3: - description: S3 specifies the storage information for AWS S3 and - S3 compatible storage. properties: bucket: - description: Bucket specifies the name of the bucket that - will be used as storage backend. type: string endpoint: - description: Endpoint specifies the URL of the S3 or S3 compatible - storage bucket. type: string insecureTLS: - description: InsecureTLS controls whether a client should - skip TLS certificate verification. Setting this field to - true disables verification, which might be necessary in - cases where the server uses self-signed certificates or - certificates from an untrusted CA. Use this option with - caution, as it can expose the client to man-in-the-middle - attacks and other security risks. Only use it when absolutely - necessary. type: boolean prefix: - description: Prefix specifies a directory inside the bucket/container - where the data for this backend will be stored. type: string region: - description: Region specifies the region where the bucket - is located type: string secretName: - description: SecretName specifies the name of the Secret that - contains the access credential for this storage. type: string type: object type: object usagePolicy: - description: UsagePolicy specifies a policy of how this BackupStorage - will be used. For example, you can use `allowedNamespaces` policy - to restrict the usage of this BackupStorage to particular namespaces. - This field is optional. If you don't provide the usagePolicy, then - it can be used only from the current namespace. properties: allowedNamespaces: - description: AllowedNamespaces specifies which namespaces are - allowed to use the resource properties: from: default: Same - description: 'From indicates how to select the namespaces - that are allowed to use this resource. Possible values are: - * All: All namespaces can use this resource. * Selector: - Namespaces that matches the selector can use this resource. - * Same: Only current namespace can use the resource.' enum: - All - Selector - Same type: string selector: - description: Selector must be specified when From is set to - "Selector". In that case, only the selected namespaces are - allowed to use this resource. This field is ignored for - other values of "From". properties: matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. properties: key: - description: key is the label key that the selector - applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. items: type: string type: array @@ -4782,11 +2068,6 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic @@ -4794,53 +2075,25 @@ spec: type: object type: object status: - description: BackupStorageStatus defines the observed state of BackupStorage properties: conditions: - description: Conditions represents list of conditions regarding this - BackupStorage items: - description: Condition defines an observation of a object operational - state. properties: lastTransitionTime: - description: Last time the condition transitioned from one status - to another. This should be when the underlying condition changed. - If that is not known, then using the time when the API field - changed is acceptable. format: date-time type: string message: - description: A human-readable message indicating details about - the transition. This field may be empty. type: string observedGeneration: - description: If set, this represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.condition[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. format: int64 type: integer reason: - description: The reason for the condition's last transition - in CamelCase. The specific API may choose whether this field - is considered a guaranteed API. This field may not be empty. type: string severity: - description: Severity provides an explicit classification of - Reason code, so the users or machines can immediately understand - the current situation and act accordingly. The Severity field - MUST be set only when Status=False. type: string status: - description: Status of the condition, one of True, False, Unknown. type: string type: - description: Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources - like Available, but because arbitrary util can be useful (see - .node.status.util), the ability to deconflict is important. type: string required: - lastTransitionTime @@ -4849,48 +2102,25 @@ spec: type: object type: array phase: - description: Phase indicates the overall phase of the backup BackupStorage. - Phase will be "Ready" only if the Backend is initialized and Repositories - are synced. type: string repositories: - description: Repositories holds the information of all Repositories - using this BackupStorage items: - description: RepositoryInfo specifies information regarding a Repository - using the BackupStorage properties: error: - description: Error specifies the reason in case of Repository - sync failure. type: string name: - description: Name represents the name of the respective Repository - CR type: string namespace: - description: Namespace represent the namespace where the Repository - CR has been created type: string path: - description: Path represents the directory inside the BackupStorage - where this Repository is storing its data This path is relative - to the path of BackupStorage. type: string size: - description: Size represents the size of the backed up data - in this Repository type: string synced: - description: Synced specifies whether this Repository state - has been synced with the cloud state or not type: boolean type: object type: array totalSize: - description: TotalSize represents the total backed up data size in - this storage. This is simply the summation of sizes of all Repositories - using this BackupStorage. type: string type: object type: object diff --git a/vendor/kubestash.dev/apimachinery/crds/storage.kubestash.com_repositories.yaml b/vendor/kubestash.dev/apimachinery/crds/storage.kubestash.com_repositories.yaml index 8948e089..818c9005 100644 --- a/vendor/kubestash.dev/apimachinery/crds/storage.kubestash.com_repositories.yaml +++ b/vendor/kubestash.dev/apimachinery/crds/storage.kubestash.com_repositories.yaml @@ -43,154 +43,81 @@ spec: name: v1alpha1 schema: openAPIV3Schema: - description: Repository specifies the information about the targeted application - that has been backed up and the BackupStorage where the backed up data is - being stored. It also holds a list of recent Snapshots that have been taken - in this Repository. Repository is a namespaced object. It must be in the - same namespace as the targeted application. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: RepositorySpec specifies the application reference and the - BackupStorage reference.It also specifies what should be the behavior - when a Repository CR is deleted from the cluster. properties: appRef: - description: AppRef refers to the application that is being backed - up in this Repository. properties: apiGroup: type: string kind: type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string required: - name type: object deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what to do when you delete - a Repository CR. The valid values are: "Delete": This will delete - the respective Snapshot CRs from the cluster but keep the backed - up data in the remote backend. This is the default behavior. "WipeOut": - This will delete the respective Snapshot CRs as well as the backed - up data from the backend.' enum: - Delete - WipeOut type: string encryptionSecret: - description: EncryptionSecret refers to the Secret containing the - encryption key which will be used to encode/decode the backed up - data. You can refer to a Secret of a different namespace. If you - don't provide the namespace field, KubeStash will look for the Secret - in the same namespace as the BackupConfiguration / BackupBatch. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string required: - name type: object path: - description: Path represents the directory inside the BackupStorage - where this Repository is storing its data This path is relative - to the path of BackupStorage. type: string paused: - description: Paused specifies whether the Repository is paused or - not. If the Repository is paused, KubeStash will not process any - further event for the Repository. type: boolean storageRef: - description: StorageRef refers to the BackupStorage CR which contain - the backend information where the backed up data will be stored. - The BackupStorage could be in a different namespace. However, the - Repository namespace must be allowed to use the BackupStorage. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string required: - name type: object type: object status: - description: RepositoryStatus defines the observed state of Repository properties: componentPaths: - description: ComponentPaths represents list of component paths in - this Repository items: type: string type: array conditions: - description: Conditions represents list of conditions regarding this - Repository items: - description: Condition defines an observation of a object operational - state. properties: lastTransitionTime: - description: Last time the condition transitioned from one status - to another. This should be when the underlying condition changed. - If that is not known, then using the time when the API field - changed is acceptable. format: date-time type: string message: - description: A human-readable message indicating details about - the transition. This field may be empty. type: string observedGeneration: - description: If set, this represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.condition[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. format: int64 type: integer reason: - description: The reason for the condition's last transition - in CamelCase. The specific API may choose whether this field - is considered a guaranteed API. This field may not be empty. type: string severity: - description: Severity provides an explicit classification of - Reason code, so the users or machines can immediately understand - the current situation and act accordingly. The Severity field - MUST be set only when Status=False. type: string status: - description: Status of the condition, one of True, False, Unknown. type: string type: - description: Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources - like Available, but because arbitrary util can be useful (see - .node.status.util), the ability to deconflict is important. type: string required: - lastTransitionTime @@ -199,32 +126,21 @@ spec: type: object type: array integrity: - description: Integrity specifies whether the backed up data of this - Repository has been corrupted or not type: boolean lastBackupTime: - description: LastBackupTime specifies the timestamp when the last - successful backup has been taken format: date-time type: string phase: - description: Phase represents the current state of the Repository. enum: - NotReady - Ready type: string recentSnapshots: - description: RecentSnapshots holds a list of recent Snapshot information - that has been taken in this Repository items: - description: SnapshotInfo specifies some basic information about - the Snapshots stored in this Repository properties: name: - description: Name represents the name of the Snapshot type: string phase: - description: Phase represents the phase of the Snapshot enum: - Pending - Running @@ -232,26 +148,17 @@ spec: - Failed type: string session: - description: Session represents the name of the session that - is responsible for this Snapshot type: string size: - description: Size represents the size of the Snapshot type: string snapshotTime: - description: SnapshotTime represents the time when this Snapshot - was taken format: date-time type: string type: object type: array size: - description: Size specifies the amount of backed up data stored in - the Repository type: string snapshotCount: - description: SnapshotCount specifies the number of current Snapshots - stored in this Repository format: int32 type: integer type: object diff --git a/vendor/kubestash.dev/apimachinery/crds/storage.kubestash.com_retentionpolicies.yaml b/vendor/kubestash.dev/apimachinery/crds/storage.kubestash.com_retentionpolicies.yaml index f43ba5ff..78299b6f 100644 --- a/vendor/kubestash.dev/apimachinery/crds/storage.kubestash.com_retentionpolicies.yaml +++ b/vendor/kubestash.dev/apimachinery/crds/storage.kubestash.com_retentionpolicies.yaml @@ -30,140 +30,68 @@ spec: name: v1alpha1 schema: openAPIV3Schema: - description: RetentionPolicy specifies how the old Snapshots should be cleaned - up. This is a namespaced CRD. However, you can refer it from other namespaces - as long as it is permitted via `.spec.usagePolicy`. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: RetentionPolicySpec defines the policy of cleaning old Snapshots properties: default: - description: Default specifies whether to use this RetentionPolicy - as a default RetentionPolicy for the current namespace as well as - the permitted namespaces. One namespace can have at most one default - RetentionPolicy configured. type: boolean failedSnapshots: - description: FailedSnapshots specifies how many failed Snapshots should - be kept. properties: last: default: 1 - description: Last specifies how many last failed Snapshots should - be kept. By default, KubeStash will keep only the last 1 failed - Snapshot. format: int32 type: integer type: object maxRetentionPeriod: - description: "MaxRetentionPeriod specifies a duration up to which - the old Snapshots should be kept. KubeStash will remove all the - Snapshots that are older than the MaxRetentionPeriod. For example, - MaxRetentionPeriod of `30d` will keep only the Snapshots of last - 30 days. Sample duration format: - years: \t2y - months: \t6mo - - days: \t\t30d - hours: \t12h - minutes: \t30m You can also combine - the above durations. For example: 30d12h30m" type: string successfulSnapshots: - description: SuccessfulSnapshots specifies how many successful Snapshots - should be kept. properties: daily: - description: Daily specifies how many daily Snapshots should be - kept. format: int32 type: integer hourly: - description: Hourly specifies how many hourly Snapshots should - be kept. format: int32 type: integer last: - description: Last specifies how many last Snapshots should be - kept. format: int32 type: integer monthly: - description: Monthly specifies how many monthly Snapshots should - be kept. format: int32 type: integer weekly: - description: Weekly specifies how many weekly Snapshots should - be kept. format: int32 type: integer yearly: - description: Yearly specifies how many yearly Snapshots should - be kept. format: int32 type: integer type: object usagePolicy: - description: UsagePolicy specifies a policy of how this RetentionPolicy - will be used. For example, you can use `allowedNamespaces` policy - to restrict the usage of this RetentionPolicy to particular namespaces. - This field is optional. If you don't provide the usagePolicy, then - it can be used only from the current namespace. properties: allowedNamespaces: - description: AllowedNamespaces specifies which namespaces are - allowed to use the resource properties: from: default: Same - description: 'From indicates how to select the namespaces - that are allowed to use this resource. Possible values are: - * All: All namespaces can use this resource. * Selector: - Namespaces that matches the selector can use this resource. - * Same: Only current namespace can use the resource.' enum: - All - Selector - Same type: string selector: - description: Selector must be specified when From is set to - "Selector". In that case, only the selected namespaces are - allowed to use this resource. This field is ignored for - other values of "From". properties: matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. properties: key: - description: key is the label key that the selector - applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. items: type: string type: array @@ -177,11 +105,6 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic diff --git a/vendor/kubestash.dev/apimachinery/crds/storage.kubestash.com_snapshots.yaml b/vendor/kubestash.dev/apimachinery/crds/storage.kubestash.com_snapshots.yaml index f163f4f1..1658b021 100644 --- a/vendor/kubestash.dev/apimachinery/crds/storage.kubestash.com_snapshots.yaml +++ b/vendor/kubestash.dev/apimachinery/crds/storage.kubestash.com_snapshots.yaml @@ -39,125 +39,69 @@ spec: name: v1alpha1 schema: openAPIV3Schema: - description: Snapshot represents the state of a backup run to a particular - Repository. Multiple components of the same target may be backed up in the - same Snapshot. This is a namespaced CRD. It should be in the same namespace - as the respective Repository. KubeStash operator is responsible for creating - Snapshot CR. Snapshot is not supposed to be created/edited by the end user. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: SnapshotSpec specifies the information regarding the application - that is being backed up, the Repository where the backed up data is - being stored, and the session which is responsible for this snapshot - etc. properties: appRef: - description: AppRef specifies the reference of the application that - has been backed up in this Snapshot. properties: apiGroup: type: string kind: type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string required: - name type: object backupSession: - description: BackupSession represents the name of the respective BackupSession - which is responsible for this Snapshot. type: string deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what to do when you delete - a Snapshot CR. The valid values are: - "Delete": This will delete - just the Snapshot CR from the cluster but keep the backed up data - in the remote backend. This is the default behavior. - "WipeOut": - This will delete the Snapshot CR as well as the backed up data from - the backend.' enum: - Delete - WipeOut type: string paused: - description: Paused specifies whether the Snapshot is paused or not. - If the Snapshot is paused, KubeStash will not process any further - event for the Snapshot. type: boolean repository: - description: Repository specifies the name of the Repository where - this Snapshot is being stored. type: string session: - description: Session specifies the name of the session which is responsible - for this Snapshot type: string snapshotID: - description: 'SnapshotID represents a "Universally Unique Lexicographically - Sortable Identifier" (ULID) for the Snapshot. For more details about - ULID, please see: https://github.com/oklog/ulid' type: string type: - description: Type specifies whether this snapshot represents a full - or incremental backup type: string version: - description: Version denotes the respective data organization structure - inside the Repository type: string type: object status: - description: SnapshotStatus defines the observed state of Snapshot properties: components: additionalProperties: - description: Component represents the backup information of individual - components properties: driver: - description: Driver specifies the name of the tool that has - been used to upload the underlying backed up data enum: - Restic - WalG - VolumeSnapshotter type: string duration: - description: Duration specifies the total time taken to complete - the backup process for this component type: string error: - description: Error specifies the reason in case of backup failure - for the component type: string integrity: - description: Integrity represents the result of the restic repository - integrity check for this component type: boolean path: - description: Path specifies the path inside the Repository where - the backed up data for this component has been stored. This - path is relative to Repository path. type: string phase: - description: Phase represents the backup phase of the component enum: - Pending - Running @@ -165,87 +109,57 @@ spec: - Failed type: string resticStats: - description: ResticStats specifies the "Restic" driver specific - information items: - description: ResticStats specifies the "Restic" driver specific - information properties: + endTime: + format: date-time + type: string hostPath: - description: HostPath represents the backup path for which - restic snapshot is taken. type: string id: - description: Id represents the restic snapshot id type: string size: - description: Size represents the restic snapshot size + type: string + startTime: + format: date-time type: string uploaded: - description: Uploaded specifies the amount of data that - has been uploaded in the restic snapshot. type: string type: object type: array size: - description: Size represents the size of the restic repository - for this component type: string volumeSnapshotterStats: - description: VolumeSnapshotterStats specifies the "VolumeSnapshotter" - driver specific information items: - description: VolumeSnapshotterStats specifies the "VolumeSnapshotter" - driver specific information properties: hostPath: - description: HostPath represents the corresponding path - of PVC for which volumeSnapshot is created. type: string pvcName: - description: PVCName represents the backup PVC name for - which volumeSnapshot is created. type: string volumeSnapshotName: - description: VolumeSnapshotName represents the name of - created volumeSnapshot. type: string volumeSnapshotTime: - description: VolumeSnapshotTime indicates the timestamp - at which the volumeSnapshot was created. format: date-time type: string type: object type: array walGStats: - description: WalGStats specifies the "WalG" driver specific - information properties: databases: - description: Databases represents the list of target backup - databases. items: type: string type: array id: - description: Id represents the WalG snapshot ID. type: string startTime: - description: StartTime represents the WalG backup start - time. format: date-time type: string stopTime: - description: StopTime represents the WalG backup stop time. format: date-time type: string type: object walSegments: - description: WalSegments specifies a list of wall segment for - individual component items: - description: WalSegment specifies the "WalG" driver specific - information properties: end: format: date-time @@ -256,55 +170,26 @@ spec: type: object type: array type: object - description: Components represents the backup information of the individual - components of this Snapshot type: object x-kubernetes-map-type: granular conditions: - description: Conditions represents list of conditions regarding this - Snapshot items: - description: Condition defines an observation of a object operational - state. properties: lastTransitionTime: - description: Last time the condition transitioned from one status - to another. This should be when the underlying condition changed. - If that is not known, then using the time when the API field - changed is acceptable. format: date-time type: string message: - description: A human-readable message indicating details about - the transition. This field may be empty. type: string observedGeneration: - description: If set, this represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.condition[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. format: int64 type: integer reason: - description: The reason for the condition's last transition - in CamelCase. The specific API may choose whether this field - is considered a guaranteed API. This field may not be empty. type: string severity: - description: Severity provides an explicit classification of - Reason code, so the users or machines can immediately understand - the current situation and act accordingly. The Severity field - MUST be set only when Status=False. type: string status: - description: Status of the condition, one of True, False, Unknown. type: string type: - description: Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources - like Available, but because arbitrary util can be useful (see - .node.status.util), the ability to deconflict is important. type: string required: - lastTransitionTime @@ -313,16 +198,11 @@ spec: type: object type: array integrity: - description: Integrity represents whether the Snapshot data has been - corrupted or not type: boolean lastUpdateTime: - description: LastUpdateTime specifies the timestamp when this Snapshot - was last updated. format: date-time type: string phase: - description: Phase represents the backup state of this Snapshot enum: - Pending - Running @@ -330,21 +210,16 @@ spec: - Failed type: string size: - description: Size represents the size of the Snapshot type: string snapshotTime: - description: SnapshotTime represents the timestamp when this Snapshot - was taken. format: date-time type: string totalComponents: - description: TotalComponents represents the number of total components - for this Snapshot format: int32 type: integer + verificationSession: + type: string verificationStatus: - description: VerificationStatus specifies whether this Snapshot has - been verified or not enum: - Verified - NotVerified diff --git a/vendor/kubestash.dev/apimachinery/pkg/restic/backup.go b/vendor/kubestash.dev/apimachinery/pkg/restic/backup.go index 8b9589f2..bffe0ff2 100644 --- a/vendor/kubestash.dev/apimachinery/pkg/restic/backup.go +++ b/vendor/kubestash.dev/apimachinery/pkg/restic/backup.go @@ -18,6 +18,7 @@ package restic import ( "gomodules.xyz/pointer" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/errors" "sync" "time" @@ -38,6 +39,10 @@ func (w *ResticWrapper) RunBackup(backupOption BackupOptions) (*BackupOutput, er } else { hostStats.Phase = HostBackupSucceeded hostStats.Duration = time.Since(startTime).String() + st := metav1.Time{Time: startTime} + et := metav1.Now() + hostStats.StartTime = &st + hostStats.EndTime = &et } return &BackupOutput{ diff --git a/vendor/kubestash.dev/apimachinery/pkg/restic/types.go b/vendor/kubestash.dev/apimachinery/pkg/restic/types.go index 11043c8f..da2815f2 100644 --- a/vendor/kubestash.dev/apimachinery/pkg/restic/types.go +++ b/vendor/kubestash.dev/apimachinery/pkg/restic/types.go @@ -16,6 +16,8 @@ limitations under the License. package restic +import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + type HostRestorePhase string const ( @@ -61,6 +63,12 @@ type HostBackupStats struct { // Error indicates string value of error in case of backup failure // +optional Error string `json:"error,omitempty"` + // StartTime indicates when the backup is triggered + // +optional + StartTime *metav1.Time `json:"startTime,omitempty"` + // EndTime indicates when the backup is executed successfully + // +optional + EndTime *metav1.Time `json:"endTime,omitempty"` } type SnapshotStats struct { diff --git a/vendor/modules.txt b/vendor/modules.txt index 8f07ec3c..23e6898e 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -313,8 +313,8 @@ github.com/codegangsta/inject # github.com/cpuguy83/go-md2man/v2 v2.0.3 ## explicit; go 1.11 github.com/cpuguy83/go-md2man/v2/md2man -# github.com/cyphar/filepath-securejoin v0.2.4 -## explicit; go 1.13 +# github.com/cyphar/filepath-securejoin v0.3.4 +## explicit; go 1.21 github.com/cyphar/filepath-securejoin # github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc ## explicit @@ -1069,6 +1069,9 @@ k8s.io/apimachinery/pkg/watch k8s.io/apimachinery/third_party/forked/golang/json k8s.io/apimachinery/third_party/forked/golang/netutil k8s.io/apimachinery/third_party/forked/golang/reflect +# k8s.io/apiserver v0.30.2 => github.com/kmodules/apiserver v0.30.2-0.20240519082755-d7b8c2d9e699 +## explicit; go 1.22.0 +k8s.io/apiserver/pkg/authentication/user # k8s.io/cli-runtime v0.30.1 ## explicit; go 1.22.0 k8s.io/cli-runtime/pkg/genericclioptions @@ -1342,7 +1345,7 @@ k8s.io/utils/pointer k8s.io/utils/ptr k8s.io/utils/strings/slices k8s.io/utils/trace -# kmodules.xyz/client-go v0.30.17 +# kmodules.xyz/client-go v0.30.40 ## explicit; go 1.22.0 kmodules.xyz/client-go kmodules.xyz/client-go/api/v1 @@ -1362,7 +1365,7 @@ kmodules.xyz/offshoot-api/api/v1 # kmodules.xyz/prober v0.29.0 ## explicit; go 1.21.5 kmodules.xyz/prober/api/v1 -# kubestash.dev/apimachinery v0.13.0 +# kubestash.dev/apimachinery v0.14.0 ## explicit; go 1.22.0 kubestash.dev/apimachinery/apis kubestash.dev/apimachinery/apis/addons/v1alpha1